Tag Archives: blog

Who should Control or Regulate Identity Verification?

When you consider the various players involved in identity verification, this number is quite large. Border security agents, cashiers at the provincially-owned liquor stores across Canada, employers and banks are a few that may come to mind. Identity verification is necessary across many industries and use cases: insurance, the gig economy, car rental and real estate, to name a few. 

The question becomes: who should be responsible for the control and regulation of such verification? 

This past October 2019, the Financial Action Task Force (FATF) released its draft guidance on digital ID, outlining recommendations for digital ID service providers, authorities and regulated entities. The updated guidance offers clarity in regards to the process for confirming the existence of corporations and other entities. Providing a regulatory framework, guidelines such as the one offered by the FATF are crucial in exploring this and identifying various recommendations. 

The General Data Protection Regulation (GDPR) and the Payment Services Directive (PSD2) are two examples of European-wide sets of regulations, cited in a recent blog post from DIACC member Trulioo. Yet different countries have different rules for compliance, which makes global harmony a challenge. Furthermore, the increasing power of organizations to collect and store personally identifiable information (PII) means that individuals need to have greater authority in controlling their own information. 

“Organisations relying on implied authorisation or other legal constructs to process consumers’ personal information are taking risks that could be avoided by incorporating consumer consent into their verification and business processes,” the blog’s author, Zac Cohen, COO of Trulioo, pointed out. 

World map with satellite data connections. Connectivity across the world.
Different countries have different rules for compliance, which makes global harmony a challenge.

Additionally, Zac notes that there has been a 500 per cent increase in regulatory changes in the developed markets over the past 10 years, and, each year, banks are spending $270 billion on compliance and regulatory obligations.  Innovations in compliance-led technology (RegTech) are also critical, and new technology is now available for developers to instantly verify customers in multiple markets, while supporting Anti-Money Laundering (AML) and Know Your Customer (KYC) laws that are country-specific. 

Such examples highlight why collaboration, and an interoperable solution, are important – a clear line of communication and helping various parties develop a clearer understanding of how digital ID systems work. 

In today’s digital age, with so many different players, channels, sophisticated methods and possible loopholes to exploit, identity verification, and who should control or regulate it, is a challenge to solve. Yet the work of DIACC members in the space, and the support of its three committees, offer a uniquely Canadian approach to this challenge. One such action is the submission that was filed on behalf of the DIACC to the FATF in response to their public consultation, this past November. By taking action on such opportunities, the DIACC has the chance to shape the Canadian, and global, conversation.

We invite you to join the conversation, collaborate with other leaders and solve today’s real-world challenges, in Canada and beyond. 

Smart Cities Need User-Centric Digital ID to be Built on Foundational Principles

Will Sidewalk Labs turn a large portion of Toronto’s lakeshore into a surveillance “smart city” or will the principles of transparency, accountability, and inclusive innovation shape the emerging waterfront?

This is a topic of much debate, heightened by Sidewalk Labs’ recent release of its Digital Innovation Appendix. This addition to the project’s Innovation & Development Plan states that the majority of digitally enabled services and systems will be purchased from third parties – including the user data they have access to. 

This raises significant questions.

There is a BIG difference, between transparent consent driven digital ID systems – where users provide explicit consent for specific data collection and use – and covert digital ID models where  data is captured and shared without users’ knowledge or consent. 

Privacy by Design Principles (led by Anne Cavoukian, Ontario’s former Privacy Commissioner) have helped by shaping digital best practices in Canada and around the world. This approach, along with user consent and transparency, are among DIACC’s main principles. Inclusivity is another key principle – the DIACC believes that secure, privacy-enhancing, and empowering digital ID should be available to all. 

  • DIACC firmly believes in user-centred digital ID – designed to prioritize and require user choice, control and consent regarding access to collect and manage data. As Sidewalk Labs looks to move forward in their work in Waterfront Toronto, we reiterate the importance of these principles as foundational to the empowerment of a digital society that works for all Canadians. 

Joni Brennan
President, Digital ID & Authentication Council of Canada