Privacy is gaining importance among consumers in Asia Pacific (Apac) as more business activities and transactions happen online. Three in 10 Apac consumers say a brand’s commitment to consumer data privacy significantly impacts their purchase decision, according to a Forrester Analytics survey.
Yet, Apac businesses’ adoption and maturity of privacy practices are still low. Another Forrester survey reveals that only 18% of marketers in the region believe they are mature in terms of their privacy oversight and process. Also, 59% of businesses only fulfil the minimum requirements to comply with data privacy regulations.
While organisations have much to do to address privacy concerns, adopting the decentralised identity approach can help give ownership and control of data back to consumers.
Junius Ho, chief product officer & founding team member at Affinidi, explains that decentralised identity enables the generation of digital identities without relying on a single service provider.
“At the core of decentralised identity are verifiable credentials (VCs), an open standard for digital credentials that are universally accepted, tamper-evident and privacy-preserving. Examples of verifiable credentials include government IDs, educational degrees and proof of employment,” he says.
“These verifiable credentials are issued and digitally signed by the credential issuers such as governments, universities and employers. They are provided to individuals (identity holders), who interact with them through a digital wallet. Individuals can then share these credentials with service providers to easily access their services,” he adds.
See also: Keys to achieving human-centred automation testing
Benefits of decentralised identity
One way that decentralised identity can help with privacy is by preventing the need to disclose excessive personal information. “Most identities today contain several personal details combined into one format, as seen in Singaporeans’ NRIC. When verification is needed, information beyond what is needed is often disclosed to the other party,” says Zhengkun Wang, senior consultant at Thoughtworks.
He continues: “The decentralised identity approach resolves this overexposure of personal information by allowing the user to gain full control of which information they would like to disclose, with verifiable presentations (VPs) having the capabilities to filter out and select only relevant and required data for disclosure.”
See also: Human element still important for effective mass communication
Decentralised identity can also address the shortfalls of current identity management methods, which tend to use third-party platforms to verify personal details. “For instance, when someone applies for a credit card or a new investment account, the bank will verify the applicant’s salary and CPF contribution details using MyInfo by Singpass. This means MyInfo will be informed of that individual’s personal activities like applying for credit cards or opening new investment accounts,” says Wang.
“With decentralised identity, a tamper-proof digital credential (also known as VC) — which can hold private and confidential information as well as a signature or identity proof from an authorised third party like MyInfo — can be created and also stored on a person’s smartphone.
“When identity verification is needed, the user of the decentralised identity can generate a VP — a compilation of VCs that adheres to the existing, agreed-upon standards. The signature on the VP will then be verified against the corresponding public key that is placed in distributed storage and held by the third party, eliminating the need to communicate and convey sensitive information to the third party,” he explains.
In short, decentralised identity allows consumers to securely store and share information while having control of how their data is being used. “This is a big shift from the existing federated identity and other centralised systems where organisations store and control the way individual customer data is shared and used,” says Ho.
As for companies, Ho states that decentralised identity can provide the trust that customer information is real and accurate, which streamlines the customer onboarding process. Decentralised identity also limits the need to store customer data, enabling organisations to comply with growing privacy, compliance and security legislation.
Real-world applications of decentralised identity
“By giving control and ownership of data to individuals, decentralised identity provides data portability and provable authenticity while preserving privacy. This is a powerful paradigm shift that can drive a broad set of use cases across industries like travel, employment and financial services,” says Ho.
To stay ahead of the latest tech trends, click here for DigitalEdge Section
One organisation that has benefitted from decentralised identity is GoodWorker. Based in India, GoodWorker offers blue-collar workers the best chances of getting work relevant to their skills and aspirations, and helps potential employers find the best talent quickly.
By using the decentralised identity technology provided by Affinidi, workers on the platform can reuse their verifiable identity and employment data — such as proof of employment and salary — to seamlessly access services like banking and loans.
“This crossover between employment and financial services shows the value of data portability. Instead of starting a loan application from scratch, workers can simply share their verified identity and credentials with prospective banks, accelerating the KYC (know-your-customer) process,” shares Ho.
E-commerce players should also consider using decentralised identity as it provides a robust method to verify one’s identity when shopping online.
“With decentralised identity, e-commerce platforms would no longer need to collect and store consumers’ personal details after they make purchases. On top of giving shoppers peace of mind knowing that third-party sites cannot misuse their details, these platforms will also not store personal information longer than is required for the transaction. This reduces the risk of violating increasingly heightened data privacy regulations,” says Wang.
“[Moreover, decentralised identity enables e-commerce platforms] to simply authorise a user by verifying the signature generated by the user’s private key, rather than using the more vulnerable legacy password authentication method,” he adds.
Shifting to a decentralised future
Despite its benefits, decentralised identity has yet to become a norm in Apac. Wang reasons that this is due to the lack of general education among users on using and leveraging the decentralised identity mobile wallet format properly. Such knowledge and basic expertise will be critical in enabling people to effectively use decentralised identity and protect their private keys.
There is also resistance from businesses, such as those which provide third-party identifiers, and also authentication and tracking solutions like cookies, especially in the advertisement and e-commerce sectors.
Another barrier, notes Wang, is the heightened costs in the form of transaction fees incurred when writing to distributed storage, such as the Bitcoin blockchain or Ethereum blockchain. When generating a high volume of decentralised identities, these fees can add up and become cost barriers to entry or implementation.
Governments can help organisations overcome those challenges by first setting up a robust, scalable nationwide decentralised identity infrastructure, advises Wang. The infrastructure should consist of a point-to-point homogeneous node network that stores the mapped relationships between digital identities and decentralised identity documents in a distributed format.
“Credible and established authorities and organisations, like government agencies and institutions, should create decentralised identities on the infrastructure, and issue VCs to users from the general populace. Together with their tech partners, those authorities and institutions can also support and educate the general populace in creating their own decentralised identities and overcome the cost barrier to entry,” says Wang.
He adds: “The publicly issued decentralised identities should also in some way be associated with real-life identities, such as integrating VCs into the MyInfo platform for Singapore. That way, users can leverage their decentralised identity for use across various government services and encourage wider mainstream adoption.”
Organisations also need to do their part by shifting their mindset and committing to open data and open standards. “To make decentralised identities valuable, personal data need to be unlocked and given to individuals so that they can use it across platforms and borders. This will also require shifts in business models, where companies look to retain customers through experience and value delivered, not by keeping switching costs high,” Ho explains.
He continues: “Portability of identities and data will also require the adoption of open data standards, as fragmented standards and formats have created digital borders that limit cross-platform usage. When companies build with open standards, that data can be accepted universally, allowing customers to ‘bring their own data’ and get access to services anywhere. Adopting these standards will take time, so in the interim, supporting multiple standards can provide customers with better experiences.”
Digital identity is increasingly becoming the gateway to access the online systems we rely on for work, entertainment and social activities. However, it does not mean consumers should lose ownership of their data. With decentralised identity, businesses can confidently use accurate and relevant customer data to deliver personalised services while assuring customers that they have control over their identity and data.