Online Data Privacy Is Broken. Here’s How We Fix It.

Every day, the world produces 2.5 quintillion bytes of data – a near-unfathomable number that is only expected to increase as digital transformation takes hold across the globe. This vast trove of data presents a keen opportunity for companies looking to learn more about their customers, and it’s this focus on personalization that dominates the debate around big data in business.

Concerns about data privacy go hand in hand with this drive toward gathering information. In 2018, third-party firms spent over $19 billion dollars on consumer data, “undeterred by concerns about regulation and data quality,” according to an industry report. The following year, Equifax was ordered to pay as much as $700 million over their 2017 data breach. The largest leak of its kind has thus far resulted in little change – our data remains siloed across databases owned and accessed by hundreds of companies and data brokers.

We also live in an era of digital feudalism. The major tech companies and search engines have access to vast troves of our data, handed over with little more than an ‘allow cookies’ pop-up. The ubiquitous collection of this data – which is typically used for personalized ads and market research – has already led to major breaches. As the amount of data available increases, the likelihood of another Equifax or Cambridge Analytica leak only increases.

The cure for this illness at the heart of our data collection has a name: Self-sovereign identity, or SSI for short.

Data rights in a digital world

The concept of a self-sovereign identity has been gaining intense interest from identity specialists, security architects, and privacy advocates as blockchain technology has become mainstream. In essence, SSI enables users to selectively prove specific aspects of their identity using digital credentials, which they store securely in their own digital wallet—just like the paper or plastic credentials in our real wallets—and which are only ever shared directly by the user.

It’s like using a driver’s license to verify your age or a passport to show you’re legally allowed to fly; except with SSI, you only need to show exactly the information the other party needs and nothing more. The digital credential is signed using a cryptographic key pair that anyone can verify by looking up the public key on a blockchain ledger. This approach allows any trusted institution—such as governments, banks, universities, or employers—to issue and maintain their own credentials for use by its citizens and customers.

This is a paradigm shift in the way we handle identity online. Consider the current state of our logins. You’ve likely created hundreds of accounts across various websites and applications. Each one may include other personal information, such as your age, gender, address, or social security number. This data—which often is not actually needed to provide the service—is stored indefinitely on an unspecified server and often shared with advertisers and other parties with a financial interest in your information. Since this personal data is exactly the information an identity thief needs to impersonate you, one breached account could lead to serious consequences, particularly when we reuse passwords or store credit card information in these accounts.

Some companies have touted a more transparent approach to data collection in the name of GDPR or CCPA compliance, but it is not enough. A Pew Research study found that 81% of Americans feel they have little to no control over their online data. Moreover, the same percentage of survey respondents believed that the risks created by data collection outweighed the benefits. Real change is necessary to create a future where privacy is respected and consumers feel reassured.