Session Abstract: This decade may well be labeled “the decade of the digital credential.” From COVID passports to mobile driver’s licenses, digitized credentials transforming to “born digital” credentials, and governments and large tech companies developing their own wallets, personal information has never been easier to share with the wave of a device. The convenience is amazing, and the privacy implications are terrifying.
Even scoping the issue down to government-issued credentials or credentials directly derived from government data, there are a variety of requirements feeding into this growing ecosystem:
user control of data
data minimization
relying party accountability
extensibility to other domains
optional audit log of transactions and ability to assert rights (CCPA, GDPR)
minimization of fraud
In this session, we will discuss the outcomes of an anticipated white paper on government-issued credentials and the privacy landscape (publication date expected in April 2023). The issues at hand are not solely about policy, nor are they only about technology. It is about closing the policy and protocol gaps that exist between today’s disparate solutions and services, and providing a vision of a privacy-preserving, globally viable privacy landscape.