The debate over the control of your identity has around been since the inception of the internet. Customers want to control access to their information but have also become hypersensitive to user experience and personalization—both of which often require use of personal data. Is there a middle ground?
I’ve been on both sides of the customer identity debate as a digital marketer and a digital banker. Marketing departments want to track all of your transactions, products, and behaviors in order to provide the most relevant and timely customer experiences and cross-sell opportunities. Digital banking platforms already know who you are, and are instead more concerned about information security, fraud, privacy, regulations, and identity theft.
Open banking is intended to give customers tighter control of their finances by offering a more seamless customer experience between service providers. Compliance requires a secure API infrastructure with Strong Customer Authentication (SCA) so that customers may purposely grant access to their transactional and payment information to relevant third parties.
But isn’t this the way everything should work? Why do we sacrifice convenience for control? What if every time I surfed the internet, I was truly anonymous? What if I controlled all of my customer information and could determine exactly what data was sent to my bank, health care provider, retailer, insurance company, or social networking platform? What if my personally identifiable information (PII) was consistently under my control and stored in one location?
Some might say, “I do control my personal information.” Thinking you’re anonymous online is equivalent to thinking you’re not being watched in New York City. There are entire industries, legal and illegal, whose sole purpose is to buy and sell customer information or provide relevant marketing based on your customer information.
Many companies are now adhering to data protection regulations such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) which require websites to obtain user consent before sharing information. It is great in theory, but it falls short in application. As a potential customer, I must now agree to modal overlay consent, prompting me to acknowledge their information sharing policy before I can navigate their site. These overlays are similar to the privacy policies shown and ignored in online banking enrollment platforms. Customer are now so used to seeing them that they don’t even read them.
“Self-sovereign identity (SSI) gives customers control over their identity without the intervening administrative authorities. SSI allows digital interactions with the same freedom and trust as the offline world.” (sovrin.org)
With distributed ledger technology (DLT), a globally scalable self-sovereign identity is now possible without a single entity owning it and controlling it. DLT can remove the dependency on centralized customer information silos and enable a self-sovereignty model. But these models would require an incredible amount of collaboration across industries and may require government intervention and oversight to be possible.
Historically, we have selected convenience over control because the sense of urgency has increasingly driven human motivation. We want it now, and mobile phones have made it possible. Today’s personalization provides incredible conveniences, but it does come at a cost to our privacy. Platforms that enable self-sovereignty through DLT may provide the best of both worlds: giving customers control over their identity while still enabling the appropriate level of personalization for trusted institutions.