The Stepping Stone to Self-Sovereign Identity

San Francisco’s recent ban on facial recognition technology showcases a growing trend: wariness of biometric data being used without an individual’s knowledge. This is just one expression of the new wave of consumer desire for control over their data and privacy, otherwise known as self-sovereign identity.

Let’s explore the idea of self-sovereign identity and the implications it has on the future of personal data usage.

What is self-sovereign identity?

In today’s digital universe, faceless companies and services hold our information in their databases. Personal data is constantly being used and shared with or without our knowledge. Once consumers became aware of this, there was no turning back: the way companies manage identity data would have to change.

Over time, this has sparked a unique idea: self-sovereign identity. Self-sovereign identity is the idea that a user should have full control of their digital identity and information. Individuals would store and share their own data on the blockchain. Only they have access to it, and only they can give out to companies and websites.

Under lock and key

Self-sovereign identity means keeping your digital information safe the same way you would your non-digital information. Think of it this way: you keep important documents safely in your home. Birth certificates, social security cards, and financial statements are locked away in a cabinet or safe. You only share these with people or services you trust, and you never give any of your information away permanently.

Self-sovereign identity means keeping your digital information safe the same way you would your paper documents.

Ideally, digital identity will reach a similar standard. Users will store their information on a decentralized ledger, rather than having their data floating around in hidden databases. You could then share as much or as little of it as you like with the online authorities of your choosing. They will have limited access to your data, and will not hold it themselves. You have granular control over what is shared.

In the public eye

Although it is still an abstract idea, for now, self-sovereign identity is already affecting both public opinion and policy. Data privacy breaches are constantly in the news. As people become more aware of the lack of control they have over their data, their demand for self-sovereignty increases.

Policies around the world are changing in response. In the United States, San Francisco has banned the use of facial recognition technology by city officials, highlighting skepticism over biometric data sharing. Illinois has enacted the Biometric Information Privacy Act, and Maine is working to pass one of the strictest internet privacy laws in the U.S. Meanwhile, the GDPR continues to have widespread impacts on business operations in the EU and beyond.

Who, what, when, where, how?

From everyday citizens to government officials, the collection and use of personal information concerns people more and more. As such, the global demand for self-sovereignty is growing, but our ability to achieve it lies far in the future. Self-sovereign identity requires an enormous shift in how personal information is stored, potentially creating less convenience and more friction in early implementation. Beyond that, companies making money off of data sharing will be slow to relinquish that opportunity.  

Self-sovereign identity requires an enormous shift in how personal information is stored.

That being said, the new privacy legislation indicates that we are getting closer to the end goal. Many of these laws revolve around the concept of user-permissioned data, which is the first step in the road to self-sovereign identity. User-permissioned data models require opt-in consent to acquire personal data and full transparency around how the data will be used and how it can be deleted. Instead of a company or service provider sharing information without a person’s knowledge, the user must approve of the data distribution.

Working towards the future

Until a monumental shift in data storage occurs, user-permissioned data is one of the best options for consumers to keep their identities monitored and safe. Even if you don’t physically hold your data, your consent is essential for its distribution.

One way businesses can showcase support for consumer privacy and utilize permissioned sharing is by using alternative forms of data for identity verification. When searching for new data sources to verify users’ identity and address, prioritizing permission-based models will help you stand out as a leader in data privacy and keep you ahead of the regulatory curve.

To learn more about the future of user-permissioned data – and how to take part – check out our Guide to the Future of Friction.

You might also like:

• Who’s Who? Identity Verification in a Digital World
• The Sliding Scale of Friction
• Smooth Sailing for ID Verification

---

---