Geneva, April 8, 2020, Geneva International Press Club
The central administration of identities, authentication and credentials create huge risks for privacy and availability. We do not want that an identity provider – be it a private company like Google or a government – knows all our credentials and is able to decide whether we should be able to use them.
Many people in the developing world lack identification which deprives them from using many services like banking. Refugees also often lack proper identification. Assigning them with an electronic identification – often based on biometrics – exposes them to risks that should be avoided or at least minimized.
Blockchain and Privacy Enhancing Technology are the basis for a different concept: Decentralized Identity or Self Sovereign Identity (SSI) which means identification that is controlled by users. Consortiums and startups like Sovrin, uPort or Jolocom offer frameworks that promise to protect privacy and empower users. The World Wide Web Consortium has already created standards in this context: Decentralized Identity and Verifiable Claims.
However, are these approaches delivering on their promises? Do they grant good technical privacy protection? Are they compliant with privacy regulation?
Decentralized identity pursues an aim that is in line with the fundamental right of protection of personal data (Art. 8 EU Charta of Fundamental Rights), the Convention 108+ of the Council of Europe and the goals of the GDPR – the European Data Protection Regulation. However, the GDPR is not technologically neutral and has friction points with decentralized technologies like Blockchain.
The goal of this conference is to discuss different technical approaches, use-cases as well as the legal evaluation for decentralized identity. It follows a conference on Blockchain & GDPR that was held in November 2019 in Berlin. The approach is a multi-disciplinary expert conference. It includes a Thinkaton where participants can discuss and develop concepts with experts in the field.
The conference will bring together
- privacy experts with a legal and a technical background
- startups and initiatives from the field of self sovereign identity
- data protection officers
- decision makers who want to use electronic identification and search for a way to protect privacy
Decentralized Identity and Self Sovereign Identity
- Introduction to the technology, why is it different from centralized identification?
- Overview of different frameworks
- Web of trust or hierarchical trust?
- Usability of Decentralized Identity
- Discussion: Advantages and drawbacks
Use-cases of Decentralized Identity
- Presentation of different use-cases of decentralized identity
- Friction points of decentralized technology and GDPR
- Privacy risks of Decentralized Identities
- Revocation of credentials as processing of personal data
- Discussion of possible use-cases in small groups
- What are good and bad use-cases for Decentralized Identities?
- Can we ensure GDPR-compliance of Decentralized Identities or is GDPR blocking better privacy?
- The role of bio-metric data in Decentralized Identitiy