Are you really who you say you are when entering into an online transaction? Is that specified billing address correct? And is that income correct for the requested loan? There are hundreds of cases in which people have to provide proof. Often by providing copies of personal documents that contain much more information than is necessary for the purpose. Often not structured, but by means of a PDF or worse: in a paper document. With all the frustrations, delays, and fraud possibilities that come with it. In an ideal world, as a person, you can digitally demonstrate all these kinds of things, providing only the data that is necessary and of which the recipient is sure that it is correct.
To a large extent, this is possible with Ockto, a platform that allows people to collect data from different data sources and pass this data on to a data using service (provider). However, when doing that, you still have to log in to the platform. Besides, the original data is not always signed by the publisher. That is why Ockto is transforming into a SSI (self-sovereign identity) where you as a person have more control and to which publishers and recipients of data can independently connect.
Empower individuals to stay in control over their data
There are still many questions to be answered about the complete meaning and implications of giving individuals “right to self-determination regarding their personal data”. Are people able to do so in all cases, do they want to, and what to do if it is practically not possible? Theory and practice must come together in this. It’s a matter of interacting with all stakeholders and the acknowledgement that implementing the optimal solutions requires patience.
As a data operator, the position of the individual is already quite clear in Ockto. Within the platform individuals are invited to collect personal data from data sources and by giving an explicit consent, determine whether the personal data may be shared with an organisation. Ockto ensures an irrefutable administration of all data transactions in the ecosystem based on the given consent from the individual.
We [Ockto] are working towards an ecosystem where the platform ensures that the individual can retrieve and transmit their data from a source and becomes the holder of the data before it is transmitted. We will do this by creating a self-sovereign identity for each actor in the ecosystem. This means that sources (issuers), individuals (holders) and data consuming services (verifiers) can prove that they are who they say they are, in order to gain access to personal data to which they are entitled. This makes completely new use cases possible, such as feeding AI solutions and microsystems with real-time personal data. Naturally, all under the control of the individual.
Creating an ecosystem comes with challenges
Ockto is fully engaged in realising this architecture and believes it is critical and useful. At the same time, we still see many challenges to make such a new ecosystem effective.
1. Government data sources must become publishers
Much important personal data is stored in government systems. In many cases, an individual has access to these systems, but has to look for it himself via an obtained account and access to websites. This should transform towards a government services layer for the issuance of personal data whereby an individual can directly obtain his data in a structured way through his SSI.
2. Procedures must rely on data instead of on documents
Current acceptance and control procedures are often based on documents that are sent through by individuals. Documents that often contain more information than necessary for the purpose for which they are sent through. Converting these document-based procedures to procedures that work with data is laborious and requires a new look from risk and compliance departments. The General Data Protection Regulation (GDPR) has helped to kickstart this transformation. Besides, the enormous business case of working with data instead of documents helps (e.g. in mortgage or consumer credit application processes). However, many systems and procedures in large organisations have to be adapted for this to materialise, which is time-consuming.
3. Individuals must trust data exchange
Everything stands and falls with the trust that individuals place in the solution. Individuals must be able to count on their personal data being treated in a secure and compliant way. News reports about data-grabbing social platforms are not helping to build that kind of trust. Perhaps certification at a national or European level has to be achieved, as was the case with PSD2. It would surely help to innovate in the right direction if high-level requirements are clear and new initiatives are audited by an independent organisation. Individuals could base their trust on such certification.
Together inventing a new ecosystem
However, we can never cope with these challenges on our own. As Ockto, we are looking for cooperation with other companies in the Netherlands and abroad to create this new ecosystem and take position within that world. That is exactly why Ockto has joined the initiative of the Data Sharing Coalition. Together with international partners, we would like to explore how personal data can be exchanged digitally in a convenient yet secure and compliant manner.
Another initiative we joined is the MyData.org movement. The purpose of this international nonprofit movement is to empower individuals by improving their right to self-determination regarding their personal data. The vision is laid down in the MyData Declaration. Ockto is fully aligned with this declaration and in July 2020 Ockto received the MyData Operator 2020 Award as proof of this.
It’s our believe that initiatives like the Data Sharing Coalition and MyData.org will help to overcome joined challenges. By working pragmatically towards new secure ways of sharing data that individuals can rely upon, we together will be able to transform this ideal into reality.
This article was originally published by the Data Sharing Coalition. Access the original.