Self-sovereign ID key to data privacy

Coupling self-sovereign identity with insights from research on consumer identity management may be the key to personalising products and services without putting people at risk, says industry analyst

All creators of technology and digital services should be asking themselves if that product is something they would want their children to use, says Katryna Dow, founder and CEO of life management firm Meeco.

“When it comes to privacy, if we get this right, we could empower future generations by changing the way data, information and identity works. But if we don’t, there will be some real repercussions for our children in future,” she told the European Identity & Cloud Conference 2019 in Munich.

“We have the collective expertise and experience in this room to shape to shape the democracy of identity, if you think of all the problems that have been solved in the past few decades around security, access management and identity.”

These solutions, she said, are now starting to converge into an omni-channel, connected, 24/7, data-driven world. Similar collaboration is now needed to tackle the privacy challenges created as a result.

In a world where it is possible to connect personally identifiable information (PII) from a wide variety of sources in many different ways, Dow said it is time to re-think how identity is managed.

“In the face of record data breaches, hacking and problems with centralised data, customers are more vulnerable than ever before,” she said, adding that an experiment has shown that even with the highest privacy setting on Facebook, downloading a pregnancy app results in being flooded with content related to motherhood.

“How organisations collect and process data to personalise services is going to make the difference between gaining trust, getting fined and even getting fired,” said Dow. “There is enormous responsibility in developing these systems.”

On the positive side, Dow said there are some “great new technology possibilities” that include things such as self-sovereign or self-manged identity and zero knowledge proofs. “There are opportunities for us to start changing the way the identity stack looks so that we can unlock [personal] data with greater trust,” she added.

Meeco has published a whitepaper on zero knowledge proofs that focuses on enabling people to get access control, delegation and consent to their personal information, and is working on developing a way for organisations and customers to collaborate without putting the business or transactions at risk and sharing only data that is relevant, using Hyperledger Fabric.

“There are some great opportunities for sharing using private channels that, at an architectural level, build in the business value and the opportunity for a commercial return, but the privacy is there, and that is what we really want to achieve,” said Dow.

Taking customer identity and access management (CIAM), together with increasing rights and protections for consumers, Dow said it is possible to build connected use cases, lower cost and drive new business models.

“We already have some great services in regulated markets like financial services, and at the same time, we have self-managed identity coming to the fore. We have got to find a bridge to bring these two things together because that’s where the magic is going to be,” she said.

The challenge, she said, is finding a way of putting identity in the middle. “Who or what am I? What am I authenticated to do? And what am I authorised to access? If we can do that, we can build trust with customers and start bringing data from different parts of their life into a connected data ecosystem, where organisations can partner to build business logic that doesn’t put customers’ data at risk,” she said.

In conclusion, Dow said technology is becoming increasingly political because whoever controls the way that technology works has the power to influence the way society is developing.

“We are at the point now that we have to decide for future generations whether we want the cool personalisation and privacy management without having to trade off what that means, or to go down another path that is super creepy,” she said.

“As a result, there are companies that are now placing bets on being on the right side of history and recognising the importance of privacy.

“But  it is not just about privacy. It is about power. It is about enabling us to make better decisions, about finding the right product or service, and about unlocking meaningful value by finding a way of making data available without penalising participants for being part of that value chain.”

Read more about self-sovereign identity

Read more on Privacy and data protection