Reclaiming our digital identity

People and enterprises often don’t pay attention to data protection until it’s too late, when a large public hack occurs, or their own data has been compromised.

Data Protection Day is important because it raises global awareness across all parties about how data can be secured and permissioned, how it’s being used, and by whom. It also allows us to talk about new technologies like blockchain that is not only providing new ways to protect our data, but shifting a larger paradigm about how users can control, manage and share their data. 

To understand how we got here, it’s important to look back. The World Wide Web of the 1990s was a place where we took our books, our research and our lives online for easy retrieval: encyclopedias, medical records, and entire libraries. Slowly, Internet browsers improved, and we developed from the “Read Web” to the “Read-Write Web,” also known as Web 2.0. 

Posting, tweeting, liking, commenting, and clapping all joined the lexicon of internet interaction. Everyday users became creators of trillions of rows of data, by simply telling a company, like Facebook, what they “liked”. And quietly—almost imperceptibly—as Web 2.0 grew users lost control of their digital identity which is now scattered all over the Internet. Even worse, tech giants are now tracking users’ behaviour on and offline, without active consent or knowledge.

The EU General Data Protection Regulation (GDPR) was a great step in data privacy regulation, and recognised that major updates were needed to reshape the way data is handled. 

Last February, the EU Blockchain Observatory and Forum was launched as an initiative to accelerate blockchain innovation and the development of the blockchain ecosystem within the EU by developing a knowledge repository with reports on topics such as Blockchain and the General Data Protection Regulation and Government Services and Digital Identity. We’re seeing interest from the public sector in data protection turn into a commitment to explore the different technologies that can enable governments and their people to take back ownership of personal data without compromising security and accessibility. 

Blockchain technology is allowing us to build a new internet on distributed systems, commonly referred to as Web 3.0. Web 3.0 represents a new way of organising internet data. On blockchain networks like Ethereum, user data is owned by users and permissioned to platforms who hope to provide value. We call this idea of enabling data ownership and protection: self-sovereign identity.  

Whereas Web 2.0 is privatised and monopolised, Web 3.0, enabled by blockchain, will be pro-privacy and anti-monopoly—it’s about multiple profit centers sharing value across an open network.

Self-sovereign identity is still in its early days, but it is more than just an idea. Working solutions already exist, such as the city of Zug in Switzerland to offer Ethereum-based digital identities as an option to residents, or the Swiss Federal Railway, which recently piloted the use of self-sovereign identity in tracking the credentials of its contractors and employees.  

No single entity controls access to your information. Instead of all your information being stored on a Google server, for instance, tens of thousands of computers will cryptographically provide security, privacy and inexpensive storage, and enable you to fully retain ownership of the digital trails of personal information you currently leave throughout the internet every day.

In this new paradigm, a self-sovereign identity system can give you access to your entire digital identity. “Pushing” your data to trusted sources could become the norm, instead of “pulling” your information from the platforms who own it today.