Data Minimization: A Core Privacy Principle in the EUDI Wallet

Data minimization is one of the seven fundamental principles of the GDPR, codified in Article 5(1)(c). It requires that personal data be "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed." In the EUDI Wallet ecosystem, data minimization is not just a legal requirement but a core architectural principle. Through selective disclosure technology, users can share precisely the information needed for a transaction -- nothing more, nothing less -- while verifiers still receive cryptographic proof that the shared data is authentic.

The EUDI Wallet achieves data minimization through selective disclosure, where individual attributes within a credential can be independently revealed or hidden. The two supported credential formats each implement this differently:

SD-JWT (Selective Disclosure JWT): Each attribute in the credential is individually salted and hashed. The credential contains only the hashes; the actual values are provided as separate "disclosures." When presenting the credential, the wallet includes only the disclosures for attributes the user chooses to reveal. The verifier can confirm each disclosed value matches its hash in the signed credential, but cannot determine the values of undisclosed attributes.

ISO mdoc: The mdoc format organizes data into namespaces and data elements. During presentation, the wallet selects which data elements to include in the response. The issuer signature covers all elements, but the presentation proof only reveals the selected ones. A reader device at a bar can receive only the "age_over_18" element without learning the person's name, exact birth date, or address.

Both formats ensure that partial disclosures remain cryptographically verifiable. The verifier knows the shared attributes are genuinely part of the issuer-signed credential, not fabricated by the user. This is the critical innovation that makes data minimization practical in identity systems.

• •Age verification at a bar: Instead of showing a full ID card (name, address, photo, ID number), the wallet shares only "age_over_18: true" -- a single boolean value derived from the date of birth without revealing it.
• •Car rental: The rental company needs to verify the driver has a valid license category B. The wallet shares the license validity and category without revealing the driver's address, medical restrictions on other categories, or penalty points.
• •Online account creation: A website needs to verify the user is a real person in the EU. The wallet shares nationality and a pseudonymous identifier without revealing name, date of birth, or address.
• •University enrollment: A university needs to verify a student's previous diploma. The wallet shares the diploma credential (institution, degree, date) without revealing the student's home address or national ID number.

The eIDAS 2.0 regulation reinforces data minimization beyond the GDPR baseline. Article 5a specifically requires that relying parties request only the attributes strictly necessary for the service they provide. The regulation creates enforceable obligations: verifiers must register their data needs, wallets must transparently display all requested attributes, and supervisory authorities can investigate complaints about excessive data collection.

Data Protection Authorities (DPAs) across the EU are expected to actively monitor EUDI Wallet data flows. The wallet's built-in consent logging creates an audit trail that makes violations detectable. If a nightclub consistently requests full name and address for a simple age check, the pattern becomes visible in aggregated complaint data, enabling regulatory action. This accountability loop makes data minimization practically enforceable rather than merely aspirational.