In an increasingly digital world, more and more of our online interactions require us to establish that we are who we say we are. If implemented correctly, digital identity could act as a proven and trusted source of verification for online users.
If implemented poorly however, digital identity can put our privacy and the security of our personal information at risk. The challenge is designing identity solutions with privacy in mind, whilst also ensuring the resulting credentials are highly verified, portable and interoperable.
User control and consent must be at the forefront of this discussion. How should users be able to regulate who is able to see their information, to what extent and under which circumstances? On many occasions, when verifying your identity online, you are really confirming your eligibility for a certain product or service. Should users not be able to share only the information necessary for a specific transaction, keeping other elements of their personal data private?
Some advocate for a decentralized model of identity to address this issue. Control is placed back in the hands of consumers, who become the guardians of their own verified information, collected from certified issuers.
Of course, the concept of giving individuals ownership of a portable digital ID, is intertwined in a context of privilege. Those who lack access to technology may not have the ability to take control of their identity in this way. Inclusion is a factor that must be taken into account.
We also must consider whether individuals are ready and willing to take control of their identities? Where does responsibility fall if something goes wrong and an identity is compromised? How does user ownership impact liability?
Whether a service provider opts for embracing decentralised, or government issued digital identities, independent bodies will have a key role to play. Robust standards and frameworks are crucial to ensuring privacy, security and equity are upheld.
Every time a digital identity is used online, the ID issuer and verifier have the opportunity to collect data about the ID holder. Robust regulations are needed to ensure identity players cannot profit from exploiting their customer’s data. Where trust is distorted, digital ID is no longer benefiting the user, but commoditising them.
So, what is the right kind of technology? What level of privacy is required? Where should responsibility lie? These are complicated questions, but ones we must consider when designing digital identity for the future of the online ecosystem.
The conversation continues at FTT Identity on 17th March. Our panel ‘Privacy Enhancing, Consent Based Digital ID’ will feature these Rockstar speakers:
- Dia Banerji, Country Ambassador, Scotland, Women in Identity
- Andrew Black, Senior Digital Product Owner, Data, Open Banking & Digital Identity, NatWest
- Gail Hodges, Founder, Future Identity Council
- David Pollington, Senior Director, Technology & Product, GSMA
- Colin Wallis, Executive Director, Kantara Initiative (moderator)