As we predicted last year, GDPR progress has driven additional identity-related legislation. Consumers want to know that steps are being taken to put value on their identity and politicians are enacting legislation around digital IDs. Consumers have also been driven to advocate for more ownership over how and when their personal information gets shared.
Mastercard recently released a study revealing that the overwhelming majority of individuals and business leaders (90%) feel data privacy is universally important. As a result, digital identity is at the forefront of conversations about the future of privacy, legislation and how PII can be protected.
Consumers Show a Willingness to Embrace Digital IDs
Multiple studies have proven that consumers are not only ready, but they are requesting digital IDs to authenticate their online engagement with government agencies and businesses alike.
Research from the DIACC (Digital ID and Authentication Council of Canada) revealed that 70% of Canadians want to see governments and the private sector come together to collaborate on a joint digital identity framework in Canada. This digital ID platform would enable the increased and inclusive access to government benefits, healthcare, e-commerce, and financial services. Respondents believe that this model will help better safeguard their personal information and create a more efficient user experience.
Digital IDs are Being Adopted Globally
Just last month, Colorado’s Gov. Jared Polis signed an executive order supporting the widespread adoption of “digital personal information technology.” Colorado residents will now be able to create a digital ID that can serve as proof of age, address or identification through the state’s myColorado mobile app. Theresa Szczurek, chief information officer since January, is helping lead the effort. Since the launch, about 20,000 Colorado residents have digitized their IDs.
Colorado is one of the early state adopters of digital identification – Washington D.C. also announced a forthcoming pilot program. The service is becoming a trend as state governments attempt to offer digital services on par with those offered by private companies.
The EU also recently extended the deadline for the revised Payment Services Directive (PSD2), which enables bank customers, both business and consumer, to give third-party providers permission to retrieve their account data from their banks. This push towards Strong Customer Authentication (SCA) is comprised of “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).”
International and State Laws are Increasingly Addressing Data Privacy Legislation
A growing number of international, national and US state laws and regulations seek to govern the collection, safeguarding and sharing of consumer data, specifically to give consumers visibility and control over how their data is used. GDPR, which took effect last year, is among the most notable and compressive of these regulations.
The California Consumer Privacy Act (CCPA), which will take effect in January 2020, is currently the strictest data privacy law in the US. In the absence of preemptive federal law, many U.S. states, including New York, are considering laws similar to the CCPA. Congress has also begun to consider what a national data privacy law might look like.
But privacy and data security experts suggest this may be just the tip of a very large iceberg. Many countries have passed or are considering similar laws. Brazil, for instance, has passed its own General Data Protection Law, which comes into force in 2020. Earlier this year, the EU announced tighter security for ID cards, making biometric data mandatory for ID cards. Under this new legislation, documents must include the two fingerprints of the cardholder, stored in a digital format, on a contactless chip.
One thing is clear – the future of digital identity is here. With consumers demanding a solution, and politicians clamoring to address security and data privacy concerns with the appropriate legislation, businesses must be prepared to comply with current and forthcoming privacy laws.