Aadhaar, apart from being India’s unique identity program was also responsible for changing the way how people looked at digital identity. The supreme court verdict on Aadhaar limited access of Aadhaar data by private companies and lead 2 drastic changes in the market,
- BFSI and other industries which relied on eKYC to verify and identify their customers, lost access to an inexpensive and fast KYC process
- Lead to the emergence of identity service providers who digitised the paper & plastic OVD’s to streamline the use of ID cards for KYC
Companies like Yoti and Veri5Digital entered the market to simplify how users shared their data and how service providers gained access to it while being completely compliant to the new data privacy laws.
Digitisation of identity not only made life of companies looking to KYC their customers easier but came with the added advantage of protecting your privacy by allowing you to control who had access to your data.
Before we go any further we need to understand what digital identity and data privacy mean.
What is Digital Identity?
A quick google search gives us the following definition by wikipedia
A digital identity is information on an entity used by computer systems to represent an external agent. That agent may be a person, organisation, application, or device. ISO/IEC 24760-1 defines identity as “set of attributes related to an entity”. – Wikipedia
In general terms a digital identity is a set of online attributes that can be read by a computer system to ascertain who you are. This includes everything from your online behaviour i.e. what did you browse? what did you buy and which websites you visited? to what your social media username is? what pages do you follow? what social media posts did you interact with? and anything else that can be used to identify you online.
Though in our case we mean,
A digitised format of an OVD (Officially Valid documents) that can be used to identify and verify that you are who you say you are. A really good example would be eAadhaar or Aadhaar XML, the digitised format of your Aadhaar card that can be used as an identity and is accepted by the government and private entities.
What is data privacy?
Here is the definition from Techtarget
Data privacy, also called information privacy, is the aspect of information technology (IT) that deals with the ability an organisation or individual has to determine what data can be shared with third parties.
The point to consider is that data privacy, by definition is consent and ownership of the data i.e. data privacy is built on your right to handle and use your data as you deem fit.
It is not only about hiding your data, it is also about the power to decide who can access your data and about control over how it is used or distributed.
How can digital identity help? We try to answer the question in this article,
How can digitisation of ID’s or digital identity protect data privacy?
Access control
One of the major aspects of digital identity apps/solutions is its feature that allows you to share your data to another user or a service provider directly from within the app in digital format over a secure connection. This not only keeps tab on who has access to your data but also allows you to limit or remove such access as or when the service interaction is completed.
There is a traceable paper trail
Since a digital identity is shared between accounts of individuals or service providers, it becomes easy to track who has access to your data and how it is being used. Unlike traditional sharing where a service provider could just make copies of the id document shared by you, digital ID’s can be used to track or limit any such sharing with others. And even if it is shared , you would be able to track such usage of your ID document.
No Middleman
Traditional paper based KYC meant, service providers employed 3rd parties and agents to collect such documents from the user in this case you. This meant a 3rd party had access to your identity documents and signed copies for a certain period of time, increasing the risk of identity theft. In case of digital identity based apps and systems you share your identity with the service provider via the app itself, completely removing the need for any 3rd party agent to have access to your data.
Share only what’s needed
Not every service provider needs all your information, some required a proof of age and doesn’t need your unique identification number or PAN card details. Most digital identity apps allow you to choose what you want to share with a service provider while the rest of the data remains hidden.
Revokable Consent
One of the best features that digitised identity apps come with is its ability to revoke access to user data. Unlike in case of paper based documents where you neither have the track nor the option to limit access, digital IDs make it possible to completely remove access to your data either manually or after a certain period of time as required, once the access is no longer required
As the world becomes more connected, the dangers that precede this are real. Paper based id documents can not only be shared with multiple parties without consent but can also be used for identity theft and sometime with grave consequences.
Digital identity comes with access control, paper trail and access limitation, that helps drastically reduces the chances of misuse and ultimately keeping the control of your data with you.