Reclaiming our digital identity

(Image credit: Image Credit: ar130405 / Pixabay)

As recent elections around the world have shown, information warfare is very effective. Data and personal information has long been a product sold by tech giants, much before psychographic data could be compiled to tilt elections.

The problem? Our digital identity and associated data is not our own. As a result, we are vulnerable to the machinations of the owners.  

So on Data Protection Day 2019, how can we move forward? We spoke with Alice Nawfal at uPort, ConsenSys’ self-sovereign identity platform, to find out how blockchain technology can protect our data and online identity.

If our digital identity is not our own, why are initiatives like Data Protection Day important?

People and enterprises often don’t pay attention to data protection until it’s too late, when a large public hack occurs, or their own data has been compromised.

Data Protection Day is important because it raises global awareness across all parties about how data can be secured and permissioned, how it’s being used, and by whom. It also allows us to talk about new technologies like blockchain that is not only providing new ways to protect our data, but shifting a larger paradigm about how users can control, manage and share their data. 

(Image credit: Image Credit: Alexskopje / Shutterstock)

How did we lose control of our data in the first place?

To understand how we got here, it’s important to look back. The World Wide Web of the 1990s was a place where we took our books, our research and our lives online for easy retrieval: encyclopedias, medical records, and entire libraries. Slowly, Internet browsers improved, and we developed from the “Read Web” to the “Read-Write Web,” also known as Web 2.0. 

Posting, tweeting, liking, commenting, and clapping all joined the lexicon of internet interaction. Everyday users became creators of trillions of rows of data, by simply telling a company, like Facebook, what they “liked”. And quietly—almost imperceptibly—as Web 2.0 grew users lost control of their digital identity which is now scattered all over the Internet. Even worse, tech giants are now tracking users’ behaviour on and offline, without active consent or knowledge.

What are governments doing about this?

The EU General Data Protection Regulation (GDPR) was a great step in data privacy regulation, and recognised that major updates were needed to reshape the way data is handled. 

Last February, the EU Blockchain Observatory and Forum was launched as an initiative to accelerate blockchain innovation and the development of the blockchain ecosystem within the EU by developing a knowledge repository with reports on topics such as Blockchain and the General Data Protection Regulation and Government Services and Digital Identity. We’re seeing interest from the public sector in data protection turn into a commitment to explore the different technologies that can enable governments and their people to take back ownership of personal data without compromising security and accessibility. 

(Image credit: Image Credit: Zapp2Photo / Shutterstock)

Where does blockchain fit in?

Blockchain technology is allowing us to build a new internet on distributed systems, commonly referred to as Web 3.0. Web 3.0 represents a new way of organising internet data. On blockchain networks like Ethereum, user data is owned by users and permissioned to platforms who hope to provide value. We call this idea of enabling data ownership and protection: self-sovereign identity.  

Whereas Web 2.0 is privatised and monopolised, Web 3.0, enabled by blockchain, will be pro-privacy and anti-monopoly—it’s about multiple profit centers sharing value across an open network.

Self-sovereign identity is still in its early days, but it is more than just an idea. Working solutions already exist, such as the city of Zug in Switzerland to offer Ethereum-based digital identities as an option to residents, or the Swiss Federal Railway, which recently piloted the use of self-sovereign identity in tracking the credentials of its contractors and employees.  

And more simply?

No single entity controls access to your information. Instead of all your information being stored on a Google server, for instance, tens of thousands of computers will cryptographically provide security, privacy and inexpensive storage, and enable you to fully retain ownership of the digital trails of personal information you currently leave throughout the internet every day.

In this new paradigm, a self-sovereign identity system can give you access to your entire digital identity. “Pushing” your data to trusted sources could become the norm, instead of “pulling” your information from the platforms who own it today.