Back to Blogs
IDENTITY MANAGEMENT AT THE SOURCE: WHY DLT ENABLES A TRUSTED AND TRANSPARENT DATA ECOSYSTEM
By Aqilliz
Published on January 21, 2021
In today’s information age, data is the lifeblood of the digital economy and the foundation on which industries of the future are built. With the help of technology, digital marketers are now able to extract valuable consumer insights with more precision than ever before, paving the way for impactful and effective campaigns and communications strategies. In fact, Datareportal found that since the start of last year, over 4.5 billion people — more than half of the world’s population — are now online. With so many internet users spread across all corners of the globe and across various channels, the internet has truly proven itself as a goldmine for opportunities.
Beyond communities that proliferate on social media, the rise of online banking, e-commerce, and other peer-to-peer services equally point to the need for verified digital identities. However, with soaring data volumes and the ever-increasing number of platforms and applications, identity management is only growing in complexity. Furthermore, the emergence of data privacy regulations around the world and increasing scrutiny on data collection practices indicate a dire need for accountability and transparency within the data ecosystem. If the past year is any indication, it’s clear that technology is here to stay.
What if we told you that there’s a way to put the trust back in tech through a decentralised, secure solution? That’s right, we’re talking about blockchain.
The Issue with Today’s Identity Management Model
But first, let’s look at some of the issues plaguing today’s approaches to identity management.
At present, the majority of identity management activities take place across centralised systems. Over the years, we’ve seen how this can and does lead to information being mishandled, stolen, or replicated. Prior to privacy frameworks taking on a more concerted effort to address data sharing and monetisation practices, sensitive personal data could be shared with third parties without obtaining the data subject’s consent. Across the advertising world, this has been performed in the interest of personalisation, in order to ensure that prospective consumers are served only the most relevant ads and product recommendations. However, it hardly changes the fact that control is left in the hands of those who own the database, leaving users with little to no say in whether or not their data is shared with other parties. Most recently, the confusion and controversy surrounding WhatsApp’s new privacy policy mandating commercial data sharing with its parent company, Facebook, drove many users to alternative messaging platforms.
Additionally, traditional identity systems typically suffer from single points of failure and lack interoperability due to their centralisation. These vulnerabilities have been particularly evident in recent years, when high profile data security breaches like Facebook, Yahoo, and Equifax exposed confidential information belonging to millions of users. The cyber threat landscape is constantly evolving, and organisations that lack the infrastructure to safeguard the personal information of their customers are left vulnerable to attacks and at risk of losing consumer trust. When that happens, consumers begin to look elsewhere for alternatives that can provide better security and transparency.
As a technological infrastructure that allows for hyper-customisation in control and consent mechanisms, blockchain is well-positioned to revolutionise identity management at its core.
Digital Identity: The Decentralised Way
An identity management framework leveraging blockchain has the power to put users back in control of their identities. Additionally, blockchain’s decentralised nature and new encryption methods can allow individuals the freedom to create encrypted digital identities that will essentially replace multiple usernames and passwords. Instead of providing personal information directly, decentralised identifiers can be used in place of personally-identifiable user information like name and date of birth, and made available as needed for verification purposes. This would give individuals complete control over their identity — what information is visible to outside parties, how long it is available for, and who can access their information. However, in order to ensure accountability while allowing stakeholders to benefit from the superior security that the technology provides, public-private blockchain models are crucial to protecting user anonymity while maintaining scalability and compliance with privacy regulations.
With such systems in place, organisations would no longer need to collect and store every single identity data attribute, and the risks of that data being accessible to third parties and private corporations will be significantly limited. Governments and authorised institutions would still have their role in authenticating and verifying the identity information, but in the majority of cases, this would only be required the first time a user interacts with a given platform. Similar to an official document, a blockchain-based identity would serve the same purpose. If this sounds too good to be true, think again — recently, in an effort to mitigate the spread of COVID-19, a group of over 100 public and private organisations formed the COVID-19 Credentials Initiative (CCI) to deploy privacy-preserving verifiable credentials that could serve as a digital proof of testing or vaccination. This provides a safer, more efficient approach to identity management and one that puts the control back into the user’s hands — a much-needed solution for today’s digital ecosystem.
The Transparent World of Tomorrow
As control of personal data moves increasingly back into the hands of the user, organisations should recognise this contextual shift and use it as an opportunity to fundamentally rethink their customer relationships. A transparent business-customer relationship not only builds trust, but also cultivates brand loyalty, boosts their credibility, and differentiates a brand from the competition.
Additionally, privacy laws such as the General Data Protection Regulation (GDPR) require that organisations bolster their data protection measures to collect, safeguard and process personal data lawfully. In addition, Article 30 of the GDPR requires evidence of records for the processing of personal data, which implies the need to effectively record and govern data provenance. A blockchain-based data management system could ensure precisely this, behaving as an immutable ledger that tracks the origin and movement of data at the various stages of data creation and modifications.
With the help of blockchain, organisations can bring trust, choice, and transparency back to the digital ecosystem.