1 Introduction
Privacy of an individual’s digital identity data is becoming one of the critical issues of our modern times for both the individual that would like to keep their identity data private and for the organizations that collect and maintains that same individual’s information.
Privacy laws, regulations, and initiatives are proliferating to address the growing concerns over the use and control over personal data. The European Union’s General Data Protection Regulation (GDPR), seen mostly in the headline in recent times, gives Europeans the right to control their personal information collected by organizations. In other parts of the world other, the Asia-Pacific Economic Cooperation (APEC) initiated Cross-Border Privacy Rules (CBPR) which focuses on building trust between consumers and organization as individual’s data flows between APEC economies. This is accomplished by requiring participating APEC organizations to implement data privacy policies that conform to the APEC Privacy Framework. Also, in the US, personal data breaches such as at Experian and the Facebook - Cambridge Analytica scandal are compelling legislators in individual states to implement their data privacy laws. The state of Vermont passed a law that requires data brokers to register with the government, inform people on how to opt-out, what is collected and when their data has been breached, as well as giving individuals legal recourse when their data has been abused. The state of California is going further by introducing new rights for consumers regarding the privacy and use of their data. The California Consumer Privacy Act was recently enacted and will take effect in 2020. It’s anticipated that growing momentum for individual data privacy will eventually lead to a more uniform law at the federal level to provide consistency across all states sometime in the distant future.
In some cases, organizations are required to comply with the Know Your Customer (KYC) by verifying identities as well as monitoring for potential risks of illegal uses of business relationships, and the Anti-Money Laundering (AML) initiative to detect and report money laundering activities. Both cases would require knowing something about the user.
For organizations that must comply with these laws and regulations, they are faced with new challenges and compliance risks. They must now be careful about what personal data they collect, monitor the accuracy of the information and ensuring that its only used for purposes relevant to the organization’s true needs and no further. They also must incur the cost of proof of compliance through documentation and periodic reviews. Failure to comply can lead to fines and damage to the organization’s reputation.
A self-sovereign identity allows an individual to have a verifiable credential in a safe way that maintains their privacy. Individuals can create and maintain that identity giving them full control over data they provide when used. The information an individual provides (attribute claims) can be verified by an organization that the person has a trust relationship with. This self-sovereign identity provides value to the individual in that they are given an accessible place to store their identity, are given complete control over the data they provide and gives them privacy.
Organizations can also benefit from self-sovereign identities. They provide value to the organization by not having to validate the individual since they are already validated by another trusted organization such as a bank or government. Another benefit is that the organization does not need to manage the individuals credential saving cost and risk to the organization.
Features of a self-sovereign identity solutions should include:
- Usability in onboarding, verifying user claims, and managing data
- Privacy ensuring the platform is secure and providing control & granularity on what data is accessible
- Economic incentives to both individuals and business to make it worthwhile for all
- Governance of the platform to instill trust to all participants
Sphere Identity provides a blockchain-based self-sovereign identity platform that aims to meet the needs of both the individual and the organization. Sphere Identity is headquartered in Auckland, New Zealand with an office in Singapore and Tbilisi, Georgia. Their target market is the E-Commerce industry in the geographic areas of Asia, the middle east, and eastern Europe.