The municipality of Nijmegen is conducting a test with the IRMA app, which was developed by the Privacy by Design foundation. The intention is that users can log in to sites and services with only necessary data.
The pilot of the municipality provides a link between the IRMA app and the basic register of personal data and a digital signature as a guarantee of the authenticity of the data. Every month, 7,500 residents of the city can retrieve their data from the bpg with the app. IRMA uses personal data such as first name, last name, street, zip code, place of residence, date of birth and the citizen service number as ‘attributes’.
The purpose of the app is that users can use attributes individually to log in, for example, and gain insight into which attributes use their services. This should prevent more data than necessary from being disclosed. For example, when showing a passport, identity card or driver’s license, a citizen provides his date of birth, name, nationality and photo, while perhaps only an indication of age is required. The IRMA app then only provides the attribute ‘over 18’.
IRMA, which stands for I Reveal My Attributes, comes from the Privacy by Design foundation, which was founded in 2016 and in which Radboud professor of the Digital Security research group Bart Jacobs is involved. The foundation strives for collaboration with, among others, Thuiswinkel.org. Internet services such as Marktplaats could use the app in their fight against fraud.
Furthermore, doctors can retrieve their registration from the BIG register and students can retrieve their data from SURFcontext and eduGAIN. In the future, DUO can provide diploma data and RDW data about driving skills. Privacy by Design also enables the provision of social media attributes.