WEB 3 and data decentralization - Part 3

(leggilo in italiano)

In previous articles (part I, part II) we have seen how in a decentralized system a verifiable credential carries both the information to be transmitted and the digital signatures of the emissary and the owner for authentication and verification. In this article we will see how using SSI can facilitate and easily solve the problem of transferring personal data between different jurisdictions regulated by different laws such as GDPR for example in Europe.

For a company, the proper management of personal data and its use either to save it or to be able to use it in different spheres always needs the consent of the user. In a centralized system, this consent is recorded the moment the user agrees to their personal data processing. It is clear that if circumstances change, or the data must undergo a different treatment not covered in the initial description accepted by the user, the company risks very large fines if it proceeds with the use.

In some situations such data may also not be easily transferable between different jurisdictions, either for legal reasons or because of the complexity of the infrastructure required. With a decentralized system many of these problems can be solved more efficiently. Let's look at a practical example.

Suppose we have a chain of hotels with locations around the world, and we want to give a simple user experience when checking in at the various locations. In a centralized system, it's clear that the customer's data is recorded in a database that is managed by the company and then needs to be shared with the various locations scattered around the world. This is because we want to automate the check in when the same customer is a guest at another location. Already with this premise we have a system whose data must be exposed so that the various locations can draw on the customer's data. Exposing data also means that we have to secure the system, to prevent cyber attacks, and above all, make it clear with the client that their data is also used in sharing with all the other locations around the world. If this doesn't happen, it's obvious that the customer when traveling in the same hotel chain will be forced to check in again every time, and so you lose simplicity in the user experience.

How do you solve this problem with a decentralized system?

During the customer's first check in, the system using SSI creates a verifiable credential that contains the customer's personal information, including ID number, passport for example with expiration date, a photo, and perhaps even a personal profile for example food allergies and room heating preferences. This credential is then issued to the customer who stores it in their digital wallet. The latter could be the hotel chain's proprietary app to empower branding and build customer loyalty.

When the customer arrives at another venue, to check in now all they have to do is scan a QR Code and the system verifies that the data in the verifiable credential is correct to allow registration. This venue, as you can guess, neither has to be connected to the central database nor ask for consent to use the data because the data came with the customer herself and confirmed it from her digital wallet! In fact, confirmation to share credential data is itself a consent to its use in order to use a service.

Our hotel chain by going to use a decentralized system has not only solved the problem of sharing personal data in an optimal way, but it has also taken away a whole range of infrastructure, sharing and secure maintenance of data that is now the responsibility of the various locations, and their local laws, that can use them only for the duration of the service and then eventually remove them. This is definitely a big cost savings for the company.

We should note how the data once saved as a verifiable credential can be verified not only by the locations of the same hotel chain, but also by other hotel companies. The important thing in SSI transactions is to verify that the emissary is a secure source of the data in the credential. This means that I could also do partnerships with SSI-enabled restaurants whose customers can take advantage of discounts if they have credentials from a specific hotel chain and thus build customer loyalty. And all this without recording anything in common databases, but through checking and verifying credentials in the customer's digital wallet!

Clearly, all locations must be SSI-enabled, but this can easily be managed by the parent company with a multi-tenant SSI system such as sideos and then give/remove access to SSI functionality to each location via console. It is important to note how no data is saved by the parties during an SSI interaction, but only managed in transit to allow the system to be able to verify digital signatures and confirm the authenticity of the data itself.

Decentralizing data where possible, and moving into WEB3 is certainly a great strategy for companies that want to invest in user experience and simplification of transactions, rather than the cost of infrastructure and data maintenance.