The identity card of a natural or legal person is a universal and necessary identification tool.
However, when applied to online exchanges, this type of "physical medium" identity document is completely ineffective. In view of the increase in online exchanges and transactions, the public authorities have been interested in establishing a digital identification process that would make these transactions secure.
It is a question of adapting to the generalisation of dematerialised exchanges and of mitigating the increased risks of cybercrime, such as identity theft, which today accounts for 54% of offences on the Internet.
Until now, only the electronic signature has been regulated by national and European legislation. Considering this framework to be insufficient, the European Union has adopted a regulation on electronic identification and trust services in order to provide a more favourable and secure framework for electronic exchanges. This regulation will enter into force on 1 July 2016.
The various identification procedures provided for in the Regulation
So while the European Regulation does not expressly provide for a "digital identity card", it does refer to the notion of "standard digital certificates". However, the idea is the same, since it is a question of creating a proof of identity adapted to the digital format.
In order to make this process efficient, and to meet the objective of securing online transactions, it is planned that these certificates will be issued by "Trusted Third Parties", approved at the European or French level. These may, for example, be bailiffs, who will be in charge of carrying out the necessary steps to verify and ensure the identity of persons wishing to obtain such a certificate.
Such a process goes further than the simple electronic signature that we are familiar with, since it will allow, for example, when sending an email, to securely verify the sender's personal information.
Another mechanism has been set up to combat professional card fraud. This is called a "secure 2D" code, which in practice looks like a flashcode, which, once "flashed", will reveal the information thus sealed.
Finding the right balance between security and privacy
So, while these measures are welcome in view of the increase in exchanges on the Internet, of all types (personal, professional, paid, free, etc.), we must nevertheless raise the conflict between this objective of cyber security and the preservation of privacy and personal data.
Indeed, it is all the same a question of collecting personal information on each person and allowing their identification. If such a system is already possible with the legal procedures allowing to obtain the identity of a person behind his IP address, it seems that the generalization of a "digital identity card" will reverse the current dynamics that exist on the Internet and online anonymity will then become an exception.
In addition, the European regulation provides that the processing of personal data will be done in accordance with the European directive in force in this area (Directive 95/46/EC).
But, without further precision, it is the notion of "fair balance", so omnipresent in European Union law, that will intervene to circumscribe each objective. However, this is a very vague cursor for a real risk of infringement of the Fundamental Right of protection of privacy. Once again, the objective of preserving privacy could be undermined in order to ensure the safety of Internet users.