A European Digital Identity and its effect on Online Gambling
02.02.2022
This article provides an overview of the European Commission’s recently published legislative proposal for the creation of a European Digital Identity (e-ID), how the e-ID will affect online gambling services, and some of the possible challenges of the initiative. The article appeared in the January 2022 edition of the International Masters of Gaming Law (IMGL) Magazine.
On 3 June 2021, the European Commission published a proposal for a Regulation to establish a framework for a European Digital Identity (e-ID). Under the proposal, any European citizen, resident, and business will be able to make use of the e-ID anywhere in the EU. The background of the Commission’s proposal is a set of EU legislative and policy targets for the digital environment, which the Commission set out in March 2021. These targets, outlined in the 2030 Digital Compass, also include the aim, by 2030, of making all public services in the EU available to its citizens online.
The e-ID proposal will amend the Commission’s existing Regulation on electronic identification and trust services (eIDAS Regulation). The eIDAS Regulation, published in 2014, was a response to increased market demands for trusted and secure cross-border electronic identification in the EU. However, the Commission’s review of the eIDAS regulatory framework, in 2020, revealed certain flaws with regards to, for example, its lack of flexibility, its limited scope of application to the public sector only, and the absence of a common requirement to develop a national, interoperable, e-ID which can be used across all EU Member States. Looking at the eIDAS, it was apparent that the Commission did not wish to intervene in national competences, or the electronic identification schemes that were already established in certain Member States. It is notable that, to date, only fourteen Member States have established and notified at least one e-ID scheme to the Commission.[1] With its new e-ID proposal, the Commission seeks to combat these deficiencies and discrepancies by taking a much more ambitious and targeted approach.
A proposal for a European e-ID
In the terms of content, the proposed e-ID will take the form of an “electronic identity wallet”, where EU citizens can store their identity data, including other personal attributes such as name, date of birth, e-mail address, bank account numbers, certificates, driving licences, Covid-19 vaccination certificates, etc. This data can then be used by EU citizens to access public and private services online, identify themselves electronically, share documents and create electronic signatures, anywhere in the EU. Unlike the eIDAS, this new and updated framework would require both EU public bodies and private sector organizations to offer consumers the opportunity to use their e-ID. This means that very large online platforms, such as Amazon, Booking.com, Facebook and even gambling websites, would now be required to accept the use of e-ID for age and identity verification purposes.
The practicalities and benefits of such a measure have gained broad support among EU citizens: a recent Eurobarometer survey, funded by the Commission, found that 63 percent of Europeans want a secure single digital ID for all their online services.[2] With such a degree of interest, it is important that all the capabilities of the proposed e-ID meet the expectations and needs of the users themselves – including citizens. The introduction of the e-ID would enable users to have full control over the data they wish to disclose to third parties, and to understand how their data is being used and shared. These measures would strengthen consumer privacy and prevent the sharing of unnecessary data elements (i.e. data minimisation) to other parties.
The digital wallets that will be offered to citizens and businesses can only be provided by public authorities or by private entities if they are recognised by the Member State in which they are offered. A ground-breaking element of the proposal is the obligation for Member States to recognise the notified e-ID scheme of another Member State (interoperability of the e-ID). Therefore, citizens could use their national e-ID from one country to access online services in a different country, an electronic health certificate issued by one Member State will be legally recognised and accepted across the entire EU, etc. An EU citizen’s entire online presence could be made via a single login, in a secure and trusted manner, no matter where they are in the EU.
The e-ID proposal is also accompanied by a Recommendation, which invites Member States to develop a Toolbox for a European Digital Identity framework, by September 2022. This toolbox will set the technical architecture and reference framework for the implementation of the European Digital Identity framework.
The impact on online gambling services
There are regular calls for greater harmonization in the EU’s heavily fragmented online gambling market and an EU e-ID could revolutionize some aspects of the way the market functions by reducing friction for operators and bringing advantages to players. Gambling authorities and lawmakers in Member States already require online gambling operators to know their customers, and to verify their identities, when they create an online gambling account. The reasons for this include compliance with the applicable age limits, legal requirements, and anti-money laundering (AML) requirements in each Member State, as well as meeting targeted support obligations for the protection of players and harm prevention. Player identification is at the heart, for example, of the effectiveness of a national gambling self-exclusion register.
At present, verifying the identity of online gamblers is quite a fragmented process in Member States. Today, eleven Member States have introduced national electronic identification schemes, this is compared to four Member States in 2018.[3] In other Member States, the identity of online gamblers is verified by reference to official national databases, other systems utilised by financial services, or even through the electronic submission of copies of national identity documents. While in Bulgaria, Croatia, Czech Republic and Spain, identity checks include manual verification via copies of identity documents.[4]
Online gambling operators are legally bound by strict Know-Your-Customer (KYC) requirements, which apply in the context of the EU framework on AML. Under the EU’s current AML rules, for example, online gambling operators must implement risk-assessment protocols and conduct due diligence to detect potential criminal behaviour and ensure the traceability of players’ funds. This involves operators using sophisticated technological tools, but legal requirements and processes differ significantly from one Member State to another.
A standardised, pan-EU identity verification method would, therefore, provide online gambling operators with a new, streamlined method for compliance with many different rules and help reduce administrative and compliance costs, in particular for those companies that operate across multiple Member States. An EU-wide e-ID would strengthen existing processes to prevent minors from accessing online gambling and positively impact the EU’s fight against criminal and fraudulent activity. It would also offer national gambling authorities a standardised tool to identify customers with a high degree of certainty and support an operator’s compliance in their jurisdiction.
As well as streamlining the work of operators, an e-ID would also enhance the customer experience. In an ever-increasing era of online services, players would be able to verify their identities easily, with the click of a button. Most importantly, however, the e-ID could have a positive impact on player protection. Currently, a common, European regime for the protection and self-exclusion of vulnerable players does not exist. Today, seventeen Member States have developed a national self-exclusion register,[5][6] but these registers are not interoperable. Therefore, a player who has self-excluded in one Member State can still access gambling websites licensed in another Member State. This could change due to the interoperable nature of a future EU e-ID, however, only under the condition that self-excluded players are aware of the e-ID and make an informed decision to use it. Thus, player protection could only be enhanced, if players choose to share their specific data (e.g., on self-exclusion) in their e-ID.
It is difficult to predict how EU citizens will respond to the use of an e-ID, at least on a practical level. The Commission has set a target that by 2030, 80 percent of EU citizens will be using these e-ID wallets. The COVID-19 pandemic has been a defining moment for digital provision, highlighting the need for safe and trustworthy access to online services, both public and private. But factors such as accessibility, trust and digital literacy will also likely determine the potential success of the e-ID initiative.
Legislators across the EU will also have to carefully consider the relevant data protection issues which might arise from the use of a pan-EU e-ID. While users will be in full control of the data they share, and data minimisation is introduced as a safeguard of data protection, not all of the personal data which could be stored in a digital wallet falls under the same definition. Questions remain as to how such a facility would function in respect of the application of the General Data Protection Regulation (GDPR).
Next Steps
The proposal for a Regulation on e-ID is adopted under the internal market legal basis (Article 114 TFEU), as it contributes to the realization of a European Digital Single Market. The leading committee in the European Parliament that will work on proposing a report with amendments is the committee on Industry, Research and Energy (ITRE). The vote in committee is foreseen in July 2022. Once the Parliament and Council reach a common position (not foreseen until 2023), the proposal will become a Regulation, therefore directly applicable by all Member States.
Vasiliki Panousi
Manager EU Affairs
European Gaming and Betting Association (EGBA)
[1] Explanatory memorandum, proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, European Commission (2021).
[2] Digital Identity for all Europeans, European Commission (2021).
[3] Croatia, Czechia, Denmark, Estonia, Germany, Greece, Latvia, Lithuania, Malta, Poland, Sweden currently have a national electronic identification scheme. Consumer protection in EU online gambling regulation, City University of London (2021).
[4] Idem.
[5] Idem.
[6] Idem. Belgium, Czechia, Denmark, Estonia, France, Germany, Hungary, Italy, Latvia, Lithuania, the Netherlands, Portugal, Slovakia, Slovenia, Spain, Sweden. The monopoly operator in Finland is also required to keep a register of all excluded players which is equivalent to a national self-exclusion register.
About EGBA
The European Gaming and Betting Association (EGBA) is the Brussels-based trade association representing the leading online gaming and betting operators established, licensed, and regulated within the EU, including bet365, Betsson Group, Entain, Flutter, Kindred Group, and William Hill. EGBA works together with national and EU regulatory authorities and other stakeholders towards a well-regulated and well-channelled online gambling market which provides a high level of consumer protection and takes into account the realities of the internet and online consumer demand. EGBA member companies meet the highest regulatory standards and, in 2020, had 234 online gambling licenses to provide their services to 29 million customers across 19 different European countries. Currently, EGBA members account for 36% of Europe’s online gambling gross gaming revenue (GGR).