Long reads

The Future of Digital Identity 2022: Data sovereignty and interoperability

Paige McNamee

Paige McNamee

Senior Reporter, Finextra

This is an excerpt from Finextra’s report, ‘The Future of Digital Identity 2022: Inclusive, secure, fit for purpose.’

Extensive discussion around who should be the guardian of digital identity solutions are well established, and sophisticated models outlining the strengths and pitfalls of multiple approaches are abundant. However, when it comes to the question of whether financial institutions or governments are better placed to design and implement such solutions, there is no unanimous answer.

Dr Whitley sees multiple aspects to this question, with the first tied to who shapes or owns the standards for digital identity systems.

“In the UK, the general sense has been that government plays an important role in helping set the scene for digital ID solutions but that a government only solution is unlikely to be successful. Other countries might have very different priorities. A common reason put forward for financial institutions to lead on digital identity is that, because of their know-your-customer requirements, they have good identity data and processes for onboarding customers and thus could be authoritative sources for many attributes.”

The counter argument, Dr Whitley continues, is that “doing digital identity” is not a core business for financial institutions and, as with other non-core business services, “digital identity is something that they should be procuring from the open market rather than doing themselves - the arguments for and against ebb and flow over time.”

Putting data control in the hands of users

Roberts explains that digital data sovereignty is critical to financial services institutions (FSIs) for both regulatory and data security purposes. This is because it provides users the ability to have control of the digital data, hardware and software that they rely on or create. “Essentially it’s about people deciding for themselves how their data is used, data sovereignty from a government’s perspective ensures appropriate controls can be established and enforced over data based in its jurisdictional boundaries.”

Referring to a recent report by Oliver Wyman: ‘Digital Trust: How banks can secure our digital identity’, Roberts notes that that banks’ involvement can ensure digital identity schemes are trustworthy, secure, and convenient. In terms of a best solution, however, Roberts believes that the design and implementation of digital ID solutions requires a joint effort between FSI’s, regulators and the government. FSIs and policy makers all have their roles to play in implementing robust digital ID solutions. “Banks have already built trust in their ability to securely manage our finances, the regulators to regulate the banks, and the governments to set policies and laws to protect our data – this, in my view, is a dynamic that works and can be relied on.”

Roberts explains that the EU's eIDAS (Electronic Identification and Trust Services Regulation) provides a consistent legal framework for digital identities and signatures to be accepted. The UK eIDAS regulation was adopted into UK law following the UK exit from the EU, and supports the argument that it is possible to have private-sector driven digital ID networks alongside state led schemes.

“It is important to have regulations to govern what service providers protecting electronic data need to comply with to be listed as a qualified trust provider. eIDAS supports organisations in both the public and private sectors to transact securely using electronic signatures, improving user convenience, whilst saving time and money.”

This approach is echoed by Grunberg, who argues that digital ID solutions can be provided either via multiple co-existing commercial standards or via a government-backed dominant standard; it would depend on the use cases that are enabled by either of the schemes.

“However, multiple schemes will come at the cost of consumer experience. In the first case, private companies or alliances of companies establish their own digital ID standards, which operate in parallel with each other. In the second case, governments — potentially in global coordination — lead an effort to establish ‘a monopoly standard’ for digital ID, which is secure, open, and easy to use for a wide variety of stakeholders.”

Building trust through interoperability

Grunberg also raises the point of interoperability, which many view as a key factor for success of multiple digital ID schemes. Governments, through policy and frameworks, can institute interoperability standards for private and public stakeholders, Grunberg explains, and adherence to these standards can expand the use cases and acceptance of digital ID. “We believe that Digital Policy should aim at establishing a government-backed, dominant, digital ID standard. Similar to currencies and the financial system, national authorities would set rules for governing the dominant digital ID standard, which will be open to all stakeholders.”

Governments may also benefit from the use of trusted intermediaries to handle sensitive digital ID and related data, according to Grunberg. This is because intermediaries may play a crucial role in protecting the confidentiality of counterparties in certain transactions, while assuring that such transactions are secure and lawful.

“The most important attribute of such intermediaries is trustworthiness and execution excellence while working under regulatory oversight. In finance, that role is usually fulfilled by a bank operating under license-based regulatory oversight. In our view, digital ID is posing a similar opportunity for banks willing to enter this innovative area. However, it will be important for all the economic actors (Corporates, society, financial services, and governments) to come together to ensure success of the initiative,” notes Grunberg.

Dr Whitley, confessing that he is slightly obsessed by questions of interoperability, comments that if public and private sectors understand and agree on what they want digital identity systems to do, then it should be possible for both to build systems that the other would or could accept.

“Where such interoperability doesn’t happen, I suspect it often signals a lack of trust between the parties,” Dr Whitey observes. “Perhaps more importantly, from the customer perspective, having to go through essentially the same processes to create (and populate) a digital identity or wallet for government and for the private sector is a total waste of everyone’s time.”

Comments: (0)