Trust in the digital age is broken. Can you remember the last time you got insurance or bought something directly from a private person from another EU country to yours? Or when was the last time you signed a contract or gave a power of attorney online? The chances are that you rarely have. Although our private and business lives have become increasingly digital, we still seem to lack mechanisms to conduct these common interactions online. The underlying reason for this is that the internet was not built with trusted interactions in mind.
As the amount of data generated by people, organisations and devices continues to grow at an exponential pace – the IDC predicts a ten-fold increase in data generated from now to 2025 – it is becoming essential that we have practical means to manage and share our data. The regulators in Europe have reacted to this need by launching regulatory initiatives such as Payment Services Directive (PSD2), General Data Protection Regulation (GDPR) and ePrivacy directive, which share the common ambition of empowering EU citizens to gain control over their data and share it.
Data verifiability remains an issue in digital interactions
GDPR and PSD2 regulations are significant steps to the right direction of providing identity holders control over their data. As such, they will fuel disruption in the digital industry by opening existing data silos. While gaining access to data is a necessity for opening up competition, more is required. The key issue in data portability is not only that data is shareable, but also that the data retains its verifiability. Just imagine receiving a power of attorney digitally but not being able to prove its validity, or if it was actually given by someone with authority. Clearly verifiability is the crucial element that retains the value of data.
MyData and the new decentralised Internet hold promise for solving the trust problem
Recently, a Nordic model for human-centred personal data management and processing called MyData has raised thoughts about how data could be managed by proposing a new identity owner centric approach in exchanging data. In this concept the identity owner becomes the point of integration and can grant services the authority to access and use data. Until recently we have lacked practical scalable solutions to implement MyData principles in practice.
The emergence of decentralised solutions, such as blockchain and other distributed ledger technologies (DLT), have given rise to new types of ecosystems where businesses, public organisations and individuals can form trust relationships without involving middlemen. These decentralised solutions hold also great promise for solving the identity and integrity issues prevalent in sharing and trusting on data.
Decentralised identity network can deliver the internet’s missing identity layer
One of the most promising initiatives aiming to solve the challenge of being able exchange and control data according to MyData principles is Sovrin. Sovrin is a global, decentralised identity network that delivers the Internet’s missing identity layer. Sovrin allows people and organisations to create portable, digital identities which they themselves control.
In Sovrin, the identity holder forms secure digital connections with entities (organisations, individuals or things) that can provide information about the identity holder. This information can literally be anything such as a name, government ID, address, power of attorney, drivers licence, health information, university degree etc. This verifiable data can then be shared by the identity holder to a party that requires these proofs. This provides for all kinds of rich digital interactions: Know-Your-Customer, contract and transaction signing (B2B, B2C, G2C), permits, insurance claim, job application and so on.
Decentralised identity helps guard personal data whilst improving customer insight
As global digitalisation moves forward, we have witnessed tremendous increase in hacks and personal data breaches that cripple businesses. One of the biggest breaches lately being the infamous Equifax breach from 2017, where more than 145 million people were exposed to identity theft.
Handling customer data is clearly a huge risk for organisations, but at the same time it is the cornerstone of customer relationships and business critical operations. How can organisations then maintain a holistic view on their customers without exposing themselves to increasing risks and regulatory pressures? This is actually one of the goals of GDPR: to make organisations rethink how to handle customer information. And this is exactly what solutions such as Sovrin allows them to do – a new approach to data management that enables organisations improve their customer insight whilst lowering the risk of data breaches.
Blockchain accelerates the creation of collaborative ecosystem solutions
One of the reasons why blockchain technology has received significant interest in a short time is that it has the potential to transform existing trust models and how personal data is handled. Instead of relying on centralised trust providers or bilateral arrangements, we now have the tools required to establish trust as a protocol.
The fundamental difference between blockchain-enabled solutions and traditional applications is the necessity for ecosystem collaboration. Whilst public blockchains such as Bitcoin and Ethereum hold great promise, they have certain features which, at the moment, make them risky for enterprise use. These include high volatility of transaction fees, unpredictable governance models and scalability. Due to these reasons enterprises are adopting so called consortium blockchains. In consortium blockchains the access to the network is restricted to known and trusted entities who conform to mutually agreed rules. This has accelerated the creation of new types of collaborative ecosystem projects within the areas of financial services, supply chain and identity to name few.
Finland as the testbed for the next generation collaborative ecosystems
The dawn of distributed trust solutions provide Finland a unique opportunity to act as thought leader and testbed for new types of collaborative trust ecosystems. In addition being the initiator of MyData initiative, Finland is a relatively small but technologically advanced country with high level of collaboration across and within industry sectors.
With this in mind, it is no wonder that there are already several projects ongoing where Sovrin-based decentralised solutions are being explored and developed – one such example being the TrustNet project. TrustNet is a research project that focuses on developing a blockchain-based distributed environment for personal data management according to MyData principles. The partners representing several industry sectors trust that distributed ledger technology-based identities and MyData services can deliver significant competitive advantages to Finnish organisations.
We have so far lacked ubiquitous means to identify people and organisations online as well as to verify the validity of shared information. With the help of distributed ledger technologies there are finally tools required to establish trust as a protocol. One of the most promising initiatives aiming to deliver the Internet’s missing identity layer is Sovrin – a global, decentralised identity network that allows people and organisations to create portable, digital identities which they themselves control.
The emergence of distributed solutions provide Finland an opportunity to act as pioneer for implementing MyData principles in practice. One such initiative is the TrustNet project where the project partners believe that blockchain-based MyData solutions can deliver significant competitive advantages to Finnish organisations.
Antti Kettunen is a MyData evangelist and Solution Consultant in Tieto’s Blockchain Solutions unit, where he helps Tieto’s customers pursue opportunities enabled by distributed technologies.