Voice of the Industry

Decentralised identity enabled by the consent manager turns GDPR into a competitive advantage

Tuesday 27 March 2018 11:13 CET | Editor: Melisande Mual | Voice of the industry

Are you ready for GDPR? Maurits Dewina and David Mintjes from Innopay share their thoughts on how to turn the directive’s challenges into opportunities

A new type of player in the digital identity ecosystem – the consent manager – is enabling customers and organisations to take more control over (identity) data. Relying parties should follow this development with great interest because there are significant benefits gained from joining a data control scheme.

The exponential growth in the amount of digital transactions and customer data – facilitated by the continued expansion of the internet, the sharing economy and the Internet of Things – brings huge commercial opportunities. In a world where ‘everything’s becoming a transaction’, relying parties realise that collecting this data and translating it into personalised offerings could immensely increase the potential value of their business. However, they are unable to collect and aggregate the appropriate attributes (i.e. data points) from such a widely distributed information.

Simultaneously, customers are becoming aware that personal data is stored everywhere, and they expect to have more control over who accesses it. For this reason, regulators are planning to force relying parties to protect personal data in alignment with the new General Data Protection Regulation (GDPR). This will require significant investment on the part of relying parties. Joining a data control scheme can provide a solution which not only enables the relying party to comply with GDPR, but also provides wider access to more accurate customer attributes.

How do data control schemes and consent management services work?

Within a data control scheme, the consent manager connects decentralised data from multiple attribute providers with different relying parties. There are four steps as shown in Figure 1.


Figure 1: The consent manager, who sits in the centre of the data control scheme, enables the customer to fully control his/her personal data

The consent manager begins by indexing the customer’s data from each attribute provider and provides the customer with insights into the available attributes. The customer is now able to modify which parties can access his/her personal data at any time. Consequently, the platform will only share data with relying parties which have explicit customer consent. If these relying parties have updated attributes available that are relevant for other scheme players, they can become attribute providers with new information.

Examples of consent management players include: Dappre (NL), MyDex, Digi.me (UK), Meeco (AU) and Verimi (DE). To be classified as a consent management service, organisations must offer consent sharing as their key service. But the full range of potential services can include:

  • Consent sharing: The service which enables customers to fully control which parties can read or receive all their (decentralised) attributes.

  • Attribute management: The service which enables customers to create, read, update and delete all (decentralised) attributes via one consolidated interface.

  • Attribute storage: The service which stores customers attribute data.

The combination of these services provides customers with centralised control over widely distributed decentralised attributes. In the market, we see consent management players choosing to offer a different service mix within the data control stack.

Figure 2: Landscape of selected consent management players based on functionalities offered, non-exhaustive. Source: INNOPAY analysis

Benefits for relying parties

There are three major benefits from joining the right data control scheme:

  1. By joining forces, relying parties gain wider access to attributes and can request a complete set of required attributes from multiple sources.

  2. Increased customer control over indexed, decentralised personal data ensures a higher attribute accuracy because each change at one attribute provider can trigger an update at other parties in the scheme (see step 4 in Figure 1).

  3. In some cases, the necessity for the relying party to store customer data in-house is removed because consent managers can enable insight into data points without transferring or duplicating the data. GDPR obligations for the relying party can be complied with by using a specialised consent manager.

Realise competitive advantage through cooperation

Consent managers are enabling customers to take more control over their personal (identity) data. Relying parties, including government, can realise significant benefits by joining a data control scheme and collaborating with like-minded players in the digital transactions ecosystem. In Germany, we already see large relying parties cooperating within the Verimi scheme (e.g. Allianz, Axel Springer, Daimler, Deutsche Bank). Relying parties are able to create competitive advantage through collaborating with partners as more and more value is extracted from decentralised personal data within the scheme. Competitors outside of the scheme cannot access big data unlocked through the scheme, therefore fragmentation of this new two-sided market looms. The scale of this advantage will depend upon whether or not you and your partners can maximise this opportunity.

About Maurits Dewina

Maurits is manager at INNOPAY, working on technology innovation strategy challenges in complex environments. Maurits has a track record in value proposition development for large cooperation of (financial and public transport) institutions.



 About David Mintjes

David is Business Analyst at Innopay. He has a professional background in financial economics and strategic management. At INNOPAY, he has been involved in strategic projects for clients in the banking and telecom industry.



About Innopay

Innopay is an independent consulting company, specialised in online payments, digital identity and e-business. We help our clients, including financial institutions, governments and corporates, to develop the compelling strategies and digital services for consumers and companies that are key for successful competition in a rapidly digitising world.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: digital identity, data protection, GDPR, Maurits Dewina, David Mintjes, INNOPAY, control scheme, relying parties, data controller
Countries: World