How is Privacy by Design implemented in EUDI Wallets?

The EUDI Wallet implements Privacy by Design through multiple architectural decisions: data is stored locally on the user device rather than in centralized databases, selective disclosure allows users to share only the specific attributes needed for each transaction, unlinkability prevents different verifiers from correlating user activities, and user consent is required before any data sharing. The wallet architecture ensures that the wallet provider cannot observe or track user transactions.

What are the seven foundational principles of Privacy by Design?

The seven principles, developed by Ann Cavoukian, are: (1) Proactive not reactive, (2) Privacy as the default setting, (3) Privacy embedded into design, (4) Full functionality with positive-sum not zero-sum approach, (5) End-to-end security for full lifecycle protection, (6) Visibility and transparency, and (7) Respect for user privacy with user-centric design. The EUDI Wallet addresses all seven principles through its decentralized architecture and user-controlled data sharing model.

How does Privacy by Design relate to GDPR?

GDPR Article 25 legally mandates data protection by design and by default. Controllers must implement appropriate technical and organizational measures to integrate data protection into processing activities. For the EUDI Wallet, this means that privacy considerations must be addressed at every stage from initial architecture design through implementation, testing, deployment, and ongoing operations. Failure to implement privacy by design can result in significant GDPR fines.

What is the difference between Privacy by Design and Privacy by Default?

Privacy by Design means building privacy into the system architecture from the start. Privacy by Default means that the strictest privacy settings apply automatically without requiring user action. In the EUDI Wallet, privacy by default means that no data is shared without explicit user consent, the minimum necessary data is requested by default, and session data is automatically cleared after transactions complete.

Privacy by Design (Privacy by Design and Default)

Privacy by Design

privacy

Full Name: Privacy by Design and Default

Definition

Privacy by Design is a framework that requires privacy considerations to be embedded into the design, operation, and management of information technologies and systems throughout their entire lifecycle. Originally developed by Dr. Ann Cavoukian, former Information and Privacy Commissioner of Ontario, Canada, the concept became a legally binding requirement in the European Union through GDPR Article 25. For the EUDI Wallet, Privacy by Design is not merely a best practice but a fundamental architectural principle that shapes every aspect of how the wallet stores, processes, and shares personal identity data across the European digital identity ecosystem.

Privacy by Design in the EUDI Wallet Architecture

The EUDI Wallet architecture embodies Privacy by Design through its decentralized, user-centric model. Unlike centralized identity systems where a single authority stores and manages all user data, the EUDI Wallet stores credentials locally on the user's device. This means there is no central database of citizen identity information that could be breached, leaked, or surveilled. The user maintains direct control over their personal data at all times.

Selective disclosure is one of the most powerful Privacy by Design features of the EUDI Wallet. When a verifier requests information, users can choose to share only the specific attributes needed. For example, when proving eligibility to purchase age-restricted products, the wallet can confirm that the user is over 18 without revealing their exact birthdate, name, or address. This data minimization approach ensures that verifiers never receive more personal information than strictly necessary.

The wallet architecture also implements unlinkability, ensuring that different verifiers cannot correlate a user's transactions to build a complete profile. Each credential presentation uses unique session identifiers, preventing a scenario where a bar, a bank, and a government office could combine their records to track an individual's movements and activities.

The Seven Foundational Principles

The EUDI Wallet addresses all seven foundational principles of Privacy by Design. Proactive prevention means that privacy risks are identified and mitigated during the design phase through threat modeling and privacy impact assessments. Privacy as the default setting ensures that the wallet shares no data without explicit user consent and that the minimum necessary data is included in each presentation.

Privacy embedded into design is reflected in the architecture itself, with local data storage, end-to-end encryption, and secure enclave key management built into the core specification. Full functionality ensures that privacy does not come at the cost of usability; the wallet must be as convenient as showing a physical ID card while providing far superior privacy protections. End-to-end security covers the entire credential lifecycle from issuance through storage, presentation, and eventual deletion.

Visibility and transparency require that the wallet clearly communicates what data is being requested, by whom, and for what purpose before each transaction. Users must be able to review their transaction history and understand what information has been shared. Respect for user privacy places the individual at the center of the system, with the wallet acting as their agent rather than as a tool of the government or private sector.

Legal Requirements and Compliance

GDPR Article 25 requires data controllers to implement appropriate technical and organizational measures both at the time of determining the means for processing and at the time of the processing itself. For EUDI Wallet providers, this means conducting Data Protection Impact Assessments (DPIAs) before deployment, implementing privacy-enhancing technologies like zero-knowledge proofs where feasible, and ensuring that the default configuration of the wallet maximizes privacy protection.

The eIDAS 2.0 regulation reinforces these requirements by explicitly mandating that the EUDI Wallet must not allow wallet providers to collect information about user transactions, must support selective disclosure, and must enable pseudonymous authentication where full identification is not required. These regulatory requirements transform Privacy by Design from an abstract principle into concrete, enforceable technical specifications.

Member states implementing the EUDI Wallet must demonstrate compliance with both GDPR and eIDAS 2.0 privacy requirements through independent audits and certifications. The European Data Protection Board (EDPB) provides guidance on how these requirements should be interpreted and implemented in the context of digital identity wallets, ensuring consistent privacy protections across all 27 member states.

What is Privacy by Design?

Privacy by Design: Privacy by Design and Default

Privacy by Design

Definition

Privacy by Design in the EUDI Wallet Architecture

The Seven Foundational Principles

Legal Requirements and Compliance

Related Terms

GDPR

Data Minimization

Purpose Limitation

Frequently Asked Questions

Related Guides

→ Glossary Index

→ GDPR

→ Data Minimization

→ Purpose Limitation

Sources

⚠️ Independent Information