The regulatory environment is becoming ever more stringent for companies who collect and process clients’ personal data. The fines for non-compliance with the modern data protection laws (such as the GDPR) are extensive, and the reputational damages for mishandling personal records seem irreversible. There’s also the general public’s growing distrust of corporations and government bodies caused by frequent reports of their inability to protect databases from hacking and data breaches.
The “traditional” digital identity management model is fundamentally flawed.
Self-sovereign identity (SSI), according to many, can resolve these issues. The core principle behind SSI systems is putting end-users in complete control of their identity data and allowing ordinary people to sign digitally and verify claims/transactions without third-party involvement.
- An individual is the only authority
- The identity must be transportable and interoperable
- Transactions with minimum exposure
- SSI must focus on users, not service providers
- The administrative procedures used by identity networks must be open-source and transparent
- Users must be able to maintain persistent identifiers
- A right to be forgotten should be maintained
It’s possible to disagree defiantly to collaborate with governments and ignore completely all of their requirements. We can still build an SSI platform on a blockchain that no regulating body will be able to shut down. However, such approach might turn out very short-sided; the governments can restrict the individuals using such platforms from paying taxes with it, or renting a car, etc., and the users will have to create separate identities, involving centralized authorities, to complete such transactions. This is at polar odds with what the SSI movement is trying to achieve.