Blog

Digital identity and privacy: Can you have both?

In an increasingly digital world, more and more of our online interactions require us to establish that we are who we say we are. If implemented correctly, digital identity could act as a proven and trusted source of verification for online users.

If implemented poorly however, digital identity could put our privacy and the security of our personal information at risk. The challenge is to design identity solutions with privacy in mind, whilst ensuring the resulting credentials are highly verified, portable and interoperable.

User control and consent must be at the forefront of this discussion. To what extent should users be able to regulate who is able to see their information, to what extent and under which circumstances? On many occasions, when verifying your identity online, you are really confirming your eligibility for a certain product or service. Should users not be able to share only the information necessary for a specific transaction, keeping other elements of their personal data private?

Some advocate for decentralised identity solutions, to place control back into the hands of consumers. By this model, individuals become the guardians of their own verified information, collected from certified issuers and stored by the user. Individuals can then share their identity with service providers as necessary, maintaining independence and preserving their data privacy.

Of course, the concept of giving individuals ownership of a portable, digital identity wallet is intertwined in a context of privilege. Those who lack access to mobile technology may not have the ability to take control of their identity in this way. Inclusion is a factor which must be taken into account when looking to protect autonomy and privacy.

We also must consider whether individuals are ready and willing to take control of their identities? Where does responsibility fall if something goes wrong and an identity is compromised? How does user ownership impact liability?

Whether a service provider opts for embracing decentralised, federated, or government issued digital identities, it seems clear that independent bodies will have a key role to play. Robust standards and frameworks are crucial to ensuring privacy, security and equity are upheld.

Every time a digital identity is used online, the ID issuer and verifier have the opportunity to collect data about the ID holder. Robust regulations are needed to ensure identity players cannot profit from exploiting their customer’s data. Where trust is distorted, digital ID is no longer benefiting the user, but commoditising them.

So, what is the right kind of technology? What level of privacy is required? Where should responsibility lie? These are complicated questions, but ones we must consider when designing digital identity for the future of the online ecosystem.

The conversation continues at FTT Identity on 17th March. Our panel ‘Privacy Enhancing, Consent Based Digital ID’ will feature these Rockstar speakers:

  • Dia Banerji, Country Ambassador, Scotland, Women in Identity
  • Andrew Black, Senior Digital Product Owner, Data, Open Banking & Digital Identity, NatWest
  • Gail Hodges, Founder, Future Identity Council
  • David Pollington, Senior Director, Technology & Product, GSMA
  • Colin Wallis, Executive Director, Kantara Initiative (moderator)