Rapid digitalisation has led to huge treasure troves of personal information being collected and stored online. Whenever consumers go online to shop and view content, email and message, do banking or visit the doctor, they leave digital footprints such as spending habits, liquidity limits, medical records as well as age, gender and nationality. This information are captured and stored in giant databases.
Collectively, the digital footprints are identifiers that describe a consumer’s individuality and personality, giving a holistic view of his identity. However, danger lurks, pointed out Glenn Gore, CEO of Affinidi, a software firm which develops identification verification systems using blockchain technology.
Online users cede the rights to their personal and identifying attributes when they use digital services like Amazon, Netflix and Meta, he explained. Just logging in and entering information give the organisations the right to use the information as they see fit.
Consumers also do not have a choice on how the personal identifiers are used. They also do not know where the data and identities are stored, accessed and used, leading to increased risk of data breaches, he explained.
There are many reports on data breaches. In January this year, hackers attacked Red Cross servers and stole personal information of over 500,000 people receiving services from the organisation located in Switzerland. Australian telco Optus reported a data breach in September 2022 which compromised the personal data of about 9.8 million customers.
To address these concerns of security, the concept of self-sovereign identity (SSI), has emerged. It is a concept that prioritises privacy and control and where the data owner controls where his information resides, decides where to use it and determines who can share it.
SSI allows for the identity credentials to be stored in a digital wallet and provides identity authentication in a decentralised manner: the issuer and the verifier of the identity credentials are held together by the holder who owns the credentials. Every piece of data is owned and controlled by the holder and not by a single entity.
“The key here is that the individual owns his or her own data and has a choice of how to use it,” said Gore in an interview during the Singapore Fintech Festival in November.
Sharing and authenticating data is a complex process, leading to the big issue of who is trusted to hold the identity credentials. It is the holder decides who he wants to share his information with. This has led to the development of custodial identity management systems.
Individuals may not want the complexity of holding all his personal data credentials.
The government is the only agency allowed to issue a passport. The bank has financial information like bank statements, name of employer, monthly salaries and spending patterns.
“So you would trust the government to have custody over your passport and citizenship data and the Health Ministry to hold your vaccination records. You trust the bank to hold your financial identity and the hospital to have custody of your medical records.”
Different custodial managers will emerge, said Gore. “The key is the holder of credentials must always give consent before his personal data can be shared.”
Custodial management systems also need to be interoperable because consumers want to be able to share their information with different organisations like credit card companies and e-commerce providers.
However, Gore pointed out that portable custodial management systems would be a better solution because “moving” the credentials would be done seamlessly.
A huge benefit comes from keeping personal credentials in digital wallets. Monetising them, beyond financial value, becomes viable, Gore pointed out.
Personal data can be exchanged for benefits. Healthcare information like blood type, cholesterol level and genetic data may allow individuals to benefit from precision medicine. Home buyers can qualify for green loans if they show evidence that they have reduced electricity usage and that they use public transport instead of owning cars. Gamers can get early access to special meet-the-fan events in exchange for running gaming guilds.
This is just the tip of the iceberg, said Gore who expects more innovations to emerge in this area of monetising personal data.
The three-year-old Singapore-based Affinidi has developed a digital wallet based on blockchain technology which can be easily integrated into existing government portals, removing the verification responsibility of aviation and airport partners. The wallet also reduces the need for manual verification of health documents. It also verifies Covid-19 test and vaccination results of various credentials formats and standards.