Our views on
privacy
Privacy is not a feature — it’s a value
A digital society only works if people can trust it. Generative AI has accelerated innovation, but it has also lowered the cost of deception.
Synthetic videos can impersonate family members or customer‑service agents; deepfake images can smear reputations in hours. When the line between genuine and fabricated blurs, citizens hesitate to transact, journalists struggle to verify, and public trust corrodes.
That loss of trust is much more than an online inconvenience: it’s a civic risk that erodes participation in this new digital society and weakens the capacity to modernize.
The damage is personal, too. Mass data leaks turn everyday life into a security gauntlet. Once your identifiers, addresses, and credentials are scattered across breached databases, criminals combine them into convincing phishing scams, SIM‑swaps, and account takeovers. The costs – financial loss, months of remediation, persistent anxiety – are impacting us personally: you, me, our families, our friends. This is untenable.
Privacy is the antidote: collect less, disclose less, and there will be less to misuse.
Where eIDAS 2.0 changes the game
The revised eIDAS framework gives Europe a different default: control over your data, sharing proofs instead of copies.
The EU Digital Identity Wallet lets you prove facts. Rather than sharing your Date of birth, just prove “over 18,” or instead of your full address, just prove “resident,” or prove “licensed professional” instead of all your professional history.
Just share proofs, without handing over documents that can be hoarded, resold, or breached. Your information stays with you until you choose to share it, and each share requires explicit consent. Relying parties receive a cryptographic confirmation, not a new file to store.
The net effect is a radically smaller attack surface, fewer breaches, less fraud, less scams.
Privacy must be built in
Services should ask only for what is necessary to deliver a specific outcome, and selective disclosure enables exactly that. Pseudonymous, pairwise identifiers reduce cross‑service tracking; stronger authentication and signed attestations make phishing and deepfake‑driven fraud easier to detect and harder to monetize. In short, eIDAS 2.0 aligns incentives so that privacy and security reinforce one another.
Sovereignty
At Sphereon, we believe privacy is a value and inseparable from Europe’s vision of technological sovereignty.
Sovereignty is not about who owns the platforms; it’s about open, interoperable infrastructure that reduces dependency and putting the subject – the individual or organization the data is about – in control of their own data.
Freedom of choice is fundamental.
But, using an EU Digital Identity Wallet is a right, not an obligation; you can start or stop at any time. There are mandatory rules that guarantee citizens access to all services , also without an EU Digital Identity Wallet.
Member States must provide at least one wallet free of charge to natural persons, but there will be several wallets for the user to choose from.
Our commitment, how we make “privacy‑first” real
- Minimise by design. We replace raw documents with derived, yes/no proofs and share only the attributes required for a decision. No dates of birth when a simple “18+” suffices.
- Consent with a lifecycle. Every disclosure is purpose‑bound, transparent, and revocable. Users get clear receipts and a dashboard view of what was shared, with whom, why and when.
- Unlinkability as a default. We use pairwise, rotating identifiers and least‑revealing presentations so transactions at one service can’t be trivially correlated with another.
- Open standards, no lock‑in. We implement widely endorsed protocols and data models so credentials work across borders and vendors. Portability is a safeguard against monopoly and a catalyst for innovation.
- Security you can verify. Hardware‑backed keys where available, phishing‑resistant authentication, encrypted local storage, and defence‑in‑depth against replay and cloning; measures that protect both citizens and relying parties.
- No data processing, minimal telemetry. We do not process, store, or keep any user data. There is nothing for us to share with or sell to others. We only collect telemetry that’s necessary to monitor and provide the service, nothing more.
- Governance and assurance. DPIAs, threat modelling, independent audits, and certification‑readiness are part of delivery, not afterthoughts. Trust is earned in design reviews as much as in code.
- Inclusive by default. Accessible UX, multi-lingual, multiple proof paths (online and offline), and clear language, because privacy that isn’t usable isn’t privacy at all.
The path forward is clear: move from data hoarding to verifiable claims; from surveillance‑ready architectures to citizen‑controlled wallets; from opaque platforms to open, interoperable infrastructure. That’s how we and Europe restore trust in the digital sphere, and how we, at Sphereon, measure our work. Your identity, your data, your choice.
Our mission is to make that choice safer, simpler, and truly yours.