As global commerce moves ever more rapidly online, secure and effective provision of digital identity is becoming the lifeblood of the world economy. The ability to verify users’ identities while they complete transactions and access services online is a key enabler for social, economic and financial development; governments, regulatory bodies and the private sector are, accordingly, committing significant resources to its development over the near future. The prize is great not only for those who succeed in providing such solutions – a market opportunity estimated by McKinsey to be worth as much $20 billion by 2022. User trust makes possible countless transformative digital innovations throughout the public and private sectors, and the future existence of the Internet of Things. If this progress is not secured, great strides in quality of life for billions of people globally could be lost.
Among the most promising ways of helping to achieve this trust is though distributed ledger technologies (DLT), in particular a subset commonly known as blockchain. Through an asymmetric cryptography system, DLT can verify the identity of an entity generating a transaction, by ensuring the address code presented for a transaction matches pairs with that owned by the known user. Many analysts believe that DLT is already ushering in a new era in digital identity which promises both higher efficiency and greater control to the end user, by largely eliminating the need for centralised bodies to monitor and assess identity claims. In some higher-risk implementations a trusted third-party body may still be used to arbitrate and validate claims; however even in such cases identity data itself is not provided, rather the attributes of the claim’s originator are checked for consistency with the claimed identity. A decentralised, user-centric approach can thereby be employed, in which control of personal data is passed back to individuals, which has become one of the most distinctive and popular characteristics blockchains have to offer.
A lack of understanding of how existing legislation and safeguard measures apply to this new and disruptive technology, however, are potentially threatening the deployment of blockchains. Overwhelmingly, experts are of the opinion that DLT and blockchains are an implementation choice and specific legislation and regulations are not needed. Existing regulations and guidelines such as the EU’s General Data Protection Regulation (GDPR) the APEC Cross-border Privacy Rules, and the OECD Privacy Principles – or, in the case of DLT-based virtual currencies, the EU’s Fifth Anti-Money Laundering Directive – can provide a useful starting point for many current use cases while creating a ‘best practice’ environment for the design and deployment of the ledger itself. But, like any young technology, DLT is subject to significant change, and indeed change over time is inherent to the way it works.
There is cause for optimism, however; the very existence of these comprehensive frameworks is illustration of the solid grounds on which to expect that, as the market develops around DLT, regulatory adaptation will be undertaken as required. In February 2018 The European Commission launched the EU Blockchain Observatory and Forum in part to aid this process, by monitoring and showcasing key developments in blockchain technology, and promoting the activities of European actors in the space. By stimulating engagement between relevant European stakeholders, and consideration of blockchain’s place in the legal order, the Commission hopes to accelerate blockchain’s development as a tool for widespread deployment.
The GSMA,as a member of the EU Blockchain Observatory and Forum, is pleased to offer assistance to that end on behalf of the mobile network industry. Mobile network operators are well-placed to play a vital role in helping bring blockchains to widespread use in digital identity. The GSMA therefore published a detailed report last month considering the regulatory status and implications of blockchain in the context of digital identity provision, which can be found here. We are confident of the contribution it will make to the process which – while already well under way – cannot arrive at a conclusion soon enough, if the benefits we all hope to see are to be achieved. The opportunities for mobile operators to use blockchains for identity solutions are starting to emerge rapidly: the GSMA’s Identity Programme is investigating how to use blockchains to make the existing pan-industry solution Mobile Connect solution convenient for users via DLT. It would appear the time for the hype and speculation around blockchain has passed, and the time for practical application is, finally, truly here. We await developments on this front with considerable anticipation.
Download ‘Distributed Ledger Technology, Blockchains and Identity: A Regulatory Overview’