Skip to content
Deutschland Flagge

Official Website – Federal Republic of Germany

Secure Digital Identification: Data Protection in the EUDI Wallet

People are exchanging identification cards
© Felix Adler

With the introduction of the EUDI Wallet, a central question arises: How secure is personal data, and who has access to it? The clear answer: Data protection and user sovereignty are not an add-on but firmly embedded in the architecture of the EUDI Wallet.

Targeted Disclosure instead of Blanket Data Retrieval

In the EUDI Wallet, data is stored exclusively locally on users' own devices and is only shared when users explicitly consent. At the core lies the digital ID card along with further verified digital credentials, which are issued by designated authorities, cryptographically protected against forgery, and securely stored in the wallet. Storage and sharing are always purpose bound. This means: If users need to share a credential for a service, for example regarding professional qualifications or a valid driver's license, they can present it specifically to so-called Relying Parties such as banks or public authorities. The required information is transmitted in encrypted form only after users' active consent.

In doing so, the Wallet consistently supports the principle of data minimization in accordance with eIDAS 2.0. It is not necessary to share complete data sets; instead, by means of "selective disclosure," exactly the information that is required can be shared (such as a "yes/no" confirmation of legal age instead of the full date of birth). This also means in in-person-scenarios, the Wallet raises data protection to a new level, since traditional credentials do not offer such capabilities.

Users also know exactly with whom they are sharing data, as every Relying Party is identified before being authorized for the ecosystem. And should users ever feel that something is not as it should be, they have the option to file a complaint with the competent data protection authority.

Decentralized by Design and Technically Protected

The architecture of the EUDI Wallet is deliberately designed to be decentralized. Different and independent roles ensure that control and data are not concentrated in a single entity. No single actor has a complete picture of users' activities. For example, the issuer of the digital ID card is operated by a different organization than the national EUDI Wallet.

Thus, data in the EUDI Wallet is protected through modern encryption, minimal data sharing, full transparency, and the consistent avoidance of profiling. The interplay of these mechanisms with a decentralized system architecture enables the development of a digital identity infrastructure that builds trust and consistently prioritizes security and self-determined action.