- Consent records and privacy principles in eIDAS2 wallet
E-Privacy
- EUDI Wallet (eIDAS2) held personal data access control
Electronic identification and trust services (including e-signature)
- This fellowship directly contributes to strengthening the ICT Standards landscape in two key areas: digital identity access control and lawful data processing under GDPR
E-Privacy
My work has a direct impact on European SMEs and society. By contributing to standards like ISO/IEC 27560 and the EUDI Wallet Access Control in CEN TC224/WG20, I help create practical, privacy-focused frameworks that SMEs can adopt with minimal cost and complexity. These standards enable GDPR-compliant consent, transparency, and data minimization, reducing legal risk and building user trust.
In terms of broader European interests, my fellowship contributes to EU goals of digital sovereignty, user empowerment, and privacy leadership on the global stage. As the EUDI wallet is adopted across Europe, this framework will provide a scalable model for data protection and user-centric identity management that can be extended beyond digital wallets to other data-sharing contexts, enhancing Europe’s role as a privacy leader. With data privacy becoming a key competitive factor, this initiative not only strengthens the protection of EU citizens’ rights but also sets a high standard for digital identity solutions globally.
- EUDI Wallet (eIDAS2) held personal data access control
Electronic identification and trust services (including e-signature)
My work simplifies GDPR compliance for European SMEs by developing standards that make privacy receipts and access control both practical and cost-effective. By embedding lawful bases and user-facing transparency into consent and data access records, SMEs can demonstrate accountability while reducing legal risk. For society, this promotes stronger digital rights, user agency, and trust in the EUDI Wallet ecosystem.
My work supports fundamental societal values by helping define how citizens can safely and transparently share their personal data through the European Digital Identity (EUDI) Wallet. At the heart of this is the development of access control standards that ensure individuals are not just passive data subjects, but active participants who can decide what data is shared, with whom, under what conditions, and for what declared purpose. By enabling these controls through enforceable, machine-readable policies, the standard empowers users to exercise real agency over their digital identity—moving beyond consent screens toward meaningful privacy protections embedded in the architecture of the wallet itself. This aligns with the EU’s commitment to privacy, data minimisation, and purpose limitation under the GDPR. The work also supports societal inclusion by ensuring that access control mechanisms are transparent and usable, helping citizens understand their rights and obligations, while also simplifying compliance for service providers. The inclusion of ISO/IEC 27560 in this framework ensures that all lawful bases for processing—not just consent—are clearly documented and traceable, which is especially important for use cases like healthcare, education, or public services. Importantly, the open availability of ISO/IEC 27560 as a free standard lowers the barrier for adoption, supporting uptake by public administrations, SMEs, and civil society. This ensures that privacy-enhancing technologies are not limited to large commercial actors, but can benefit all layers of European society. Overall, this work contributes to a more trustworthy, transparent, and citizen-centric digital identity ecosystem—one that upholds European values while supporting innovation, cross-border interoperability, and regulatory alignment.
Value of Research
