Security and Data Protection
The German National Identity Card offers maximum security for your personal data.
The National ID card meets security standards of the highest level.
This applies to both the physical security features of the document and the security technologies protecting your personal data on the chip.
The eID function significantly improves data security and reduces the amount of personal data collected (data minimization). The following two principles apply to both the issuance of authorization certificates for eID applications and the use of the eID function:
The principle of data security
- You always know who is asking for your information, because only publicly approved providers with an authorization certificate may retrieve your personal data.
- Every time data are sent you can clearly see beforehand which data are to be sent. You can either agree to send them or stop the operation.
- The data are sent only after you have consented by entering your PIN code.
- The data are always sent in encrypted form. To this end, internationally recognized and tested technical procedures are used.
- The eID card can be used only in combination with a card reader. For this reason it is impossible to retrieve data remotely.
- Only persons holding the ID card and knowing the PIN can authorize the transmission of data. Your personal data are protected against misuse on the Internet.
The principle of data minimization
- Only data that are really necessary to use the desired service are transmitted. Before providers are issued an authorization certificate, it is thoroughly checked which data are required. Only if these data are absolutely necessary for the provider's service is the authorization granted.
- Some services require only a certain minimum age (not the date of birth) or the name of the city or town you live in (not the complete address), for example if you wish to purchase goods with age restrictions or participate in public participation processes in your city or town. Your ID card's chip then confirms your age or your place of residence without sending any further data. Instead of your date of birth or your address, only “Yes” or “No” is transmitted.
- Other services only require a pseudonym, for example if you wish to express your opinion in a forum or a chat room, but do not want to give your name. In this case, instead of your name, only your pseudonym will be transmitted. Thus, it is impossible for website operators to track your movements across the web.
The principles of data security and data minimization help you to decide for yourself whether and to whom you provide what sort of data.
More information on