GDPRGlobal ImpactPersonal Identity Management

Data Privacy Can Save the Planet.

It’s hard for us to imagine what a fully immersed digital life will be like, but for those of us who’ve experienced life before the internet, it’s often hard to explain what that world was like to someone who never experienced that. Calling or walking into a travel agency to book your trip, having your mom break into your call because she needs to use the telephone, getting a printed Triptik booklet from the AAA to map out your drive to Colonial Williamsburg, PA (yes, my family did that), along with restaurants, hotels, and interesting sites along the route, and being completely fine with never knowing the answer to the first names of Gilligan and the Skipper on Gilligan’s Island. It was Willyand Jonas respectively by the way. I’m showing my age, but you get the point.

For the first of us that do cross the immersive digital divide, they will tell the next generation what it was like to experience the internet through mobile phones, installing apps, sifting thru flight, hotel, and rental car prices on travel sites, using email to send messages and attachments, manually entering financial information on a form and uploading tax returns to apply for a mortgage, never really having a complete view of your health records, and even using the Starbucks app to pay for your latte, will all seem just as strange to them.

This will be a revolutionary age, and with revolutions, it has the potential to bring incredible leaps in progress, as well as significant upheaval and disruption.

The Internet 4.0

The Internet 4.0, is going to allow us to visit places we hadn’t previously thought possible, but it also is going to bring us all closer together, a lot closer. Triggered through the advancement of identity verification, digital currency, connected devices, and artificial intelligence, we will be propelled into a new era of innovation, and innovations largely fueled by access to data. And the bulk of that data will be centered around one person, you. Your digital identity will become your greatest asset, an asset that will supersede the value of your home or anything else that you currently own today.

The digital version of you will be just as in touch with the world, if not more, than your physical version. Performing work, social, and personal activities. The personal data that makes up your different personas, even your anonymous ones, will be your reputation(s). If your personal data were to be taken, it would be tantamount to kidnapping.

But before that thunderous wave hits, and it will, shouldn’t we be thinking about how to protect our personal data, our digital identities now?

The Internet 1.0

In 1989, Tim Berners-Lee created the World-Wide-Web, essentially the HTTP protocol, and a partner of his, Robert Cailliau, created the first web-browser. Just two years later, the non-profit Electronic Frontier Foundation was founded to protect individual rights to digital privacy, free speech, and innovation. A year later in 1991, Phil Zimmerman created PGP (Pretty Good Privacy), a protocol to encrypt and ensure the privacy of email messages.

Concerns for privacy and protection of the individual were amongst the first significant movements when it was apparent things were about to change. And while the EFF and PGP were both launched to protect the rights and privacy of individuals, security and privacy have largely been ignored by the general public. Two years later, Marc Andreesen and Eric Bina, developed the first popularized web browser Mosaic, this launched the first wave of the modern internet era as we know it, or what many refer to as the Internet 1.0.

It’s practically taken two decades, to once again recognize the value of personal data privacy.

Insecurity

With the recent exposure of NSA monitoring in 2013 by Ed Snowdenmajor commercial breaches of personal data from some of the largest and most profitable retailers and service providers, global ransomware attacks, and endless ads that seem to chase you all over the internet, a greater insecurity has begun to develop about our personal data and privacy.

Today there are over 4000 data brokers and resellers worldwide, ranging from popular internet companies, like Google and Facebook, to data aggregators like Acxiom, Oracle Data Cloud, Quantcast, and even your local grocery store. Whether you realize it or not, businesses already recognize the value of your data, data brokering is a $200B business worldwide.[1]

Versions of you are packaged up and used to predict what you want and what you might need. In fact, a recent advertising study indicated that anywhere from 18–79% percent of your mobile data consists of ads and identity trackers. Some brokers, like Google and Conversant, can even associate this data with your offline purchases, and other services like LexisNexis buy and sell your state records.

While individuals are clearly concerned as the use of ad blocking technologies is surging, and many are even beginning to limit their usage of social media and other online services due to privacy concerns, most people are simply too overwhelmed with the activities of their daily lives, need social media services to stay connected to friends and family, and/or feel helpless to do anything about it. After all, when was the last time you truly read the terms of agreement of an online product or service?

As the internet becomes more sophisticated and we become even more reliant on its services, continuing our current path, never knowing who is really monitoring and monetizing us, and for what reason, will not only significantly hinder our personal lives, but has the potential to create a xenophobic and chaotic world.

The solution, I believe, is to demonstrate that incorporating individual data privacy is not only good for the individual, but for corporations, governments, everyone.

The Power of Digital Identity

The United Nations considers digital identity as a platform for social and economic opportunity.

According to the UN, one in six people on the planet (1.25B), has no form of officially recognized identity. This past June, at the ID2020 summit, with the backing of governments, technology firms, and academia, the UN passed a resolution to provide these individuals a form of verifiable digital identity by 2030. A pilot is planned for 2020.

In the digitally immersed world, a verifiable identity will enable activities like the ability to form contracts, conduct commerce, utilize public services, healthcare, travel, and trusted communications. For this to be truly effective and trustful, identity and data verifications need to be performed without having to rely on central authorities like a banks, governments, and internet behemoths that rhyme with frugal.

Some relatively nascent technologies already have shown some promise in this field. Organizations like Sovrin are creating networks to confirm identity by attestation. i.e. you have a degree from Harvard because Harvard’s digital identity confirms it. Digital currency platforms like Bitcoin, can conduct peer-to-peer digital asset exchange without the need for banks. Bitcoin and Sovrin’s secret, is that they are built on a technology called blockchain. Combining mathematics, cryptography, and consensus, personal identity and asset exchange can be determined without the need for a central authority. Copies of each valid transaction are distributed globally across thousands of nodes. Any attempt to change an existing transaction, results in a mathematical error and additionally won’t match the other copies, thus preventing any tampering.

Within centralized systems like banks, you have a $100, because it’s on the banks central ledger, and the bank says you have $100. In blockchain decentralized systems, we know you have a $100 because enough nodes (copies of the ledger) on the blockchain agree you have $100. This is also known as consensus and what eliminates the need for a central authority.

Ok, everyone can breathe now, the techy stuff is over.

Whether it’s a diamond or your personal data, individuals could then easily share, sell, and exchange assets associated with a proven identity to another proven identity. While some applications may require that the individual prove who they are, like exchanging diamonds, some may only require the individual prove they own the asset, but remain anonymous, like exchanging bitcoin or sharing your personal data.

Consider some of the significant global issues we face today that could be addressed with these kinds of capabilities. Assisting displaced refugees, managing health epidemics, voting validation, helping the bankless out of poverty, and potentially, the enablement of global energy management. Not to mention, filling out your taxes, applying for mortgages, and finally getting a complete view of your health records.

I may be overly optimistic, especially that part about your taxes, but you can quickly begin to see the possibilities of independent identity verification and peer to peer asset exchange.

Data Privacy is Identity Sovereignty

But having identity verification and peer to peer asset exchange is not enough, without the implementation of a data privacy framework, we still face the issue of not having control over what recipients of our data might do with it, who they may share it with, and what they might do with it. In addition to our name, address and social security number, this would also include personal data like your location, browsing and shopping history, health data, and even multimedia with you in it.

Fundamentally, we need sovereignty of our own identities. The ability to choose what part of us is seen, by who, and when. In addition to being plugged-in and connected to everyone, we need the ability to unplug when we want to as well.

The good news, is more than 120 governments around the world have already implemented personal data privacy regulations and 30 more are expected to join over the next two years. [2]

When it comes to data privacy, the EU has set the gold standard with the General Data Protection Regulation or GDPR. The GDPR regulations set guidelines regarding how any organization that handle the personal data of EU citizens, online or offline, must ensure clear consent of its use, the security of your data, the right to have a copy of it, and the right to have it corrected or removed if necessary. Enforcement will begin as soon as May 2018. Non-compliance can result in fines of up to $22M USD or 4% of annual revenue, whichever is higher. This not only affects EU businesses but any business, in any country, that handles the personal data of EU customers, clients, and employees, this includes the US.

Several countries, including the US, have data privacy laws in various forms, but they are still lagging when it comes to applying data privacy at the level of the GDPR.

End of the Tour

Gosh darn, you’re almost there, you can do it!

With the advancement of technologies like artificial intelligence, connected devices, and decentralized services for identity and asset exchange, the Internet 4.0 of digital immersion is coming. We are going to be more connected to everyone and everything.

This can be a very scary proposition, but if managed appropriately, the pieces are also there to create an incredible and fulfilling world for everyone. In this new era, we need to recognize the sovereignty of our own identities by putting more focus on the security and privacy of the individual.

This all begins with personal data privacy. The EU is leading the way with the GDPR, but a lot more work lies ahead. If we want the ability to leave and return to our personal islands, and on our own volition, it’s up to us to continue advocating for modern privacy frameworks and technologies.

If you are interested in learning more about personal identity security and technologies, feel free to connect with us.

Footnotes:

1: https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/

2: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2993035