Online user privacy is one of the greatest debates of modern times and incredibly complex from any perspective. It has now been eight years since Edward Snowden blew the doors of mass surveillance by big technology companies and forced the world to realize that our data is being collected and used far more extensively than we thought.
While the US and UK governments were familiar with this fact, it was not the case in many European countries. The net result was the General Data Protection Regulation, a far-reaching piece of legislation that puts obligations on every company that processes data for EU citizens, no matter where they are in the world.
This year the GDPR will go into effect for three years and it is difficult to say whether or not it achieved its intended goals. From the big technology point of view, there have been some gains for the users.
A case in point is the recent headlines on WhatsApp announcing changes to the rules requiring users to consent to their data being shared with the owner, Facebook. The move caused an uproar on social media and resulted in the Turkish government launching an antitrust investigation. However, EU users are excluded from the changes due to the protection provided by the GDPR.
It does seem like a relatively small win, however. Privacy campaigners point out that the cookie banners that all Europeans now have to navigate do little to prevent users from leaving traces of data online.
If users have it bad, companies have it worse?
In the meantime, the regulation has put a massive strain on businesses, many of which have resulted in high compliance costs. A 2020 report found that companies spent an average of $ 1.3 million on meeting their GDPR obligations, but less than 50% achieved full compliance.
It is a cruel irony that many companies are often required by law to keep user data as part of their day-to-day business. For example, if you rent a car you will need to show your driver’s license, or if you are staying in a hotel you will need to provide a passport. The GDPR regulates this data for all companies that do business with EU citizens. Even small companies based outside the EU face a compliance burden when offering services within the EU.
According to Concordium CEO Lone Fønss Schrøder, blockchain technologies could provide a much-needed answer to the conundrum between user privacy and corporate obligations under GDPR. In a recent interview, she told Insider Monkey, “Use knowledge-free evidence like in our Global Identity app. [businesses] can alleviate GDPR problems. “How does it work and could it really help companies cope with the demanding challenges of GDPR?
A self-confident identity approach
In recent years, the idea of using blockchain as a platform for a self-sovereign identity has been widely discussed. The same technology that we use to secure and spend Bitcoin can also be applied to personal data. Users can decrypt all data in their individual wallets with a private key, meaning they decide who has access to their information and for what purpose it can be used.
Innovator-in-chief Elon Musk has loudly supported this approach. At the Axel Springer Awards in December, where he spoke about the much-anticipated Starship on Mars project, he stated his belief that everyone should own their data and how it should be used in applications, including artificial intelligence.
Concordium has chosen this self-confident identity approach and integrated it into its platform. Users who want to transact in Concordium-based applications need to turn to a real identity service provider who will verify their ID out of the chain. The provider then uploads knowledge-free evidence to the Concordium platform, which serves as identity assurance for anyone doing business with that person. Several types of ID documentation or attributes can also be assigned to an identity.
For example, a user could have their passport and travel vaccination status checked to take an international flight to a country that requires immunity to Covid-19, yellow fever, or other communicable diseases. The airline would not have to see their documents, but can use the knowledge-free evidence in the Concordium blockchain to check whether they are valid. You could also upload documents such as a rental agreement or utility bill to serve as proof of residence for opening bank accounts or applying for credit.
The platform also operates a fail-safe system to protect companies from a compliance point of view. For example, if the tax authorities issue an ordinance to identify someone who has received banking services or credit, the company can request the services of one of Concordium’s “anonymity revocators”. After reviewing the legal requirement, this party can decrypt the on-chain proof and instruct the identity provider to issue the identification documents. Neither party can identify anyone for themselves, which means that under most normal circumstances users can act confidentially.
For companies, Concordium’s self-confident approach offers the seductive opportunity to operate without having to store sensitive user data. This would relieve them of many of the tedious GDPR obligations.
The question is whether companies are ready to use such technologies. Lone Fønss Schrøder believes that a competitive advantage can be gained for first movers, suggesting that “large companies should develop a sense of fear that they will be missing out”.
She also speaks of her own long executive career in a variety of industries including banking, shipping, and automotive to highlight that we are all always on a learning curve. She talks about how “leaders must be courageous to embrace new innovations” and encourage those in business to “never be afraid to jump into something you may not understand on the surface.”
It’s fair to say that she is living her own advice and leading the launch of a platform that implements an entirely new approach to the idea of digital identity and privacy. Concordium will be rolled out on Mainnet in the coming months. So it will be interesting to see which big companies are among the first to step into this arena.
Image source: Depositphotos.com