Unlinkability is a key privacy concept in the design of Digital Public Infrastructure (DPI) and digital identity systems. It describes the inability of observers, including system operators, to correlate various actions or transactions carried out by the same individual across different contexts or interactions. When unlinkability is properly implemented, it becomes impossible to track a person based on their use of identity systems across different relying parties or domains such as healthcare, transportation, education, or social media.

<aside> 📌

Unlinkability makes it impossible for parties that users interact with to track and profile users' interactions in a DPI.

</aside>

Why Unlinkability Matters

In DPI, particularly digital identity, people often authenticate themselves to access services. If these authentication events are linked by a common identifier or a shared metadata trail, it enables mass surveillance and profiling, even when no content is disclosed.

This tracking with official government identities is especially dangerous because it connects all areas of life where the DPI is used back to a real individual. This ubiquitous tracking can lead to a severe loss of privacy and would be far worse than existing online tracking we know from surveillance capitalist business models.

Unlinkability acts as a technical safeguard by ensuring that even if someone tries to monitor user behavior across sectors, the system does not leak enough information to enable correlation.

Benefits of Unlinkability

• Protection from Surveillance: Prevents government or corporate actors from tracing a person's behavior across sectors.
• Prevents Profiling: Users can interact in different roles (e.g. worker, patient, voter) without creating a unified behavioural profile.
• Enhances Trust: People are more likely to use digital identity systems if they trust they won’t be tracked.
• Limits Data Breach Impacts: If identifiers are unlinkable, a breach in one domain cannot be leveraged to attack another.

Examples of this Safeguard enshrined in Law

<aside> <img src="/icons/gavel_blue.svg" alt="/icons/gavel_blue.svg" width="40px" />

• DPI of the EU for Identification and Data Exchange (eIDAS)
• Age Verification for Online Services in the EU </aside>

What to Ask as a CSO

<aside> <img src="/icons/megaphone_red.svg" alt="/icons/megaphone_red.svg" width="40px" />

• What identifiers are used in our DPI?
• Do the type of identifiers differ between use cases and are they appropriate?
• Who is requesting the use of existing unique, persistent identifiers from individuals?
• When the government intends to use the DPI for private sector purposes, can we demand unlinkability or other privacy protections? </aside>