Give me a minute, I promise I’m not totally demented.

Companies have always collected personal data, with references to Master Data Management as early as 1980, however in the last decade the collection of personal data has exploded, particular with the advent of AI where companies can do much more with the data, and growing demand for personalization and convenience. Data has become a key competitive advantage and given birth to an industry of data collectors, sellers, and buyers. It’s also resulted in a slew of high-profile data breaches, privacy lawsuits, government regulations, and growing costs associated with processing personal data.

Self-sovereign identity (SSI) allows a person to hold their own data (or references to their data) as verifiable credentials that can be trusted as ground truth. They exchange “proofs” that allow them to disclose only those elements, or derivations thereof, that are minimally required for the specific interaction. For example, a proof that you are over-21 is derived from your date of birth but doesn’t need to disclose the actual date. Data can be exchanged and verified in real-time, peer to peer, where an application sends a “proof request”, verifies the “proof response”, records a successful “proof exchange”, and then moves on in the business process. They don’t have to hold all the data associated with the credential, such as the details on a driving license, to complete the interaction.

Now come join me down the rabbit hole…

This proof exchange model is analogous to streaming music in that:

• An organization only needs the data elements required by the business process, only gets the elements when the process is triggered, doesn’t need to buy/collect data they don’t need, and then store it in their MDM.

in the same way that…

• A person only needs to stream the songs they want for a dinner party they are hosting, only gets the songs when the dinner party starts, doesn’t need to buy CDs with songs they don’t like, and then store them in their CD cabinet.

With SSI, and streaming music, you just consume what you need, when you need it, and have access to vastly more data/songs than you would otherwise have.

SSI will not only make vastly more data available, but it will also significantly reduce the cost & risk of consuming personal data and realize new value propositions for both organization and data subject. Today, one of two things happen:

1. Credentials are exchanged in their entirety (e.g., driving license, passport, academic transcript, medical record) even though the business process may only need a subset of the data.
2. Credentials are not exchanged at all, even though the business loses differentiation, and their customer loses a value proposition, because the cost/risk of consuming the credentials are too high.

There is another common thread between SSI and streaming that is worth calling out as a cautionary tale. Content providers fought streaming in the same way that many data providers are fighting SSI; and we all know how that worked out. So, my request of data providers is to get on-board the SSI train and don’t get left behind on the platform. Now is the time to reinvent yourselves for the future. SSI is a rising tide that could raise all boats.

SSI is the future of the global data supply chain, solving multiple data exchange challenges from making it peer-to-peer and on-demand, to breaking down data silos, making data processing transparent to the data subject, under the control of the data subject, reducing the regulatory overheads of processing personal data and transparently building consent (and trust) into the fabric of data exchange.

I believe (hope) that 10 years from now the SSI model will be as ubiquitous as streaming is today, and the concept of getting personal data from anyone other than the data subject, will be unthinkable.