e-SIM and data protection: convenience or safeguarding data?

Hi, I’m Chris.

I’m here to help you through every step of your PRVCY journey.

Wether you’re already taking the PRVCY online courses or a new subscriber, I’ll post constant news and information based on our research to help you taking back control of you PRVCY!

e- SIM is a SIM card that is built into the smartphone at the time of manufacture. It is a microchip embedded in the motherboard.

SIM is short for Subscriber Identity Module, is the regular chip we put in our smartphone and contains a unique identifier inside every cellular device that enables wireless service providers to know the user’s assigned phone number. The SIM card stores your personal data and may be removable, depending on the device.

SIM card technology has evolved over time, resulting in smaller sized micro- and nano-sized cards that created more space in the mobile phone for manufacturers to increase battery sizes or add other features.

In an effort to minimize the space occupied by SIM cards, eSIMs were developed. The “e” in eSIM means embedded. An eSIM card is hardwired into the phone itself. Because of its advantages, eSIM cards are replacing nano cards in newer cell phone models.

Some cell phones may have both a removable SIM card and an eSIM card, which allows users to have two separate numbers – such as a personal number and a work number – on one device. The dual SIM feature is supported on a wide range of mobile phones and many wireless providers are currently offering it.

Convenience of eSIM:

1. eSIM cannot be broken, lost, or incorrectly inserted into the device.
2. No need to look for a paper clip and, in general, somehow disassemble the device in order to change the number.
3.Thanks to eSIM, it is easy to distinguish between your main number, work number, and, for example, another one with advantageous unlimited internet or other options.

PRVCY Implications

But, as usual, here we are to talk about the PRVCY implications of eSIM, from our point of view there are two things I take in consideration in my analysis. Our mobile phones know a lot about us. That means carriers know who we are, who we call, and where we are at any given moment.

The first point is the digital economy that relies heavily on personal data for insights, market predictions, and personalized services. That means that mobile data carriers in some cases and countries are making profit collecting your data.

In other cases, the mobile data carriers are part of public companies which means that the government is in control of that data. In both cases the relationship between eSim technology and politics is multifaceted.

All over the world, privacy laws and regulations surrounding eSim implementation can vary across different countries, reflecting the political landscape and priorities of each jurisdiction. Governments play a critical role in shaping data protection policies and ensuring that citizens’ privacy rights are upheld.                                            

In United States, the Federal Communications Commission published a report last year where identified that ten of the top 15 mobile carriers, including AT&T, Verizon and T-mobile collect geolocation data and provide no way for consumers to opt-out. Geolocation data offers a detailed window in the lives of users, including everything from where they shop to what medical providers they seek out.

eSIM will make it more difficult for users to change from companies, since the transition is digital and more difficult to control the data, as we identified two potential PRVCY Risks:

Data and account

It makes it impossible to take the SIM card physically out of the device and put it in the SIM card reader. Additionally, the process of digital data storage, deletion, and reading will become more challenging (for instance, the Secure Enclave on iOS devices). The physical SIM card can be removed and destroyed if your smartphone is stolen or lost.

Up until now, it was possible to take a SIM card out of a phone and stop it from connecting to the network, which made it impossible to track. While wireless carrier profiling and allowing everyone to access an online service can increase usability and convenience, they also leave open the possibility for hackers.

In the case of eSIM, there will be no such chance: such mechanisms have a special initialization order and reliable protection measures. An attacker will not be able to load an alternative profile without a password, attempts to reboot the system will be in vain, and the previous account will be restored, which will help track the location of the stolen item.

Personal information

As the process is explain in the sale of an eSIM card, a new remote identification system will appear. After determining the identity of the subscriber using biometric data, the algorithm checks the provided information with the database and verifies its authenticity.

This collection of your personal data pretends to minimizes the likelihood of using illegal SIM cards and make mobile communications market safer but in the other hand, allows e-SIM providers to collect and storage your biometric data, and accessing your phone which is a PRVCY concern.

The influence of the device manufacturer on the mobile ecosystem is increasing. Third-party Java applets recorded on an eSIM card can carry functionality hidden from the user, including encryption and the transfer of confidential information to the developer (network used, signal strength, location, call logs, messages, etc.).

Balancing the convenience offered by eSim with data protection is a complex task. On one hand, eSim provides users with the freedom to switch between carriers and data plans seamlessly, enabling them to choose the best network coverage and data speeds wherever they go. This flexibility enhances user experience and ensures optimal internet connectivity.

On the other hand, the collection and storage of personal data through eSim raise concerns about privacy and data protection. It is crucial for telecommunication companies and service providers to adhere to privacy laws and implement robust security measures to safeguard users’ personal information. Encryption, secure storage, and strict access controls are among the measures that should be implemented to ensure the protection of user data.

To strike the right balance between convenience and data protection, collaboration between industry stakeholders and regulators is paramount. Telecommunication companies, device manufacturers, and regulatory bodies must work together to establish and enforce privacy laws that govern the usage of eSim technology. These laws should outline guidelines for data handling, consent, breach notifications, and user rights, among other important aspects.

As a personal option I chose not to have a SIM card in my phone and find alternatives like a anonymous e sim Card, however, is difficult to recommend trustworthy companies and privacy laws vary across different regions and countries, aiming to protect individuals’ personal information and ensure data security.

To consider the impact of privacy laws on its usage and the implementation of this laws that intended to regulate the collection, storage, and processing of personal data by telecommunication companies and service providers is a challenge considering that every day governments are partnering with mobile phone companies to do the opposite of protecting our digital ID.



If you have had a physical SIM card and want to remove it, please store it securely as a backup or destroy it so there’s no risk of having the data on it stolen

When you are replacing your device wipe all data from the eSIM card before you dispose of or recycle the device.

Check with the manufacturer and your service provider for instructions on how to properly wipe the data.

Latest PRVCY Insiders:


Hi, I’m Chris.

I’m here to help you through every step of your PRVCY journey.

Wether you’re already taking the PRVCY online courses or a new subscriber, I’ll post constant news and information based on our research to help you taking back control of you PRVCY!

PRVCY Insider

Stay up to date with the latest news on data protection and controlling your privacy online.

EN - PRVCY Insider