Who Owns Your Identity?

identity, biometric dataIn the era of digital identities, our personal data is strewn about the Internet. We regularly divulge details about our private lives on social media, from those “Nine truths and a lie” quizzes to sharing our location with our friends. Beyond social media, a basic image search can nearly always bring up a clear headshot of anyone. Even the personal information we think is kept private, from which bank we use to the answers to our security questions, can almost always be uncovered with a little sleuthing or hacking.

As we “readily” share all of this data on the web, we need to ask ourselves, who is really in control of your identity? Even beyond that, we have to consider who we are authorizing to represent us on the Internet. Google, Facebook, Twitter, and a few other companies have even set themselves up as identity providers. Every time you’ve clicked “Login using Facebook” on a third-party website, you’ve authorized Facebook to represent you online. But they aren’t just sharing your data in a way you can see, they’re also selling it in ways you can’t. And you’re not the one reaping the profits. So an even better question might be, who really owns your identity.

Well, the answer might surprise you because, in reality, no one does. Including you.

Right now, there are no clear and concise guidelines for digital identity. The EU is making strong progress toward developing some with the General Data Protection Regulation (GDPR), which gives individuals (in the EU) much more control and visibility over the private information they share about themselves to companies. But until we have a hard standard for digital identity, no one will ever truly own their own identity online.

There are ways to approach this problem though. The consensus of the identity community is that you should own your identity credentials and have sovereign control over the collection, storage, and dissemination of personal identifiable information about yourself. This is known as self-sovereign identity (SSI), but implementing SSI is a difficult problem that involves incentives, standards, governments, industry, and technology all coming together.

Some believe that the current way of life on the Internet is the way it will always be, but history shows the folly of such thoughts and the power of disruptive innovation. Digital identity is ripe for such disruption over the next decade, and we need to be ready to take the reins of our own data.

Watch our webinar, “Understanding GDPR: Myths & Reality of Compliance,” to learn how GDPR will affect the collection and storage of biometric data.