Most organisations hold individual’s data, their customers or those with whom they work. In many situations, these organisations hold the data on behalf of individuals, especially when those they work with have some form of vulnerability. As we move into a world where there is greater possibility (and feasibility) for individuals to have much greater control of their data through things like digital identifier wallets, how guardianship functions need to evolve.
Most of the digital identity work being done is focused on the smartphone or on access to the internet, which is logically but risks the unintended consequence of creating greater inequality by leaving those with limited online access and those without smartphones behind. It is also risks increasing the vulnerability of already vulnerable people.
For those of us working in the humanitarian contexts, but likely applicable more widely, here are a few issues to bear in mind:
- Access to digital wallets must to be available for people who have a feature phone or no device at all.
- Access to an individual’s wallet must involve some form of two-factor authentication (PIN code sent by SMS, biometric, etc.) as well as a recovery phase and password reset functionality. Ideally, the guardian cannot access the wallet without the individual taking action (in the humanitarian use case).
- Digital literacy, especially about a digital wallet, is likely to be very low amongst certain vulnerable populations, so significant ongoing education and communication is required to make a digital wallet useful, meaningful, and appropriate. This must not be viewed as a ‘one-off’ activity, but as a multi-year activity.
- Storage or hosting of the digital wallets which are not ‘housed’ on the individual’s smartphone needs to be thought through well as currently most PII gets deleted at the end of a project by NGOs, if digital wallets are hosted the on the web, then hosting needs to continue beyond the life of the project – who provides and pays for this hosting needs to be addressed in the design phase.
- The transferability of the digital wallet to a smartphone or other device in the future, must be part of the initial design. This also needs to include the ability of individual to easily revoke the connection to the guardian.
- The transferability of the guardianship also must be part of the initial design thinking. The individual should be able to easily transfer the guardianship to a new entity.
- Security of the individual, not just their data, must be consider in the design so as to reduce intimidation for access etc.