The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets
The recent amendment to the European eIDAS Regulation has established the European Digital Identity Framework, which introduces electronic attestations of attributes. Technically, these attestations involve auxiliary information to ensure their verifiability, leading to the generation, processing, a...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Alexander von Humboldt Institute for Internet and Society
2025-07-01
|
| Series: | Internet Policy Review |
| Subjects: | |
| Online Access: | https://policyreview.info/node/2019 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850068588408340480 |
|---|---|
| author | Emanuela Podda Pol Hölzmer Alexandre Amard Johannes Sedlmeir Gilbert Fridgen |
| author_facet | Emanuela Podda Pol Hölzmer Alexandre Amard Johannes Sedlmeir Gilbert Fridgen |
| author_sort | Emanuela Podda |
| collection | DOAJ |
| description | The recent amendment to the European eIDAS Regulation has established the European Digital Identity Framework, which introduces electronic attestations of attributes. Technically, these attestations involve auxiliary information to ensure their verifiability, leading to the generation, processing, and storage of more than just personal data. In particular, this auxiliary information contains globally unique information that can be misused as personal identifiers and poses risks to the privacy of individuals engaging in transactions using a European Digital Identity Wallet. As such, they create tension with the principle of data minimisation under the General Data Protection Regulation (GDPR). On the positive side, privacy-enhancing technologies, especially zero-knowledge proofs (ZKPs), are rapidly advancing and capable of addressing this tension. In this paper, we analyse the impact of the availability of these techniques on legal compatibility in the European electronic identification context and explore the tension field between the technical requirements of the digital identity wallet and the GDPR’s data minimisation principle. We illustrate this dynamic through the specific examples of cryptographic data processed to ensure the authenticity and integrity of attributes' electronic attestations and shed light on how ZKPs can support legal compliance. This paper contributes to the privacy-oriented electronic identity management literature by providing policy and technical recommendations for achieving data minimisation compliance. We emphasise the necessity for regulatory bodies to enforce the use of advanced solutions like ZKPs to achieve unlinkability and unobservability. Accelerating the standardisation of these technologies is crucial for safeguarding user privacy and achieving seamless regulatory compliance in digital identity systems. |
| format | Article |
| id | doaj-art-064ba2ca45ea4a46959b67107d4b2bb3 |
| institution | DOAJ |
| issn | 2197-6775 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Alexander von Humboldt Institute for Internet and Society |
| record_format | Article |
| series | Internet Policy Review |
| spelling | doaj-art-064ba2ca45ea4a46959b67107d4b2bb32025-08-20T02:48:01ZengAlexander von Humboldt Institute for Internet and SocietyInternet Policy Review2197-67752025-07-0114310.14763/2025.3.2019 The impact of zero-knowledge proofs on data minimisation compliance of digital identity walletsEmanuela Podda0Pol Hölzmer1Alexandre Amard2Johannes Sedlmeir3Gilbert Fridgen4Università degli Studi di MilanoUniversity of LuxembourgUniversity of LuxembourgUniversity of MünsterUniversity of LuxembourgThe recent amendment to the European eIDAS Regulation has established the European Digital Identity Framework, which introduces electronic attestations of attributes. Technically, these attestations involve auxiliary information to ensure their verifiability, leading to the generation, processing, and storage of more than just personal data. In particular, this auxiliary information contains globally unique information that can be misused as personal identifiers and poses risks to the privacy of individuals engaging in transactions using a European Digital Identity Wallet. As such, they create tension with the principle of data minimisation under the General Data Protection Regulation (GDPR). On the positive side, privacy-enhancing technologies, especially zero-knowledge proofs (ZKPs), are rapidly advancing and capable of addressing this tension. In this paper, we analyse the impact of the availability of these techniques on legal compatibility in the European electronic identification context and explore the tension field between the technical requirements of the digital identity wallet and the GDPR’s data minimisation principle. We illustrate this dynamic through the specific examples of cryptographic data processed to ensure the authenticity and integrity of attributes' electronic attestations and shed light on how ZKPs can support legal compliance. This paper contributes to the privacy-oriented electronic identity management literature by providing policy and technical recommendations for achieving data minimisation compliance. We emphasise the necessity for regulatory bodies to enforce the use of advanced solutions like ZKPs to achieve unlinkability and unobservability. Accelerating the standardisation of these technologies is crucial for safeguarding user privacy and achieving seamless regulatory compliance in digital identity systems.https://policyreview.info/node/2019Electronic attestationElectronic identificationeIDASGDPRZero-knowledge proofs |
| spellingShingle | Emanuela Podda Pol Hölzmer Alexandre Amard Johannes Sedlmeir Gilbert Fridgen The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets Internet Policy Review Electronic attestation Electronic identification eIDAS GDPR Zero-knowledge proofs |
| title | The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets |
| title_full | The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets |
| title_fullStr | The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets |
| title_full_unstemmed | The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets |
| title_short | The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets |
| title_sort | impact of zero knowledge proofs on data minimisation compliance of digital identity wallets |
| topic | Electronic attestation Electronic identification eIDAS GDPR Zero-knowledge proofs |
| url | https://policyreview.info/node/2019 |
| work_keys_str_mv | AT emanuelapodda theimpactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT polholzmer theimpactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT alexandreamard theimpactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT johannessedlmeir theimpactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT gilbertfridgen theimpactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT emanuelapodda impactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT polholzmer impactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT alexandreamard impactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT johannessedlmeir impactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets AT gilbertfridgen impactofzeroknowledgeproofsondataminimisationcomplianceofdigitalidentitywallets |