The Future of Personal Data and Digital ID

Technology

Introduction

The popularity of the web has given birth to a new data economy. A. Asensio recognises that the most successful companies on the web are “data-driven and data-focused”. These are the likes of Facebook, Amazon, Google, and Apple [1]. Therefore, as data has become the new gold, this has given rise to several ethical considerations in relation to personal data.

Defining Personal Data

Hummel et al. acknowledge that data creates benefits and potential for agents and stakeholders, but that it also leads to challenges in retaining control over their data. Furthermore, the issue of data sovereignty encompasses a range of agents, including individual consumers, entire societies, and countries. This has ultimately caused conflicting claims to data sovereignty [2].

In the UK, data sovereignty and personal data governance are handled within the confines of the UKGDPR (United Kingdom General Data Protection Regulation). Within the UKGDPR and European GDPR, entities are recognised as:

  • Controllers, or joint controllers, as the names suggest, are the people in control of the data.
  • Processors, or sub-processors, may perform processing operations on data but do not have overall authority.
  • Data subjects are the people whose data is being controlled or processed [3].

However, it is also important to establish what exactly constitutes personal data. According to K. U. Fallatah et al., personal data can be classified into multiple dimensions, as illustrated in [4, Fig. 1].

Figure 1. Dimensions of Personal Data

[4]

As can be seen, personal data is generated from a variety of sources. However, it is worth noting that in North America, it is common to refer to personally identifiable information (PII), which includes medical, educational, financial, and employment information. All this information, under GDPR, is considered personal data. However, GDPR covers a much wider scope of data [5].

Personal Data Risks

Personal data is often sold for profit or used for surveillance, such as tracking movements and monitoring behaviour [6]. Many people are unaware or simply indifferent to how personal data is used. A private company, Nomidio, carried out an analysis in 2020 and found that “At least 39 different organisations hold personal data on the average UK citizen” and “82% of people are unsure of what personal information companies hold about them” [7]. Another private organisation, ProPrivacy.com, claims to have succeeded in persuading 99 percent of survey respondents into agreeing to ridiculous things within their terms and conditions, e.g., signing over the naming rights of their first-born child and inviting an FBI agent to Christmas dinner [8].

Similar findings have also been reflected in the academic literature. S. Schudy and V. Utikal state that few consumers take the time to read, understand, and make conscious choices about opting out of information sharing [9]. Furthermore, J. H. Beales and T. J. Muris recognise the impracticability of the notice approach to privacy, stating consumers see information sharing as “not worth thinking about” [10].

Paradoxically, a study by Pew Research found that 79% of Americans are concerned about the way their data is being used by companies, and 64% are concerned about the government collecting data on them. D. Lupton and M. Michael stated that “several highly-publicised events and scandals have drawn attention to the use of people’s personal data by other actors and agencies, both legally and illicitly” [11]. One such event is the Cambridge Analytica scandal. The British consulting firm was able to collect data from 87 million Facebook users without their consent, including 320,000 user profiles and their friends’ data [12]. Therefore, awareness and fears due to such events have increased.

Proposed Solution

Ultimately, data protection has become a priority. As a result, many privacy-enhancing technologies (PETs) are being developed to assist organisations and individuals with better data protection [13]. One proposed solution is an abstract concept called a personal data store (PDS). There are many types of PDSs with various use cases and implementations. However, the basic concept is to “decouple data from applications” [14] to give users control over their data. H. Janssen et al. state that “PDSs represent a point for user intervention and mediation in digital ecosystems” [15]. H. Janssen et al. go on to describe the potential architectures of PDSs. These could potentially be a physical device designed for the home or, alternatively, software that is stored in the cloud [15].

Tim Berners-Lee’s company, Inrupt, has developed a product they call PODS (Personal Online Data Store). They envision three options for users. Either a physical or cloud-based POD is provided by the PDS supplier, or alternatively, if a user has the technical know-how, they could run their own POD on their own hardware with open-source software [16]. Of course, this would make users responsible for their own security and hardware maintenance, which is beyond the reach of the average user.

Ultimately, the goal of a PDS’s functionality is to:

  • Capture and store users’ personal data locally within their own device (either at home or in the cloud), separating personal data from applications.
  • The computation of data is to occur locally on the PDS (analytics), with constraints put on managed apps as directed by user preferences. User preferences will be stored with the PDS manifest, and options could be set horizontally across all apps, e.g., by not sharing location data with any app, or specific settings could be applied for individual apps. Ultimately, the idea is to have granular data settings.
  • Management and control regarding any transfer of raw data and/or results of analytics
  • The ability for users to monitor, manage, and control all the above, with risk ratings applied to apps, much like in the Google Play Store or Apple App Store. As well as the provision for logs, audits, and visualisations to provide users with insight as to exactly how their data is being used.

[4] [15]

Cloud-Based PDSs

If PDSs see mass adoption, it is likely that the average user will choose a PDS that is provided by a supplier. i.e., they will not run their own open-source software because of the technical skill required. Furthermore, cloud services will likely be the more cost-effective option as opposed to physical devices, as there is no manufacturing cost. Therefore, it is likely that cloud-based options will be a popular choice among consumers. W. Li et al. state that cloud subscription models are lucrative business models [17]. However, W. Li et al. go on to say that cloud systems have encountered serious trust and security problems:

  • In 2016, Cloudflare experienced a critical bug in its software, which resulted in a privacy data leakage that affected approximately 2 million websites. This included well-known companies such as Uber.
  • In 2017, Microsoft experienced a failure in its Azure public cloud storage, which affected many cloud-based businesses for more than 8 hours.
  • In 2017, Amazon had a security breach in its AWS cloud service, which resulted in the exposure of the personal information of 200 million US voters.

[17]

It is the author’s view that ultimately, the concern with the cloud-based model is that users data will remain in the hands of a third-party, i.e., a cloud PDS provider. Therefore, users will be at the mercy of their competence, reliability, and integrity. Furthermore, PDS providers will be constrained by the laws in their location, which may require that access to data be given to authoritarian governments. Similarly, criminals may breach the security of the PDS provider’s servers, or the PDS business owners may not act lawfully or in the interests of their customers.

Comparisons can be drawn with the crypto industry. Recent events demonstrated the fragility of coin exchanges, which are essentially cloud-based services that store crypto keys and manage crypto currencies on behalf of customers. Sam Bankman-Fried (SBF) and his coin-exchange company, FTX, collapsed. SBF has been charged with alleged illegal political donations and bank fraud, and his customers were left with heavy financial losses [18].

This contrasts with the model that many Bitcoin activists follow, which is to store their crypto keys either on a hardware or software wallet that only they control (this is known as a self-custodial wallet) and that gives no access to third parties. Not even governments could access a self-custodial wallet by demanding organisations give them access, because without the keys, which are secured by the cryptographic 12-phrase password, which only the user knows, it is currently seen as impossible to gain access. This is why there is a common adage in the crypto world that states, “Not your keys, not your coins” [19]. Ultimately, trusting third parties with anything valuable, whether that is data, crypto currency, or anything else, puts individuals at the mercy of third parties.

Physical PDSs

Physical PDSs, of course, will incur extra costs in terms of manufacturing. However, this extra cost could potentially lessen the risk of a centralised server being hacked and putting user data at risk. Though at the same time, it would require that the device be designed securely so that these devices do not become vulnerable to attack, especially when connected to a smart home network [20].

In 2019, the BBC announced that they were working on a prototype called the BBC Box. It was powered by a Raspberry Pi computer and used the Databox personal data management system [21] [22]. It is the author’s view that a physical PDS could be a viable solution, provided that the design is secure. However, a physical device would not negate the risk entirely, and in fact, having a user’s data stored in one place could potentially make the device itself a target.

Benefits and Risks

Ironically, one of the things touted by PDS supporters is that with more trust, users will likely be less resistant to data sharing. i.e., this may lead to the sharing of more useful data. For example, a combination of medical data could be matched with eating patterns, or bank statements could be combined with shopping history to analyse a user’s spending habits or health choices for deeper analytical insights [4] [15]. However, considering the already existing risk to personal data, the author is concerned that encouraging people to create and store even more personal data is potentially counter-productive. Therefore, more research is needed as to the potential risks of encouraging people to store even more personal data that can potentially be accessed online.

However, it is fair to recognise that there are many potential benefits of a PDS for users. including personalised services, granular control over data sharing and processing, better informed consent guided by risk ratings, real-time monitoring with visualisations, prevention of unauthorised access by app developers, incentives for app developers to become more privacy-oriented, and opportunities for users to monetise their data [4] [15]. However, these benefits will likely vary depending on the implementation of a particular PDS, and thus, caution should be taken to ensure that PDSs do not inadvertently create more risk for users and their data.

Legal Implications

Due to the variations in PDS implementation and design, the Terms of Service (ToS) will also likely vary. Furthermore, governance and technology are still evolving. Therefore, it is not yet clear how PDSs will affect GDPR and current case law [15].

H. Janssen et al., propose the following potential problems and changes:

  • If data processing is carried out by several organisations, it may be more difficult to identify the controller or joint controllers. This conflicts with the initial intention of GDPR, which is to assign responsibility for data handling. Though it is possible that both PDS platforms and app developers will become joint controllers,
  • With platforms, users, and developers playing varied roles depending on the specifics of a PDS, this collaboration of entities makes it more difficult to determine the exact role of each entity.
  • Currently, data subjects are seen as “passive” in data processing, but as users and data subjects are given more control, this may challenge the GDPR label of data subject.
  • Lastly, open-source software has the potential to challenge both the labels of controllers and processors because, due to the nature of PDS technology, technically, a user has the potential to become a data subject, processor, and controller in varying degrees. Yet, it is unlikely that they will be classified as controllers or processors since most home users’ activities would fall under the household exemption. This is where individuals are exempt when data is not being used for commercial interests [15].

As we look to the future of privacy law, it is important to recognise the disconnect between the law as it is written and implemented. The GDPR law in and of itself has been insufficient at protecting people’s privacy. The law alone simply cannot do this, hence why we have seen several proposals for PETs and indeed PDSs. As P. Arora plainly puts it, “The notion of GDPR as a golden and global standard is commendable. However, regulations are meaningless without enforcement. And yet we disproportionately focus on the design of the law and far less on the implementation” [23]. 

Digital ID

Another risk of PDSs is not the PDS itself, but another technology that is required for the PDS concept to work. That is digital ID, and potentially, and more dangerously, persistent digital ID. Ultimately, for any user to have their personal data assigned to them, they must be identifiable, and for consistency, that ID would need to be persistent.

Traditionally and more broadly, identification has been issued in the form of physical identification by a central authority, such as governments. This includes passports, driving licences, and national insurance numbers. However, globally, there has been a push towards digital ID as part of the United Nations member states adoption of the “Sustainable Development Goals”. This includes a commitment to legal identity for all by 2030 [24]. In the UK, the government has drafted new legislation to make digital IDs more valid [25]. However, not all digital ID is the same, and how digital ID is implemented will have varied consequences.

Up until now, verification online has often been done with phone numbers, email addresses, and usernames. However, these identifiers are issued and controlled by the suppliers, such as phone and email providers, as well as social networks. As a result, these identifiers can be revoked at any time by the issuer, leaving the user without their identification [26]. B. Podgorelec et al. label this model of digital identification and authentication as “isolated” because the user requires different credentials for each service provider [27]. The issue with this model, as J. Sedlmeir et al. recognise, is the dissatisfaction of users with the need to remember multiple passwords [28].

Podgorelec et al. go on to describe the “central identity” model, whereby users will register with an identity provider that will authenticate them to multiple services. However, this makes the central identity provider a “single point of failure” [27]. B. Podgorelec et al. continue with the “Federated Model,” whereby a circle of trust is created with multiple identity providers. This prevents a single point of failure, and users’ information is stored in a more distributed manner. The European eIDAS framework is an example of this and allows EU Member States to enable cross-border authentication [27]. However, all the above models rely on central authorities to store users’ data, which makes them vulnerable to attack.

As a result, many PDS creators opt for a form of digital ID known as decentralised identifiers (DID). DID is a W3C standard. They are designed to be a verifiable identifier and not require a centralised authority. It is said by the W3C that DIDs will “enable both individuals and organizations to take greater control of their online information and relationships while also providing greater security and privacy” [29]. A DID should be decentralised, persistent, cryptographically verifiable, and resolvable [30]. There are different potential implementation methods for DIDs. These include:

  • Distributed ledgers such as Bitcoin, Ethereum, or a custom-built ledger.
  • DID documents stored on a specialised website [31].

Essentially, the identifier of a DID is simply a new type of Uniform Resource Identifier (URI), as can be seen in [31, Fig. 2]. The `did` section is the type of URI, much like the http in today’s Uniform Resource Locators (URLs). The `sov` is the type of DID, whether it is stored on the bitcoin network or another. Then the final part of the URI is the individual identifier. Finally, the DID is cryptographically protected by public and private keys.

Figure 2. DID

[32]

Prof. G. Gensler from MIT discusses how digital IDs on the blockchain are basically hash functions, and once stored, they are immutable [33]. Therefore, it works well for persistent ID. However, Prof. G. Gensler raises an important issue as to how the blockchain is an open ledger; therefore, it may not be suitable to store personal information on it [33].

A WebID is another type of digital identifier built into your browser with current web technologies, using Transport Layer Security (TLS) and digital certificates with public and private keys generated by the browser and authenticated by the server. They also use a URI along with linked data. As a result, WebID also does not require a central issuing authority, nor does the user require a password [34].

There are many similarities between DIDs and WebIDs. For instance, both use URIs that resolve to linked data documents, and both are interoperable. However, WebIDs tend to store more PII information, such as name, email, or user profile pictures, which DIDs do not. Furthermore, there are multiple potential implementations of DIDs, including both web and distributed ledgers, whereas, as the name suggests, WebIDs are purely web-based [35]. Ultimately, though, both WebIDs and DIDs are very similar concepts, and both are seen as important technologies for the future of digital authentication within the W3C community; thus, both are W3C standards.

The EU is considering the DID standard as well as other centralised and federated identity models for their EU digital wallet [36] [37]. According to the European Parliamentary Research Service (EPRS), “European citizens should have the possibility to use a digital identity to access key public services by 2030 and to do so across EU borders” [38]. They also propose that EU citizens will be able to “identify and authenticate themselves online (via their European digital identity wallet) without having to resort to commercial providers” [38]. They claim that using commercial providers “raises trust, security, and privacy concerns” [38].

There is much debate as to the implementation and requirements for digital ID. Ursula von der Leyen, President of the European Commission, stated, “Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data. That is why the Commission will propose a secure European e-identity. One that we trust, and that any citizen can use anywhere in Europe to do anything from paying your taxes to renting a bicycle. A technology where we can control ourselves what data is used and how” [39].

Ivan Bartos, the Czech Deputy Prime Minister for Digitalisation and Minister of Regional Development, has said, “Digital technologies can make our life so easy. I am convinced that a European digital identity wallet is indispensable for our citizens and businesses. We are looking at a massive advancement in how people use their identity and credentials in everyday contact with both public and private entities, and in how they use digital services. All while firmly keeping control over their data” [40].

However, Rob Roos, an MEP and a member of the European Conservatives and Reformists Group, has said, “The EU wants to ram the Digital Identity through. I took the initiative to hold at least a Plenary vote on it. A plan as far-reaching as the Digital Identity merits a debate. But the majority of the MEPs voted to ram it through directly. Shameful & undemocratic”  [41] [42].

It is not just the EU that is pushing forward with digital identity and PDSs. Digital ID is seen as a necessary development in a modern technological world. M. Dahan and R. Sudan of the World Bank state that a “lack of personal official identification (ID) prevents people from fully exercising their rights and isolates them socially and economically” [43].

In the UK, according to Computerweekly.com, the British government has also looked to Tim Berners-Lee and his company Inrupt to help with their digital identity plan [44] [45]. Furthermore, it has been reported that Natwest Bank, BBC, NHS, and the government of the Belgian region of Flanders are running pilot schemes using Berners-Lee’s Solid Servers [46] [47] [48].

Tony Blair, the ex-British prime minister who led the UK into war with Iraq, a war that Kofi Annan The United Nations Secretary-General called it “an illegal act that contravened the UN charter” [49], and a war that led to a “massive death toll” [50] supports digital IDs. Blair has expressed his support for a medical database for citizens vaccine status at an address at the World Economic Forum [51] and joined forces with William Hague in a BBC Radio 4 interview, claiming that digital ID should be “compulsory” for everyone [52].

However, Silkie Carlo, director of the campaign group Big Brother Watch, has responded by saying that the “sprawling digital identity system” promoted by Blair and Hague “would be one of the biggest assaults on privacy ever seen” [52]. Conversely, the Tony Blair Institute for Global Change has been promoting digital ID for many years and published an article during COVID lockdowns stating, “The careful application of technology offers a way out, at a price: dramatically increased surveillance” [53] in an article titled “Everyone Needs to Give Up a Little Privacy to Help Defeat Coronavirus” [53].

Despite the push towards digital IDs by some politicians and wealthy organisations [54] and, of course, the convenience and practicality of the technology, there are, however, serious concerns. J. Schroers reasons that “the introduction of a unique and persistent identifier could be understandable from a practical point of view but cannot be accepted due to its risks” [55].

J. Schroers highlights these risks by stating that “all information about a person can be connected and a full profile can be made without the knowledge of the person, which can be used to their disadvantage” [55]. Furthermore, “all the information about a person can be connected throughout one’s whole life, even if, for example, somebody changed their name or moved to another country for good reasons”. Lastly, persistent identifiers “can facilitate unlawful data exchange, aggregation and profiling” [55].

Furthermore, T. Lohninger of the digital rights umbrella group said during an EU eIDAS reform hearing that persistent identifiers are “illegal in Austria and the Netherlands and unconstitutional in Germany” and that “proper safeguards are missing” [56].

Summary

The implications of PDS and digital ID are far-reaching but may be good or bad. This will depend entirely on the technical implementation. The result will either be decentralised, giving users more control, or centralised, giving governments and tech companies more control. However, these technologies are still being developed and evolving without mass adoption. As a result, the future of data and identity is still unknown.

Ritchie Robinson

References

 

[1] A. Asensio, “The Role of Data,” in World wide data: the future of digital marketing, e-commerce, and big data , New York, Business Expert Press, 2018, pp. 27-39.

[2] P. Hummel, M. T. M. Braun and P. Dabrock, “Data sovereignty: A review,” Big data & society, vol. 8, no. 1, p. 205395172098201, 2021.

[3] ICO, “What are ‘controllers’ and ‘processors’?,” [Online]. Available: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/controllers-and-processors/what-are-controllers-and-processors/. [Accessed 18 Apr 2023].

[4] K. U. Fallatah, M. Barhamgi and C. Perera, “Personal Data Stores (PDS): A Review,” Editorial Board Members’ Collection Series: IoT Security, vol. 23, no. 3, p. 1477, 2023.

[5] Tech GDPR, “What is the difference between personally identifiable information (PII) and personal data?,” 27 Jun 2019. [Online]. Available: https://techgdpr.com/blog/difference-between-pii-and-personal-data/.

[6] J. Sadowski, S. Viljoen and M. Whittaker, “Everyone should decide how their digital data are used – not just tech companies,” Nature (London), vol. 595, no. 7866, pp. 169-171, 2021. .

[7] J. Coker, “Personal Data of the Average Brit Held by at Least 39 Different Organizations,” 13 Jul 2020. [Online]. Available: https://www.infosecurity-magazine.com/news/organizations-personal-data-brit/.

[8] D. T. Sandle, “Report finds only 1 percent reads ‘Terms & Conditions’,” 29 Jan 2020. [Online]. Available: https://www.digitaljournal.com/business/report-finds-only-1-percent-reads-terms-conditions/article/566127.

[9] S. Schudy and V. Utikal, “‘You must not know about me’ – On the willingness to share personal data,” Journal of Economic Behavior & Organisation, vol. 141, pp. 1-13, 2017.

[10] J. H. Beales and T. J. Muris, “Choice or Consequences: Protecting Privacy in Commercial Information,” The University of Chicago Law Review, vol. 75, no. 1, pp. 109-135, 2008.

[11] D. Lupto and M. Michael, “‘Depends on Who’s Got the Data’: Public Understandings of Personal Digital Dataveillance,” Surveillance & Society, vol. 15, no. 2, pp. 254-268, 2017.

[12] C. O. Schneble, B. S. Elger and D. Shaw, “The Cambridge Analytica affair and Internet-mediated research,” EMBO Reports, vol. 19, no. 8, 2018.

[13] ICO, “ICO publishes guidance on privacy enhancing technologies,” 07 Sep 2022. [Online]. Available: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/09/ico-publishes-guidance-on-privacy-enhancing-technologies/.

[14] Inrupt, “The Solid Pod model connects people to their data,” [Online]. Available: https://www.inrupt.com/solid. [Accessed 20 Apr 2023].

[15] H. Janssen, J. Cobbe, C. Norval and J. Singh, “Decentralized data processing: personal data stores and the GDPR,,” International Data Privacy Law, vol. 10, no. 4, pp. 356-384, 2020.

[16] Solid.org, “Get a Pod,” [Online]. Available: https://solidproject.org/users/get-a-pod. [Accessed 20 Apr 2023].

[17] J. W. L. Wenjuan, J. Cao, N. Chen, Q. Zhang and R. Buyya, “Blockchain-based trust management in cloud computing systems: a taxonomy, review and future directions,” Journal of cloud computing : advances, systems and applications, vol. 10, no. 1, pp. 1-34, 2021.

[18] Forbes, “Bankman-Fried Hit With Four New Criminal Charges Alleging Illegal Political Donations And Bank Fraud,” [Online]. Available: https://www.forbes.com/video/6321045905112/bankmanfried-hit-with-four-new-criminal-charges-alleging-illegal-political-donations-and-bank-fraud. [Accessed 20 Apr 2023].

[19] K. Moreland, “Not Your Keys, Not Your Coins. It’s That Simple.,” [Online]. Available: https://www.ledger.com/academy/not-your-keys-not-your-coins-why-it-matters. [Accessed 20 Apr 2023].

[20] Y. Lee, S. Rathore, J. H. Park and J. H. Park, “A blockchain‑based smart home gateway architecture for preventing data forgery,” Human-centric computing and information sciences, vol. 10, no. 1, pp. 1-14, 2020.

[21] BBC, “Introducing the BBC Box,” 02 Jul 2019. [Online]. Available: https://www.bbc.co.uk/rd/blog/2019-06-bbc-box-personal-data-privacy .

[22] Horizon, “Databox – Privacy Aware Infrastructure for Managing Personal Data,” [Online]. Available: https://www.horizon.ac.uk/project/databox/. [Accessed 20 Apr 2023].

[23] P. Arora, “General Data Protection Regulation-A Global Standard? Privacy Futures, Digital Activism, and Surveillance Cultures in the Global South,” Surveillance & society, vol. 17, no. 5, pp. 717-725, 2019.

[24] ID2020, “The Need for Good Digital ID is Universal,” [Online]. Available: https://id2020.org/digital-identity. [Accessed 22 Apr 2023].

[25] Gov.Uk, “New legislation set to make digital identities more trustworthy and secure,” 10 Mar 2022. [Online]. Available: https://www.gov.uk/government/news/new-legislation-set-to-make-digital-identities-more-trustworthy-and-secure.

[26] B. Dickson, “Decentralized Identifiers: Everything you need to know about the next-gen web ID tech,” 24 Nov 2022. [Online]. Available: https://portswigger.net/daily-swig/decentralized-identifiers-everything-you-need-to-know-about-the-next-gen-web-id-tech.

[27] B. Podgorelec , L. Alber and T. Zefferer, “What is a (Digital) Identity Wallet? A Systematic Literature Review,” in IEEE Annual International Computer Software and Applications Conference (COMPSAC), Los Alamitos, CA, 2022.

[28] J. Sedlmeir, R. Smethurst, A. Rieger and G. Fridgen , “Digital Identities and Verifiable Credentials,” Business & Information Systems Engineering , vol. 63, no. 5, pp. 603-613, 2021.

[29] W3C, “Decentralized Identifiers (DIDs) v1.0 becomes a W3C Recommendation,” 19 Jul 2022. [Online]. Available: https://www.w3.org/2022/07/pressrelease-did-rec.html.en.

[30] W3C, “Use Cases and Requirements for Decentralized Identifiers,” 16 Jun 2021. [Online]. Available: https://w3c.github.io/did-use-cases/.

[31] I. Herman, “Global, distributed, key-value database,” [Online]. Available: https://iherman.github.io/did-talks/talks/2020-Fintech/#/14. [Accessed 22 Apr 2023].

[32] H. Garneau, “Decentralized Identifiers (DIDs) & Self-Sovereign Identity (SSI),” [Online]. Available: https://docs.google.com/presentation/d/1O_jjvRtTsmFSucuw3LdtaVewCRMiX3DmmajT_h20a4w/edit#slide=id.g60bb47d62a_2_8. [Accessed 22 Apr 2023].

[33] G. Gensler, “Session 23: Digital ID,” [Online]. Available: https://ocw.mit.edu/courses/15-s12-blockchain-and-money-fall-2018/resources/session-23-digital-id/. [Accessed 21 Apr 2023].

[34] WebID, “WebID – Universal Login and Identity for the Web,” [Online]. Available: https://webid.info/. [Accessed 22 Apr 2023].

[35] dmitrizagidulin, “Proposal: Support Decentralized Identifiers (DIDs) in addition to Web IDs #217,” [Online]. Available: https://github.com/solid/specification/issues/217. [Accessed 22 Apr 2023].

[36] European Commission, “BLOCKCHAIN AND DISTRIBUTED LEDGER TECHNOLOGIES,” [Online]. Available: https://joinup.ec.europa.eu/collection/rolling-plan-ict-standardisation/blockchain-and-distributed-ledger-technologies-0. [Accessed 23 Apr 2023].

[37] M. Kortenaar, “What is the European Digital Identity and Wallet Framework, and how could the UK benefit from it?,” [Online]. Available: https://siccar.net/what-is-the-european-digital-identity-and-wallet-framework-and-how-could-the-uk-benefit-from-it/. [Accessed 23 Apr 2023].

[38] European Parliamentry Research Service, “Updating the European digital identity framework,” Dec 2022. [Online]. Available: https://open.spotify.com/episode/6w2sub4txt6ygcdb4X1DFN.

[39] European Commission, “Digital Identity for all Europeans,” [Online]. Available: https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en. [Accessed 23 Apr 2023].

[40] European Council, “European digital identity (eID): Council makes headway towards EU digital wallet, a paradigm shift for digital identity in Europe,” [Online]. Available: https://www.consilium.europa.eu/en/press/press-releases/2022/12/06/european-digital-identity-eid-council-adopts-its-position-on-a-new-regulation-for-a-digital-wallet-at-eu-level/. [Accessed 23 Apr 2023].

[41] R. Roos MEP, “Rob Roos MEP,” [Online]. Available: https://twitter.com/Rob_Roos/status/1636775340465963018. [Accessed 23 Apr 2023].

[42] European Parliament, “Robert ROOS,” [Online]. Available: https://www.europarl.europa.eu/meps/en/197709/ROBERT_ROOS/home. [Accessed 23 Apr 2023].

[43] M. Dahan and R. Sudan, “Digital IDs: A powerful platform for enhanced service delivery across all sectors,” 30 Jun 2015. [Online]. Available: https://blogs.worldbank.org/digital-development/digital-ids-powerful-platform-enhanced-service-delivery-across-all-sectors.

[44] Computerweekly.com, “UK government turns to Tim Berners-Lee startup for digital identity plan,” [Online]. Available: https://www.computerweekly.com/news/252506983/UK-government-turns-to-Tim-Berners-Lee-startup-for-digital-identity-plan. [Accessed 23 Apr 2023].

[45] Computerweekly.com, “Government to impose new digital identity system across all Gov.uk services,” [Online]. Available: https://www.computerweekly.com/news/252496337/Government-to-impose-new-digital-identity-system-across-all-Govuk-services. [Accessed 23 Apr 2023].

[46] BBC, “NHS data: Can web creator Sir Tim Berners-Lee fix it?,” 09 Nov 2020. [Online]. Available: https://www.bbc.co.uk/news/technology-54871705.

[47] Inrupt, “Proving the possible: Introducing the Inrupt Enterprise Solid Server,” 09 Nov 2020. [Online]. Available: https://www.inrupt.com/blog/enterprise-server-release.

[48] CNBC, “World wide web inventor launches privacy platform for enterprises; NHS and BBC sign up,” 09 Nov 2020. [Online]. Available: https://www.cnbc.com/2020/11/09/tim-berners-lee-attracts-nhs-bbc-natwest-to-inrupts-solid-platform.html.

[49] BBC, “Iraq war illegal, says Annan,” 16 Sept 2004. [Online]. Available: http://news.bbc.co.uk/1/hi/world/middle_east/3661134.stm.

[50] A. H. Alkhuzai et al, “Violence-Related Mortality in Iraq from 2002 to 2006,” The New England Journal of Medicine, vol. 358, no. 5, pp. 484-493, 2008.

[51] WEF, “100 Days to Outrace the Next Pandemic,” 19 Jan 2023. [Online]. Available: https://www.weforum.org/events/world-economic-forum-annual-meeting-2023/sessions/100-days-to-outrace-the-next-pandemic.

[52] BBC, “Tony Blair and William Hague call for digital ID cards for all,” 22 Feb 2023. [Online]. Available: https://www.bbc.co.uk/news/uk-politics-64729442.

[53] C. Yiu, “Everyone Needs to Give Up a Little Privacy to Help Defeat Coronavirus,” 25 Apr 2020. [Online]. Available: https://www.institute.global/insights/public-services/everyone-needs-give-little-privacy-help-defeat-coronavirus.

[54] ID2020, “Alliance Partners,” [Online]. Available: https://id2020.org/alliance. [Accessed 23 Apr 2023].

[55] J. Schroers, “A Unique Identification Number for Every European Citizen,” 24 Feb 2023. [Online]. Available: https://verfassungsblog.de/digital-id-eu.

[56] epicenter.works, “[ONLINE] PUBLIC HEARING EUROPEAN DIGITAL IDENTITY WALLET AND TRUST SERVICES,” 05 Feb 2022. [Online]. Available: https://en.epicenter.works/event/3866.