Financial inclusion is necessarily built on a foundation of customer identity, but the rush to inclusion and the consequent focus on mass registration in many countries has placed at risk the citizens’ rights to privacy – even where these are recognised in law. But the mere fact of being excluded should never mean that someones right to privacy is in any way diminished.
With support from Omidyar Network, Consult Hyperion has undertaken a global review of the privacy and data protection aspects of digital identity services, with particular reference to their relevance for financial inclusion. We have reviewed the various digital identity initiatives around the world from a privacy perspective. Building on this framework, we have developed a ‘roadmap’ for digital identity that ensures that privacy, and the needs of regulatory authorities, can be built into digital identity services, ensuring the drive towards financial inclusion can be at its most effective. We hope that this roadmap will be a useful contribution to the industry as it considers how best to deliver digital identity to those most in need.
The key elements of this roadmap are as follows.
Put the individual at the centre of privacy protection
This does not only mean giving individuals control over how their personal data is used; it needs to be reflected in the entire approach to the digital identity system. In order to avoid low levels of take-up and use, it is essential that the emphasis be placed on user needs, rather than vendor-driven use cases or so-called “gold standard” solutions.
Provide an effective legal environment
An effective legal environment must be in place that contains, and can enforce, legal remedies to prevent or punish abuses of personal data. An effective legal environment will also increase confidence that any contractual measures put in place as part of the trust framework to ensure privacy can be enforced.
Design in privacy from the start
There is widespread recognition that privacy should be designed into any system from the start rather than bolted on as an afterthought. Privacy–by–design requires a careful understanding of the expected goals of the identity system, an appreciation of the distinctive characteristics of the context of use and an awareness of the technological capabilities and privacy risks associated with proposed next generation digital identity systems.
Separate identification from authentication and authorisation
Many existing identity systems combine identification and authentication activities within the scope of the identity provider. Separating out identification from authentication allows for the relatively rapid roll out of basic digital identity credentials, perhaps issued to all but based on low assurance identity data. The quality of the digital identity can be enhanced over time, in part simply through a history of ownership and use or by incorporating additional data points.
Furthermore, if the basic digital identity credentials only show that the citizen is unique and identifiable and not include other data attributes by default, this will allow future developments to minimise disclosure of data. Today identity systems often include a default data set that is always shared, even when it is not necessary for the service being accessed.
Improve authentication then identification
In an ideal world, it would be desirable to move directly to high quality identification and high quality authentication. In practice, however, the time and effort to improve the quality of these aspects of digital identity are different. In general, improvements to authentication quality are likely to be quicker to achieve than improvements in identification quality.
Provide a viable commercial model that disincentivises abuse of personal data
Whilst the monolithic identity providers like Facebook and Google offer easy to use digital identity credentials, their business models could run counter to consumer privacy as key revenue streams come from sharing individual and aggregate customer data. Whilst it is possible to constrain such actions contractually and technologically, long term the commercial model must be designed so that incentives to protect privacy are aligned.
Consider who will pay for the identity system
If identity credentials are to become a key infrastructure for a society, then important questions of how they are to be paid for arise. There are different models of charging for infrastructure provision that can be drawn upon, but choosing the right payment model can be problematic whether the identity provider is a government agency or a commercial body.
Address questions of liability
Service providers should not be held liable for actions based on properly authenticated identity claims. What then of the liability of the identity providers? Here the complexity of the liability model grows as benefits and risks are shared unequally. In extremis, the identity provider privatises the some of the benefits (e.g. payments for authentications) but socialises the risks (e.g. complete failure of trust in the identity system as a whole).
Review the role of compulsion
For countries introducing new identity credentials, questions of consent and compulsion become particularly significant from a market and rights perspective. They may cause significant disruption to the roll out of system. In such cases it is frequently stated that the new identity system is voluntary, not compulsory and that individuals can always choose not to have an identity credential. In this case, as the critical mass of credential holders develops, effective compulsion can arise. However, evidence from Europe suggests that the various electronic identity cards are used infrequently because most people have infrequent access to public services and those that do have more frequent access rarely need to formally identify themselves each time.
All of the underlying issues, and the elements of the proposed roadmap, are explored in detail in the report available here. It’s very detailed piece of work, so you might want to being with the Executive Summary that is available here. We are genuinely curious about your views and look forward to all feedback.