There has been a considerable amount of comment in the press about the use of personal data and how it has been misused by Facebook by passing it to a second company, Cambridge Analytica, for processing. We have also seen something else new - the ICO publicly sending in a team to investigate on-site using a warrant. These two highlight a significant problem about personal data: that it is very valuable to others (even if we provide it willingly having signed Terms & Conditions and provided our data to Facebook for free), how little real control we have over it and those that can access and process it do so in ways we don't agree with (or even imagine what they'd do with it).
GDPR will tighten personal data processing
While the forthcoming GDPR legislation will make the holding and processing of personal data much more difficult as companies will have to gain and keep both Consent and a Legal Basis for Processing. But we will still have many companies handling our personal data for legitimate purposes. They will know our home addresses, our dates of birth and many more things about us. Sufficient for financial fraud should such data be lost.
If you want to open a new bank account; if you want to take out a loan to buy a car or take out a mortgage, then you will have to undergo a Know Your Customer (KYC) process. This is an authentication process where personal data is collected and correlated against a number of external databases to establish a person's identity and suitability to - say - borrow money. This process will continue to happen post-GDPR.
Can this be done more safely?
In short, yes it can. We will have our identity checked this way a number of times every year. However, there is a way this can be made safer. The technology exists for financial institutions to use public blockchains once they have completed a KYC process. The company would publish a hash (an encrypted digital version of the authenticated personal data) externally on a public blockchain. Once such a hash is available, then further KYCs can be redundant as a person could refer to the hash rather than supply all their personal data to every entity wanting it.
Could you log into the likes of FaceBook with this?
You would still want to be found by friends and family so you are likely to want to publish some personal data in order differentiate yourself. But it would reduce the amount of data that any company might need to establish who you are. It would certainly be sufficient for commercial purposes: such as renting a flat, getting a mortgage or buying a car. Additionally, it would make identity fraud more difficult as the amount of personal data available externally will reduce over time (all the previously published stuff doesn't just disappear).
How close is this to reality?
Blockchain authentication products, such as SignChain, exist now and are starting to be used by financial organisations for their KYC processes.
AliasLab UK Sales Director
cit. public post page linkedin of John Stoddart
Subscribe to our newsletter to be informed of all the news