Can We Take Back Control of Our Own Data?

Simon Fuglsang Østergaard
FARSIGHT
Published in
5 min readNov 12, 2019

For many years, most of us have tacitly given carte blanche to big companies to let them have our personal data at their disposal. And our data are freely available ‘out there’. Global tech giants such as Amazon, Facebook, and Google, have profited hugely from this. In just a few years, they have grown into the largest corporations by being exceptionally good at gathering and exploiting all sorts of data about us and our behaviour. For this reason, data are spoken of as the most valuable resource of the digital age — ‘the new oil’ — and the value of data continues to grow in a world where every move in the digital realm is recorded, and the number of digital devices grows exponentially.

Some may say that we, collectively, have let the fox guard the henhouse. Because in reality we have inadvertently relinquished control over our digital identities and entrusted the responsibility to global commercial giants, authorities, and other institutions. Hence, it is almost impossible for us to know and control what information is gathered by whom, where it ends up, who has ownership of it, and what it is used for.

While we are still some way from actually altering how our personal data are handled, much more attention has been given to the issue lately. The combination of the countless data-related scandals from commercial actors as well as public authorities, and the recent EU General Data Protection Regulation (GDPR), has contributed to eventually making us realise the importance of the issue in our all-digital world. GDPR is presented as a major milestone in the efforts to give EU citizens more control over their personal data, and create more transparency in the process of allowing the use and sharing of data. For the first time, EU citizens have been granted ‘the right to be forgotten’. The first GDPR penalties have already been handed out, and Google, among others, experienced the consequences as they were presented with a 50 million EUR fine by the French data protection agency in early 2019.

A whole new approach to digital identity

But is it actually feasible to truly regain control over our own identity data? The answer may very well be found in blockchain technology that enables a new way of thinking about data ownership and data use — namely, the concept of self-sovereign identity.

Just like there is no simple explanation of how blockchain technology works, it may be difficult to grasp the concept of self-sovereign identity and the potential impact it may have on society. In brief, the idea is that individuals — and companies, for that matter — become able to manage their own data and thus decide which data should be shared with whom, when, and for how long. You allow your data to be accessed, but you never actually give it away. So in theory, this will enable us to win back the control over our own identity data from third parties.

You allow your data to be accessed, but you never actually give it away. So in theory, this will enable us to win back the control over our own identity data from third parties.

The key lies in the distributed advantages of blockchain technology, and the advanced cryptography behind it. This technology abolishes the need for centralised institutions, such as Facebook, Google, or public authorities to register our personal data separately in their own ‘silos’ — which, by the way, is an inefficient and vulnerable way of doing it. The particular vulnerability of the centralised model, characterised by a single point-of-failure, is clearly illustrated by the many data leaks, and data-misuse cases.

If we are really in control of our own data, we only need to make specific data available to those who need to validate it in a given context so that we can make use of their services. Imagine, for instance, the typical situation of buying a book using Amazon’s platform. Today, Amazon collects a large number of personal data, such as payment details, address and other personal information, before you can place an order. This enables them to link all other sorts of data to your identity. But to sell you a book, Amazon actually only needs to know that you are a real person who is capable of paying. With a self-sovereign identity you will, instead, supply Amazon with a hash — a digital fingerprint — and the system will guarantee that this hash represents a real person who has deposited his or her payment with a payment service. The courier, on the other hand, needs to know your address; this information, however, is irrelevant to Amazon, and you don’t need to share it with them.

This should not be misunderstood as if the basic idea of self-sovereign identity is an anarchistic approach to refuse sharing your data with the powerful and monopolised, centralised actors. On the contrary, the whole point is that you can decide for yourself how much or how little of your personal information you wish to share, and with whom. As an Amazon customer, it might be desirable to share, for instance, data about age, gender, reading preferences, and other behavioural data in exchange for a more simple and tailored service experience. The point is that it is completely up to you. Also, this opens up the possibility that you yourself can sell your data to commercial actors that want to buy them, so that you, rather than the digital giants, will profit from it. Probably, this will also mean that we, as conscious consumers and citizens, will demand much more from the organisations for them to ‘earn’ the right to access our data.

On the contrary, the whole point is that you can decide for yourself how much or how little of your personal information you wish to share, and with whom

Even if actual self-sovereign identity solutions aren’t available yet, developments in this area are happening at a rapid pace. The idea is groundbreaking, and many will find it appealing and intuitive. The fact is, however, that we live in a world where data about our identity and behaviour are mainly handled by big powerful corporations and authorities, and so, the very idea will fundamentally threaten the current balance of power. Nevertheless, it raises an interesting, and not least, existential question: Will our personal data still, in the future, be controlled by centralised, commercial organisations and authorities, or will we see a shift towards a paradigm of self-owned and distributed identities?

Originally published in SCENARIO Magazine

--

--