Businessman with virtual icons of people with lock showing how to protect digital identity through self-sovereign identity

Online Data Privacy Is Broken. Here’s How We Fix It.

Every day, the world produces 2.5 quintillion bytes of data – a near-unfathomable number that is only expected to increase as digital transformation takes hold across the globe. This vast trove of data presents a keen opportunity for companies looking to learn more about their customers, and it’s this focus on personalization that dominates the debate around big data in business.

Concerns about data privacy go hand in hand with this drive toward gathering information. In 2018, third-party firms spent over $19 billion dollars on consumer data, “undeterred by concerns about regulation and data quality,” according to an industry report. The following year, Equifax was ordered to pay as much as $700 million over their 2017 data breach. The largest leak of its kind has thus far resulted in little change – our data remains siloed across databases owned and accessed by hundreds of companies and data brokers.

We also live in an era of digital feudalism. The major tech companies and search engines have access to vast troves of our data, handed over with little more than an ‘allow cookies’ pop-up. The ubiquitous collection of this data – which is typically used for personalized ads and market research – has already led to major breaches. As the amount of data available increases, the likelihood of another Equifax or Cambridge Analytica leak only increases.

The cure for this illness at the heart of our data collection has a name: Self-sovereign identity, or SSI for short.

Data rights in a digital world

The concept of a self-sovereign identity has been gaining intense interest from identity specialists, security architects, and privacy advocates as blockchain technology has become mainstream. In essence, SSI enables users to selectively prove specific aspects of their identity using digital credentials, which they store securely in their own digital wallet—just like the paper or plastic credentials in our real wallets—and which are only ever shared directly by the user.

It’s like using a driver’s license to verify your age or a passport to show you’re legally allowed to fly; except with SSI, you only need to show exactly the information the other party needs and nothing more. The digital credential is signed using a cryptographic key pair that anyone can verify by looking up the public key on a blockchain ledger. This approach allows any trusted institution—such as governments, banks, universities, or employers—to issue and maintain their own credentials for use by its citizens and customers.

This is a paradigm shift in the way we handle identity online. Consider the current state of our logins. You’ve likely created hundreds of accounts across various websites and applications. Each one may include other personal information, such as your age, gender, address, or social security number. This data—which often is not actually needed to provide the service—is stored indefinitely on an unspecified server and often shared with advertisers and other parties with a financial interest in your information. Since this personal data is exactly the information an identity thief needs to impersonate you, one breached account could lead to serious consequences, particularly when we reuse passwords or store credit card information in these accounts.

Some companies have touted a more transparent approach to data collection in the name of GDPR or CCPA compliance, but it is not enough. A Pew Research study found that 81% of Americans feel they have little to no control over their online data. Moreover, the same percentage of survey respondents believed that the risks created by data collection outweighed the benefits. Real change is necessary to create a future where privacy is respected and consumers feel reassured.

Where we are now

This kind of future—one where data is in the hands of individuals—has become far more realistic within the past few years. The increased visibility of blockchain-powered SSI, coupled with the media attention paid to major data leaks, has finally made fixing digital identity both a market and regulatory priority.

It’s worth mentioning that consumers aren’t necessarily opposed to providing data in exchange for better service. A majority of consumers actually expect brands to personalize their services—which in most cases requires shoppers sharing some of their preference and profile data. A retail site can’t show the right size dresses without knowing the size you are looking for. So the issue isn’t that data collection happens, but that the consumer has little control over, or awareness of, how their data is being used, other than through an ambiguous ‘allow cookies’ pop-up which does nothing to provide transparency or build trust.

SSI inverts the current formula for consumer privacy, taking us out of the era of data feudalism and into what we could call the Data Enlightenment. Individuals always share data by consent because it’s all sitting in a digital wallet under their sole control. Logging into a website doesn’t necessitate making an entirely new account and creating yet another online data store. With SSI, identity data becomes portable and reusable at any SSI-enabled site or application—and always with the user’s direct permission (which satisfies data protection regulations like the EU GDPR and California CCPA).

SSI pilot programs are already underway. In British Columbia and Ontario, local governments have implemented the Verifiable Organizations Network, which uses SSI as a foundation to enable the digitization of government-issued credentials. There are SSI-based services for credit unions, doctors, and NGOs working with refugees. Moreover, the World Wide Web Consortium, or W3C, approved verifiable credentials, one of SSI’s underlying protocols, as an official standard late last year. These are the crucial first steps needed for implementing wide-scale SSI adoption.

The necessity of identity

3,800 data breaches were publicly disclosed in 2019, representing 4 billion records accessed without permission. Each one represents not only a serious consequence of our current ambiguous attitude toward data, but also an opportunity for greater awareness of an increasingly serious issue. SSI can not only provide a path to eliminating these dangerous silos of personal data, but it can offer better security, stronger privacy, and greater convenience all at the same time.

Use of SSI will prevent organizations from storing #personaldata that is not needed for providing services to you. #privacy #respectdata Click to Tweet

A person is more than the data they create online for marketers. With SSI, every individual can decide who they want to be and what they want to share online, and do so easily and safely. As we see more stakeholders leaning towards this alternative, it’s only a question of time before it becomes the new gold standard for digital identity and data protection.

 

Chief Trust Officer at Evernym