How and why digital identity works in Denmark and Estonia

Denmark's MitID (my ID) system offers a blueprint for the UK's planned digital ID, with 97% of Danes aged 15 and over currently enrolled. The system, accessible via a smartphone app or a code display for those without a device, is used for a wide range of services, including online banking, electronic signatures, and booking medical appointments.

Enrolment begins at 13, and at 15, teenagers are advised by the government to use the digital ID to access their official communications via "digital post." Adam Lebech, deputy director general of Denmark's agency for digital government, noted that its high adoption rate is attributable to a broad range of key applications. Currently, only five per cent of Danes opt out of digital post.

Similarly, Estonia provides a model of a long-standing, comprehensive digital identity. Since introducing its national digital ID card in 2002, the country connected a physical document to secure online authentication, allowing citizens to vote, file taxes, and use online banking digitally. Estonia's strategy, born out of a desire to deliver efficient public services with limited resources, focused heavily on building a legal and technical framework based on trust.

According to Kristiina Kriisa of the e-Estonia Briefing Centre, citizens own their data, can see who has accessed it, and are protected by strong data protection laws. This level of transparency, along with the convenience and time saved, limited opposition. Estonia uses strong encryption and a public key infrastructure (PKI), maintains a constant national cybersecurity watch, and keeps an analogue option for services available for citizens. 

The UK government, which plans to introduce an app-based digital ID by 2029, has stated it will take the best aspects of both the Danish and Estonian systems.

Training Announcement: The IAPP Certified Information Privacy Technologist (CIPT) is a privacy-focused professional IT certificate from the IAPP that addresses data protection requirements and controls within complex technological environments. It explores the data lifecycle, privacy risk models and frameworks, the principles of Privacy by Design, and the role of privacy-enhancing technologies within the organisation. Find out more.