Today a heated debate is raging over both the commercial uses of personal data and public surveillance via digital platforms. So how far should digital identity come under the aegis of the State, and to what extent should it be seen as a matter for business?
In 2025, it is estimated that a quarter of the world’s population will have a social network account. And while data garnered from these accounts enables commercial companies to gain valuable insights which help them to come up with new products and services, other practices – such as selling on personal data or gathering highly confidential information via tracking systems without the data owner’s consent – have also come to light. This lack of clarity regarding what happens to a person’s digital footprint was the central debating point at a forum on digital identity hosted by French employers’ federation MEDEF and digital training association Forum ATENA in Paris in mid-November. “Now that the value of data is recognised in M&A deals, a balance needs to be struck between data whose use requires consent and data obtained as part of general feedback on user experience, which is treated as a commodity,” Diane Mullenex, a lawyer specialising in digital affairs, told the forum audience.
Personal data should be classified according to use
‘Affinity data’, which is garnered when a person browses the web or shares on social networks, is one thing, but highly confidential information such as banking and medical data is quite another. However, if we want to see companies developing high value-added services, it is essential to develop general trust in digital processes. “Without a clear policy, digital identity won’t catch on, as it will be subject only to the will of the market,” warned Robin Wilton, Director for Identity and Privacy at the Internet Society. The European Union has a clear role to play here in fostering trust, by ensuring the reliability of all types of authentication, in a seamless approach that will enable all the EU member states to promote digital identity, speakers underlined. This basically means developing infrastructure capable of handling personal identification on any platform, with full interoperability between countries. Just like the Internet of Things, digital identity requires standards. Initiatives such as the digital passport, miniature objects along the lines of a SIM card, and electronic signatures could all enable a person to prove his/her identity and safeguard private data. Having a real ‘electronic strong box’ of this kind would help to increase trust and also lower administrative costs.
Surveillance risks amplified by M2M and the Cloud?
Although it is clear that the State needs to take some action in the field of digital identity, is it necessary to make the management of personal digital identity the sole preserve of the State? Since Edward Snowden’s revelations about the activities of the US National Security Agency, this thorny question has turned the full glare of the spotlight on to the United States. This affair has also highlighted the special links that exist between the web giants and the State. These revelations might have raised concerns among many consumers, though as yet there is no evidence that people are changing their online habits. And while the dissemination of both personal and professional data on the Cloud is helping to turn data into a commodity, not everyone will choose to go this route, given the cost of the infrastructure needed in order to make use of these services. It will also be crucial to deal with the M2M issue: legitimate concerns have been raised about the idea of all the details of a person’s life whizzing between connected devices and servers, completely out of the hands of the person in question. “The fact that citizens are asking questions is a good thing. We absolutely must not fall into the old trap of thinking that ‘If you've got nothing to hide, you've got nothing to fear’, as this would mean that we give up the idea that a human being is a social individual,” argued Robin Wilton.