The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets
Saved in:
| Title: | The impact of zero-knowledge proofs on data minimisation compliance of digital identity wallets |
|---|---|
| Authors: | Podda, Emanuela, Hölzmer, Pol, Amard, Alexandre, Sedlmeir, Johannes, Fridgen, Gilbert |
| Contributors: | Dubois (Frédéric) |
| Source: | Internet Policy Review, Vol 14, Iss 3 (2025) |
| Publisher Information: | Internet Policy Review, Alexander von Humboldt Institute for Internet and Society, 2025. |
| Publication Year: | 2025 |
| Subject Terms: | Information theory, Internet Policy, Zeroknowledge proofs, ddc:300, Social Sciences, Commerce, communications & transportation, Electronic attestation, Electronic identification, Computer science, knowledge & systems, eIDAS, Q300-390, GDPR, Q350-390, Zero-knowledge proofs, Cybernetics |
| Description: | The recent amendment to the European eIDAS Regulation has established the European Digital Identity Framework, which introduces electronic attestations of attributes. Technically, these attestations involve auxiliary information to ensure their verifiability, leading to the generation, processing, and storage of more than just personal data. In particular, this auxiliary information contains globally unique information that can be misused as personal identifiers and poses risks to the privacy of individuals engaging in transactions using a European Digital Identity Wallet. As such, they create tension with the principle of data minimisation under the General Data Protection Regulation (GDPR). On the positive side, privacy-enhancing technologies, especially zero-knowledge proofs (ZKPs), are rapidly advancing and capable of addressing this tension. In this paper, we analyse the impact of the availability of these techniques on legal compatibility in the European electronic identification context and explore the tension field between the technical requirements of the digital identity wallet and the GDPR’s data minimisation principle. We illustrate this dynamic through the specific examples of cryptographic data processed to ensure the authenticity and integrity of attributes' electronic attestations and shed light on how ZKPs can support legal compliance. This paper contributes to the privacy-oriented electronic identity management literature by providing policy and technical recommendations for achieving data minimisation compliance. We emphasise the necessity for regulatory bodies to enforce the use of advanced solutions like ZKPs to achieve unlinkability and unobservability. Accelerating the standardisation of these technologies is crucial for safeguarding user privacy and achieving seamless regulatory compliance in digital identity systems. |
| Document Type: | Article |
| File Description: | application/html |
| ISSN: | 2197-6775 |
| DOI: | 10.14763/2025.3.2019 |
| Access URL: | https://doaj.org/article/064ba2ca45ea4a46959b67107d4b2bb3 https://policyreview.info/node/2019 https://hdl.handle.net/10419/324162 |
| Rights: | CC BY URL: http://creativecommons.org/licenses/by/3.0/de/deed.en |
| Accession Number: | edsair.doi.dedup.....a76091ba7454d2e66a0e494e413c3d93 |
| Database: | OpenAIRE |
Full Text Finder 
Nájsť tento článok vo Web of Science | Abstract: | The recent amendment to the European eIDAS Regulation has established the European Digital Identity Framework, which introduces electronic attestations of attributes. Technically, these attestations involve auxiliary information to ensure their verifiability, leading to the generation, processing, and storage of more than just personal data. In particular, this auxiliary information contains globally unique information that can be misused as personal identifiers and poses risks to the privacy of individuals engaging in transactions using a European Digital Identity Wallet. As such, they create tension with the principle of data minimisation under the General Data Protection Regulation (GDPR). On the positive side, privacy-enhancing technologies, especially zero-knowledge proofs (ZKPs), are rapidly advancing and capable of addressing this tension. In this paper, we analyse the impact of the availability of these techniques on legal compatibility in the European electronic identification context and explore the tension field between the technical requirements of the digital identity wallet and the GDPR’s data minimisation principle. We illustrate this dynamic through the specific examples of cryptographic data processed to ensure the authenticity and integrity of attributes' electronic attestations and shed light on how ZKPs can support legal compliance. This paper contributes to the privacy-oriented electronic identity management literature by providing policy and technical recommendations for achieving data minimisation compliance. We emphasise the necessity for regulatory bodies to enforce the use of advanced solutions like ZKPs to achieve unlinkability and unobservability. Accelerating the standardisation of these technologies is crucial for safeguarding user privacy and achieving seamless regulatory compliance in digital identity systems. |
|---|---|
| ISSN: | 21976775 |
| DOI: | 10.14763/2025.3.2019 |