Identity is a data-rich key that acts to unlock all levels of the emerging digital ecosystem. All forms of ID carry some risk, but digital forms of ID, or “dematerialized ID,” cuts across all sectors and generates particularly copious data about people, their behaviors, financial status, associates, and potentially even political and religious views. Over time, distinct patterns emerge from the data and have in the past created new kinds of risks for individuals and groups. As the world is becoming increasingly digitized, we can expect challenges in the identity space to grow apace unless proactive attention is given to identifying and mitigating the risks.
Balanced policy making that adheres to now well-established, internationally accepted standards for privacy and data protection is a crucial fundamental step to setting up core protections for digital identity ecosystems. When ID systems are created and allowed to operate without underlying data protection law and policy in place prior to implementation, case studies show that risks mount quickly — as does “mission creep” and other permutations that often have meaningful negative impacts for people and society.
Ensuring there are appropriate legal and policy protections in place prior to identity ecosystem implementations is essential. When these protections also include adequate enforcement mechanisms, ID sector stakeholders can then begin to create appropriate and responsive practical governance in their respective spheres. This paper explores the ecosystem and governance needed to tip the balance of ID ecosystems toward mutual benefit and trust as digital identity is used for the public good.