Borrowed most of this into my post (nbr 350 btw) from a paper by Markus Hautala and Antti Kettunen at Tieto. "...

Trust in the digital age is broken. Can you remember the last time you got insurance or bought something from a private person from another EU country to yours? Or when was the last time you signed a contract or gave a power of attorney online? The chances are that you rarely have. Although our private and business lives have become increasingly digital, we still seem to lack mechanisms to conduct these common interactions online. The underlying reason, of course, is that the internet was not built with trusted interactions in mind. Online nobody can verify what you say or the information you share is true.

As the amount of data generated by people, organisations and devices continue to grow at an exponential pace – the IDC predicts a ten-fold increase in data generated from now to 2025 – it is becoming essential that we have practical means to manage and share our data. The regulators in Europe have also reacted to this need by launching regulatory initiatives such as Payment Services Directive (PSD2), General Data Protection Regulation (GDPR) and ePrivacy directive, which share the common ambition of empowering citizens to have access to their data as well as being able to control and share it. Through these initiatives, the EU aims to actively enforce data protection rules and create a fairer platform for data protection, that supports consumers and businesses whilst promoting innovation.

Data verifiability remains an issue in digital interactions

GDPR and PSD2 regulations are significant steps to the right direction of providing identity holders access and control over their data. Both focus on enabling data portability, with the goal of enabling new digital business innovations. As such, they will fuel disruption in the digital industry by opening existing data silos by allowing customers to migrate their data to a new service provider. As Erkki Poutiainen, chairman of the EBA Clearing Board mentions, PSD2 together with new technology can revolutionise the payment landscape and even banking as we know it.

While gaining access to data is a necessity for opening up competition, more is required. The key issue in data portability is not only that data is shareable, but also that the data retains its verifiability. Just imagine receiving a power of attorney digitally but not being able to prove its validity. Clearly, verifiability is the crucial element that retains the value of data and as such is of critical importance.

Digital identities for people and organisations, as well as verifiable data, are the fundamentals needed for digital trust interactions. Portable digital identity and data will enable us to create an equal and inclusive society by allowing anyone to participate in the new economy.

MyData and the new decentralised internet hold promise for solving the trust problem

Recently, a Nordic model for human-centred personal data management and processing called MyData has raised thoughts about how data could be managed with identity owner at the centre. MyData brings a fundamental change in how we view and use data. It is an ideology, driven by three main principles of:

• Identity owner centric control and privacy;
• Usable data. Data must be technically easy to access in a machine readable open format accessible via standardised interfaces and;
• Open business environment. MyData proposes a new identity owner centric approach in exchanging data. In this concept the identity owner has a single hub for data management. Via the hub the identity owner can give services the authority to access and use data.

A key prerequisite for all the regulations and models to become truly effective – is that a new infrastructure paradigm for managing identities and sharing verifiable data is needed. Even if every person and organisation has an identity, we still fail to replicate this online. This is mainly due to identities being fragmented over various data silos. MyData and the regulations aim to remove the silos, but this is still not enough, since they don’t provide the infrastructure which would foster true collaboration and competition, that are needed for the market to grow.

The rise of decentralised solutions, such as blockchain and other distributed ledger technologies (DLT), have given rise to new types of ecosystems where businesses, public organisations and individuals can form trust relationships without involving middlemen. These decentralised solutions hold also great promise for solving the identity and integrity issues prevalent in sharing and trusting on data.

Decentralised identity network can deliver the internet’s missing identity layer

One of the most promising initiatives aiming to solve the challenge of being able to trust information exchanged online is Sovrin. Sovrin is a global, decentralised identity network that delivers the Internet’s missing identity layer. Sovrin allows people and organisations to create portable, digital identities which they control.

In Sovrin, the identity holder forms secure digital connections with entities (organisations, individuals or things) that can provide information about the identity holder. This information can literally be anything such as a personal identification number, home address, power of attorney or – in the context of GDPR and PSD2 – customers consent to a service provider. This information can then be shared forward by the identity holder to a party that requires these proofs. This provides for all kinds of rich digital interactions: Know-Your-Customer, contract and transaction signing (B2B, B2C, G2C), permits, asset ownership, and so on...."

Banks have been central in creating trust since ancient days - and as they are now legislated into an ever more central position it is only natural that the new opportunities created by DLT is in full focus there.