Digital ID talk in Europe can’t get past centralization question
A roundtable discussion this week sponsored by the European Parliament about digital identities only deviated from boilerplate sentiment about the supremacy of privacy to lightly sketch the data-centralization debate.
Of privacy, panelist Loretta Anania, a scientific officer with the European Commission, maintained the Continental view that being able to shield oneself is a core value. But more practically, Anania said, it is a right that was written into the EU Treaties only after intense campaigning.
Devilish details remain, however. The panel discussion specifically looked at how individuals should be able manage their decentralized IDs, or DIDs, which soon will be the standard for identification in Europe.
The discussion was vague, however, and offered few novel insights or actionable tactics, much less strategies.
Eva Kaili, chair of the parliament’s Science and Technology Options Assessment sub-group, suggested that people wanting data privacy, safety and security have to know which public and private entities control identity management tools.
While it is hard to argue against that position, it also is difficult to imagine significant numbers of people doing the research to find, understand and act on that information. It is possible that new landmark legislation like the General Data Protection Regulation (GDPR) could win passage, said Anania.
At least among the panel, the big underlying question was whether decentralized data schemes were preferred or a hybrid — as exists now — of decentralization and centralization.
New hybrid ID services could assign some parts of equation, said Thibault Verbiest, a regulatory affairs executive for block-chain vendor Diginex. Basic credentials could be managed decentrally, leaving more specific ID services, such as acting as a witness, to be secured centrally, preferably with a large degree of transparency.