Your Personal Data and Digital Identity
What is Digital Identity? At its simplest, it’s you. In a digital format. If you have a driving licence, health-card, or passport, those are all variations of you, for specific purposes. All them are used to identify you under specific criteria. What do they all have in common? You!
You and you personal data are the key criteria for the information they use in those various forms of ID. What is included in your identity? Sex, age, income, where you live, also in the digital age, opinions and other attributes (from surveys to twitter posts etc), all make up your identity. This information is collectively used to create a picture of who you are, what you like and how you live, among other things. This information is provided to various data consumers (organizations, employers, not-for-profits, financial institutions etc). The information can be as broad or as narrow as they need it to be. In today’s hyper connected world, where everyone seems to be using and aggregating your identity (including such innocuous information as meta data, from your posted photographs, for instance), whether directly or indirectly, what are you getting from it?
This means that the relationship between personal data and your digital identity is growing. It’s growing quickly and evolving everyday in the what and how that data is collected. This should raise a level of concern, not simply for the individual, but also for the corporations accessing and using this data. Ultimately, it’s your data. You own it. In the past many individuals have simply agreed to the End-User License Agreement (EULA) without reading it, and it has given organizations a great deal of power over the individual. However, with new legislation and new technology, the idea of self-sovereignty of data is becoming more and more important. Safe-guarding that data is critical!
the relationship between personal data and your digital ientity is growing
With the amount of data breaches, hacks etc that we hear about daily, companies are concerned over the data that they are meant to be safe-keeping on behalf of the customer. Why is this happening so frequently? The inherent value of personal data! Your personal data is valuable, not just for the access to a bank account. But, rather, for false identification of all kinds. This should be an indication of how valuable the consumer data is.
A new European privacy regulation called the General Data Protection Regulation (GDPR) came into force in May, 2018. If you are a business that is selling and / or storing personal information you need to understand what you have and how to protect it. The goal of GDPR is to give individuals more control over their data. Likewise, it requires organizations to be more conscientious about how they use that personal data. How it’s collected, and how it’s monetized.
Under GDPR individuals have the right to obtain information on how their data is being used, specifically, the what, where and how. As well, under GDPR, individuals have the right to a copy of their personal data. How it’s stored, processed etc. It’s available free of charge in an electronic format. You are also provided with the right to opt out of marketing material. Which means that organizations must keep strict and auditable records of their interactions with their new and existing customers.
It is clear that the GDPR will impact [European] businesses, globally it has already had an impact on the internet as a whole, since all sites now must put up GDPR notices. Nothing is done in a silo anymore. Therefore, for all intents and purposes, any business that does or intends to do business in the EU must comply with GDPR, regardless of the the country of origin.
While GDPR may be seen as an obstacle or a hindrance by some, it can be used by organizations to really increase the level of trust between the organization and customers. In environments where hacks and data breaches are happening daily, trust is more important than ever. If, we as customers, are going to provide an organization with our private data, we need to trust that that data is not being abused and is being safeguarded. That is where privid comes into the picture.
Digital Media and Advertising in the age of GDPR
Traditional advertising spend will stay more or less flat, while digital will continue to grow steadily. This means that it is more important than ever for the consumer to know how their personal data is being used, and by whom. Since more of our lives are taking place online, daily interactions, with friends, colleagues, financial institutions, media companies etc. it is more important now to control and safe-guard your personal data through self-sovereignty.
With more and more people online everyday, using all manner of apps on their phones, their computers, tablets and smart tv’s, not to mention the vast amounts of data collected by financial and government agencies, marketers etc.. This doesn’t even begin to take into account the trillions of transactions that happen daily through VISA, MasterCard, AMEX, VISA Debit, Debit etc. all of which are recorded, all of which are processed and all of which is your personal data, and all of which is monetized by everyone, except the data provider (you), unless it’s to market something to them. Our belief is that it’s your data. You should not be the only entity to not profit from it, and you should be in charge of how it’s used by others. Not simply as a passive entity to whom products are being marketed.
And the transactions per internet minute will continue to grow and aggregate. In 2013 all data created reached 4 ZetaBytes of data. Since that time we have seen a 13x increase (at the time of this writing) in connected devices and creating even more data (from F2B 506 COURSE Internet of Things, Social Media & Semantic Web).
Where does your personal data sit in this space? How can you safe-guard that data, and how can you maintain self-sovereignty over that data? GDPR is a big help. We can help even further, with our privid system. We provide a save and transparent way for your transactions, and for you to receive a benefit from those same transactions.
As an example:
You are at home, and you realize that you have not had a romantic weekend away. You look up hotels that you want to go to, using our secure privid system, they have your information on hand, as they also subscribe to our privid system, you have their information, and are satisfied that they will use your information only to the extent you have pre-approved for them. The hotel, in turn, provides you the level of service pre-agreed upon based on your security preferences around your personal data. The fees are electronically negotiated based on the information exchange. You receive a booking confirmation with your preferences. They receive payment. All you need to do is show up. Knowing that the data and its use are secured and used only in accordance to the agreed upon measures. You are comfortable that your personal data is secure. They are happy to provide a repeat customer with a great reputation excellent service.
However, there is also considerable pushback from consumers. With consumers avoiding ads or complaining about the relevance or prevalence of them, or even installing adblockers to prevent the pop-ups and pop-unders. There is a great deal of fatigue around the ads that are showing up. To be fair to advertisers, it is also consumer behaviour and their filling out of forms online, without thinking about the consequences of providing the information. Ultimately, there is fault on both sides. With GDPR, there is a level of responsibility on the part of the data provider and the data consumer.
Privid was founded in 2018 in Canada, and we were clear about our mission: to provide a safe, secure and trusted platform to empower consumer and allow them to control their personal data. We are currently working with organizations and governments to safeguard digital identities of citizens. We are developing a platform where safeguarding personal data and allowing for the maintenance of self-sovereignty is key. We are backed by the security of blockchain and we use a decentralized process that allows consumers control over their data. This is especially crucial in the EU with the advent of GDPR, but in other jurisdictions as well, where GDPR is not as well known but it will be the basis for similar legislation. A pilot project will be in place within the next 8 months. Our head office is located in Czechia and our R&D is located in Czechia and Canada.
PrivID, an Overview
PrivID is the next generation of the digital identity platform. The entire system will consist of a mobile wallet for ease of management of the users personal data, along with a web application for the data consumer to buy and access that data. Users and data consumers, become the stakeholders, and will be able to add data, request data for third parties, verify data, and manage their privacy settings. These settings will be used to purchase services via our system and will allow the user to not only control what and how their personal data is seen and used, but they will have the ability to monetize it based on their preferences.
Since consumers are not just one thing, there will be the ability to assume multiple identities and instances. All of which are controlled by the user. NOTE: all data is verified and correct, when we discuss the assumption of multiple identities we are discussing how the individual consumer appears to the data consumer via credit card transactions, social media interactions, interactions with data consumers directly etc.
Safeguarding your data
As a decentralized application (dApp)* that interacts with a users personal data, we take security and privacy very seriously. It’s the backbone of the privid system. Data will be stored on your local device using state of the art encryption and the application will also use multiple authentication factors to make sure your data is locked.
How would the process work?
From the data consumers perspective, the process is not that different from what they do now, however, there are significant differences from the users viewpoint:
- Privid will not be able to access, read or collect information that is contained in the users app (wallet)
- Companies that are conducting polls or surveys will not need users identities, for polls and surveys
- In fact, under these conditions they will be more effective and less biased
The revenue model will function under the following parameters:
- The nature and reliability of the data contained in the app (wallet - refer to our modular tiered system)
- The settings are set by the user (for sharing of data, again, based on the tiered system)
- The datasets are bid on and perceived by the data consumers
Blockchain / Distributed Ledgers (Optional)
Blockchain is a proven technology that uses blocks that are linked together in a chain. Each block is locked using cryptography, and each block builds upon the previous block. These form what is called a blockchain ledger. Each block has a specific validation attributed to it, making it secure, unalterable and irrevocable. And if by chance it is accessed our safety and authentication protocols ensure that nothing can be seen by anyone, except you.
Smart contracts (invented by Nick Szabo) is a computer protocol that is used to verify, enforce or facilitate the negotiation or performance of a contract. The benefit of this approach is that smart contracts allow for a pseudo-anonymous transaction to take place, therefore privacy is ensured.
To provide optimal privacy there are numerous options. Zero-Knowledge Protocol* technology (ZKP), it is a cryptographic technique that allows for two parties to prove that something is true without revealing what they know or who they are, maintaining complete anonymity. Privid uses this technology and makes it scalable, as well we monitor developments in this and other areas of cryptography to ensure seamless integration of the best and most optimal methods to ensure your privacy.
We will be using linux / unix based operating systems for all of our technologies (this includes LINUX, MacOS, Android, iOS etc), to protect against outside hacks windows clients will access the system via a secure channel. With our PrivID Authentication Protocol (PAP) your data is safe.