How does pseudonymization work in EUDI Wallets?

EUDI Wallets generate unique pseudonymous identifiers for each relying party interaction. Instead of sharing a universal identifier across all services, the wallet creates context-specific pseudonyms that prevent different verifiers from correlating user activities. For example, the identifier presented to a bank differs from the one presented to a government portal, making it impossible for these entities to link the same user across their systems without additional information.

What is the difference between pseudonymization and anonymization?

Pseudonymization replaces identifying attributes with artificial identifiers while maintaining the ability to re-identify the data subject using separately stored additional information. Anonymization permanently removes all identifying information, making re-identification impossible. GDPR applies to pseudonymized data but not to truly anonymized data. The EUDI Wallet primarily uses pseudonymization because credential verification inherently requires some form of identity linkage.

Is pseudonymized data still personal data under GDPR?

Yes. GDPR Recital 26 explicitly states that pseudonymized data remains personal data because re-identification is possible using the additional information. This means all GDPR requirements including data subject rights, lawful basis for processing, and security measures still apply to pseudonymized data processed by EUDI Wallet relying parties. However, GDPR recognizes pseudonymization as an appropriate safeguard that can support compliance with various principles.

How does pseudonymization support the principle of data minimization?

Pseudonymization supports data minimization by reducing the identifiability of personal data in processing activities where full identification is not necessary. When a relying party needs to verify a credential but does not need to know the user real identity, pseudonymous identifiers allow the verification to proceed without exposing unnecessary personal data. This aligns with the EUDI Wallet principle of sharing the minimum data required for each transaction.

Pseudonymization (Data Pseudonymization)

Pseudonymization

privacy

Full Name: Data Pseudonymization

Definition

Pseudonymization, as defined in GDPR Article 4(5), is the processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. In the EUDI Wallet ecosystem, pseudonymization is a key privacy-preserving technique that allows users to interact with services while minimizing the exposure of their real identity, supporting both the GDPR data protection framework and the eIDAS 2.0 privacy requirements.

Pseudonymization Techniques in Digital Identity

Several pseudonymization techniques are relevant to the EUDI Wallet. Pairwise pseudonymous identifiers generate a unique identifier for each user-relying party relationship, ensuring that the same user receives different pseudonyms when interacting with different services. This prevents cross-service tracking and profiling, a fundamental privacy requirement of the eIDAS 2.0 regulation.

Cryptographic pseudonymization uses techniques like key-dependent hashing to transform identifying information into pseudonyms. The original identity can only be recovered using a secret key, which in the EUDI Wallet context is protected within the device's secure enclave. Advanced techniques like blinded signatures and group signatures can provide even stronger pseudonymization guarantees while maintaining the ability to verify credential authenticity.

Tokenization, a specific form of pseudonymization commonly used in payment systems, replaces sensitive data elements with non-sensitive tokens. In the EUDI Wallet, similar approaches can be used to replace personal identifiers with tokens that are meaningful only within a specific transaction context, reducing the risk of data exposure if transaction records are compromised.

EUDI Wallet Implementation

The EUDI Wallet implements pseudonymization at multiple levels. At the protocol level, each credential presentation can use a different session identifier, preventing relying parties from linking presentations across different sessions. At the credential level, the wallet can present pseudonymous attributes derived from the underlying identity data, such as an age-range confirmation instead of an exact birthdate.

The Architecture and Reference Framework (ARF) specifies that wallet providers must not be able to correlate user transactions. This requirement effectively mandates that the technical infrastructure supporting pseudonymization is independent of the wallet provider's systems. The pseudonym generation and management must happen within the user's device, with the wallet provider having no visibility into which pseudonyms correspond to which users.

For scenarios where long-term pseudonymous relationships are needed, such as ongoing customer relationships with a bank, the wallet can maintain persistent pseudonymous identifiers specific to that relationship. The bank can recognize the returning customer through their consistent pseudonym without the wallet exposing the user's real identity to other services. If the user terminates the relationship, the pseudonym can be invalidated without affecting their identity in other contexts.

Legal Framework and GDPR Compliance

GDPR treats pseudonymization as an important safeguard but not a complete solution for data protection. Pseudonymized data remains personal data because the possibility of re-identification exists. However, GDPR explicitly encourages pseudonymization in several contexts: Article 25 includes it as a data protection by design measure, Article 32 lists it as an appropriate security measure, and Article 89 allows relaxed requirements for research using pseudonymized data.

For EUDI Wallet relying parties, properly implementing pseudonymization can demonstrate compliance with GDPR principles including data minimization, storage limitation, and integrity and confidentiality. The European Data Protection Board (EDPB) has emphasized that pseudonymization should be combined with other technical and organizational measures rather than relied upon as a standalone protection mechanism.

The re-identification key, which links pseudonyms back to real identities, must be protected with the highest level of security. In the EUDI Wallet model, this key is effectively the user's private key stored in the secure enclave. The separation between the pseudonymous data (held by relying parties) and the re-identification capability (held exclusively by the user) creates a strong pseudonymization architecture that aligns with both the letter and spirit of GDPR.

What is Pseudonymization?

Pseudonymization: Data Pseudonymization

Pseudonymization

Definition

Pseudonymization Techniques in Digital Identity

EUDI Wallet Implementation

Legal Framework and GDPR Compliance

Related Terms

Anonymization

GDPR

Unlinkability

Frequently Asked Questions

Verwandte Leitfäden

→ Glossary Index

→ Anonymization

→ GDPR

→ Unlinkability

Quellen

⚠️ Independent Information