Insights Web3 Innovation in the UK: Solving the Digital Identity Verification

In the digital age, establishing and verifying your identity has become increasingly complex. We’ve all dealt with those pesky Captchas, two-factor authentications, and blue ticks. But they have added inconvenience and, in the case of blue ticks, costs.

The “unique human problem” described by Ethereum’s Vitalik Buterin, encompasses a range of challenges related to identity verification, including combating online scams, catfishing on dating apps, and the proliferation of social media bots, to name a few. In the early days of the internet, anonymity prevailed, and questions about ownership of digital assets were rare. However, the internet’s evolution has brought forth a host of challenges.

In the physical world, individuals possess official documents like driver’s licenses and passports issued and verified by ‘trusted’ authorities. Whereas in the digital realm of Web2 where internet services are centralised, the absence of a universal and secure identity system has led to data brokers mining vast amounts of personal information with users having limited control over their data and digital assets, eroding privacy and raising concerns of unauthorised data monetisation.

The door is therefore wide open for responsible innovation and Web3 might have the answers, but it remains to be seen whether the UK lead the way in positively regulating the space.

Decentralisation. Web3 systems distribute control across a network of participants rather than relying on a single control authority, such as social media companies or government agencies. This ensures that no single entity wields undue power over users’ digital identities and assets.

Blockchain Technology. At the heart of Web3 lies blockchain technology, which provides tamper-resistant and transparent ledgers for secure transactions and data storage. Blockchain’s ability to offer immutable records is especially valuable for digital identity and ownership.

Self-Sovereign Identity (SSI). SSI empowers individuals to control their digital identities. Users store their identity information on a personal blockchain or decentralised identity system and decide when and how to share it. SSI mitigates the risk of identity theft and places users in charge of their online personas.

Re-enter NFTs which could be rebranded to offer a compelling solution to the identity verification conundrum. NFT verification would work by associating crucial identity information with digital tokens, thereby providing users with a trustworthy and tamper-proof representation of their online identity. To ensure secure, autonomous data sharing, smart contracts come into play, while the public blockchain ledger guarantees complete transparency. This innovative approach promises numerous advantages, including enhanced online identity verification, a reduction in fraudulent activities, heightened control over personal data (as users can now view who has access to their data), the potential for data monetisation (users could get paid each time their data switches hands), and the ability to enforce data subject rights.

Alternatively, Worldcoin, founded by OpenAI’s Sam Altman, has also emerged as a ground-breaking initiative which endeavours to create a comprehensive worldwide identification system that bridges the gap in financial inclusion and digital service accessibility for individuals. Worldcoin leverages biometric data, specifically eye scanning technology in order to establish “proof of personhood.” By collecting and securely associating this biometric data with individuals, Worldcoin aspires to forge a unique and universally accessible digital identity that transcends geographical and financial barriers.

Despite the promise of these innovative solutions, regulatory challenges abound specifically with regards to privacy. However, the UK Government committed in 2022 to “transform for a digital future” and capture opportunities arising from the blockchain.

The UK Information Commissioner’s Office (“ICO”) has already identified in a report to the Treasury Select Committee three key concerns regarding storing data on the blockchain:

  1. Data controllership. The issue of data controllership arises, particularly in cases involving entities like Decentralised Autonomous Organisations (“DAOs”), where token holders participate in decision-making.
  2. Anonymised data. The ICO emphasised that truly anonymised data on the blockchain would be exempt from data protection regulations, while pseudonymised and certain anonymised data would be classified as personal data, necessitating compliance with data protection laws.
  3. Right to erasure. Data on the blockchain cannot be deleted without disrupting the chain’s integrity, undermining certain individual rights under the GDPR.

Organisations handling data on the blockchain should therefore conduct Data Protection Impact Assessments and ensure GDPR compliance by establishing a clear lawful basis and obtaining unambiguous consent for data processing.

The benefits of blockchain technology are gradually being realised, so all parties must be pragmatic with these issues to harness the opportunities presented. In turn, personal data will inevitably be processed, and since deleting blockchain data is nearly impossible, a collaborative approach with the ICO is crucial, and consequently, the ICO are offering a Regulatory Sandbox for innovative companies.

Users who consent to registering their identity on the blockchain should have their data processed with care nevertheless and this entails limiting the amount of detail stored on the blockchain. Organisations should anonymise data to a significant extent, and verification could be based on harder-to-identify data points such as unique IDs, coupled with subsequently pseudonymising the data.

A practical solution may also involve users establishing their verifiable anonymised identity on the blockchain during registration and then expanding their profiles within the centralised Web2 realm.

Additionally, Worldcoin faces additional hurdles. European authorities, including France’s CNIL and Bavaria’s DPA, have raised concerns about Worldcoin’s use of biometric data and its storage practices; and its complex organisational structure consisting of for-profit and not-for-profit entities based in the Cayman Islands and Germany complicating the determination of data controller responsibilities.

Web3 innovation is poised to solve the unique human problem of digital identity and ownership. NFT verification and Worldcoin represent two innovative approaches to this challenge. There are certainly regulatory challenges, but the UK Government’s favourable stance towards innovation could clear the path towards wider use. Thus, we will be keeping a close eye on the subsequent regulatory decisions by the ICO and others which may influence the future of digital identity verification globally.