Given the regularity of news items that expose data breaches from companies and organisations, it’s clear that the tide of opinion is turning towards a greater degree of privacy online. Not only are our personal details being sold to the highest bidder in the more murky parts of the dark web, but the intellectual property of many companies is being leaked, an issue that cause, at best, embarrassment for those involved.
In an exclusive interview with Tech Wire Asia, we asked the CEO of Affinidi, Glenn Gore, whether he thinks that commercial approaches by companies to data privacy are changing in accordance with public dissatisfaction with how their personal details are being used and lost.
“It’s evolving, and it’s unfortunately heading in the wrong direction, especially with the rise of AI. We know that last two years has seen incredible innovation from GenAI, but it is trained on public data sets. I think the world’s been a little shocked at how some of those public data sets have been used. You’ve seen that everywhere, from songwriters, musicians, script writers to social boards, where that data is being consumed at massive scale.”
Even with extensive customer records combined with available third-party records, there are issues with building customer profiles. The fragmentation of data means that companies can’t produce accurate pictures of any one individual regardless of whether they use AI algorithms or not. Building a profile of ‘the perfect customer’ and providing the goods and services they desire is impossible, because every entity has different personas depending on how they exhibit themselves online. A consumer might buy a certain brand and type of goods from one retailer, but will present quite a different digital profile when engaged in hobby activities online.
Affinidi’s Trust Network (ATN) provides a decentralised framework that prevents data misuse, such as hacked credentials and unauthorised access to personal details, while enabling secure and consensual data sharing. Through the use of Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs), the ATN ensures that users have full control over the verified data they disclose to companies or third parties, so enhancing privacy and trust in digital interactions.
“Particularly for younger generation who’ve grown up in a digital world, transparency and trust, I think, become the new economy,” Glenn said. “I think companies that can establish trust with their customer base faster and better than others enter this flywheel effect, where the more trust they engender within their customer base, the more that customer base is actually going to be willing to share about themselves.”
The flip-side for the consumer is, Glenn explained, “The more I share about myself, I can see the experience changing, and I see value being created from that. I’m going to trust that [a company] is using my data for the right purpose, and I’m going to want to share more with them. And this is where companies that have that flywheel effect around trust are almost going to be untouchable.”
Holistic Identity and the Affinidi Iota Framework
The concept of ‘holistic identity’ is an integral part of the ATN. It is about giving individuals access and control of their own data. The Affinidi Iota Framework enables organisations to request only essential data points from individuals with their explicit consent, without organisations requiring to store non-essential details. Snippets like a person’s legal age or the professional certifications they have earned can be confirmed without passing on any additional details: there is a big difference between proving that a shopper is over 21 and providing full date-of-birth, for example.
Glenn uses the example of a bank loan, that at present requires a mass of compliance measures on the part of the bank, and the provision of highly sensitive information by the prospective lendee.
That’s two problems, he told us: the information supplied to the bank can be used for inference about the loan applicant, and the bank now has data that it has to protect.
An Iota (from the Affinidi Iota Framework) is essentially a query – a predefined set of rules or conditions that allows organisations to check whether certain criteria are met, without needing access to underlying data. It’s a privacy-preserving tool that allows computations to be made on personal data, while keeping both the data and the specific query details secure and confidential.
In this instance, if a bank provides an Iota that defines the criteria for loan eligibility, a prospective borrower can run this Iota query against their personal data without revealing any of their information to the bank. At the same time, the borrower remains unaware of the bank’s specific criteria. This creates a secure, privacy-preserving way to assess loan eligibility, where neither side gains more knowledge than necessary.
“Several powerful things happen in this process. The Iota query accesses only the relevant data stored in the individual’s personal vault, ensuring that no unnecessary information is leaked. The bank remains unaware of the applicant’s identity or personal details throughout the process. If the borrower doesn’t meet the criteria – for instance, due to insufficient savings – the Iota query returns a result indicating that the loan cannot be approved. At this point, the borrower has the option to share this outcome with the bank, but is under no obligation to do so, maintaining control over their private information.
“[Later,] they meet the criteria. ‘Do you give consent to share the result of this?’ And as part of this sharing of the result, the Iota will share just the input data, say, value of liquid assets and being paid at least $5,000 a month. But the loan applicant is not sharing pay slip data [which contains extraneous yet highly sensitive information]. Now a consent record goes back to the bank saying a verified identity, issued by a trusted party, of [customer name] was run against an Iota criteria, and they passed the checks. They can now choose to onboard as a customer.
“You can apply that to anything. Healthcare: Have you had blood work done? Dating sites and so on. You can use it for anything you want, and that’s really the power of it.”
The power of the message
A further difference in the ATN is the medium messages travel through. SMS and email were designed so that the owner of the account or number can be contacted by anyone. Affinidi Messaging is a decentralised messaging standard where the default position is you cannot send or receive messages.
“What’s the utility in that? Well, actually, that’s the first big safety feature of it. As you onboard, and you establish customer relationships with third parties, what you’re really doing is establishing a relationship between yourself as an identity and the third party. If I’ve opened a bank account with a bank, I give permission for it, with its known public key, to contact me. The message can be cryptographically signed and accessed only with my private key so I can be sure that this is absolutely the bank contacting me. So now I have a very secure communications channel at a relationship level between myself and the bank. Or between myself and the site I just bought some shoes from.”
So the Affinidi Trust Network provides privacy and encrypted communication with verified parties (which, Glenn told us, can be humans, businesses, AIs, machines or any digital system), and everything operates on the basis of trusted relationship and consent.
All about the CX relationship
But if we shelve the technical aspects of the framework, what we have is a way that trust can be manifest digitally: trust in a vendor, and trust in the truth of identity. It’s that basis that will form the next generation of CX, quite different from the scattergun approach to what we call customer experience at present.
“If you just strip all the fancy technology away, what we’re building is to allow companies or businesses to build trusted relationships with their customers, to allow their customers to share more about themselves, in order to get better experiences. And if you do that right, that creates a competitive advantage. The current technology stack does not allow that to occur, which is why we’re talking about a holistic identity approach. It touches everything from the concept of identity to authentication and authorisation as part of your onboarding, to how we communicate and share between each other using messaging, to consent management and privacy, with confidentiality at a personal level.”
Compared to the single sign on systems we use currently, Glenn says the ATN is “just a better way to manage identity and the relationships that identities create between themselves.”
But the network effect is difficult to create. Outside of Europe, India is one of the first countries that mandates consent from the individual for data sharing, and addresses the concept of a third-party data manager.
“I look at the DPDPA [enacted in 2023 – pdf] and say, that fits perfectly with what Affinidi is building because we can help facilitate the consent. This is where we’re starting to see the first real drivers. Because the great thing about DPDPA, is it’s government backed. Businesses in India must use these types of capabilities, so the planets are aligning. It’s still going to take time, but I think once they do start to align, I hope that there’ll be quite a rapid tipping point.”
The eyes of privacy advocates are firmly on Affinidi, while observing the effects of DPDPA as it takes hold. The eyes of every brand that wants to build more meaningful and trustworthy relationships with customers and third-parties should be on the same places.
To find out more about Affinidi, the Affinidi Trust Network and the Affinidi Iota Framework, head over to the relevant web pages.
