Why digital trust requires less data sharing

New Zealand Finalizes 𝐃𝐢𝐠𝐢𝐭𝐚𝐥 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬 𝐓𝐫𝐮𝐬𝐭 𝐅𝐫𝐚𝐦𝐞𝐰𝐨𝐫𝐤 (#DISTF) #NewZealand has taken a significant step toward secure, privacy-centric digital identity solutions with the finalization of its Digital Identity Services Trust Framework (DISTF). This initiative unlocks access to: •Digital driving licenses •Bank IDs •Trade certifications All available through accredited digital ID wallets or apps, offering both convenience and security. What Makes the DISTF Stand Out: 1️⃣ User Consent & Data Minimization •Users control what information they share and with whom. •Credential presentations include only user-authorized attributes. •Strict rules against tracking or correlating credential verification activities. 2️⃣ Flexibility in Credential Standards •Supports both W3C Verifiable Credential Data Model and ISO/IEC 18013-5 mobile driving license (mDL). •Encourages innovation while safeguarding privacy. Judith Collins, Minister for Digitizing Government, said the framework: “Paves the way for safe future digital identity services.” It empowers citizens by: ✅ Enabling secure sharing of personal information ✅ Protecting against identity theft ✅ Granting greater control over data Why This Matters Globally: New Zealand’s DISTF sets a new benchmark for balancing technological advancement with privacy rights. Its focus on: •User consent •Data minimization •Multi-standard compatibility … positions it as a global leader in digital identity innovation. As digital identity frameworks evolve globally, what lessons can other regions learn from New Zealand’s model? #DigitalIdentity #Privacy #DataOwnership #UserConsent #Innovation #DigitalTransformation #TrustFramework

Right so the BritCard proposal then. Cryptography to the rescue? 1/ I don’t instinctively like the idea of ID cards. It offends my liberal sensibilities. But ignoring the political landscape, digital IDs aren’t the privacy catastrophe they would have been in the 2000s. 2/ Back then, the model was a central database of every citizen, accessible across departments. A honeypot for abuse, leaks, and scope creep. 3/ Today’s digital ID standards are different: built on verifiable credentials. That means you hold your own digital passport/driving licence on your phone, signed by government. 4/ When you need to prove something eg the right to work, you don’t hand over your whole passport. You share just the fact needed. Sometimes even a zero-knowledge proof: “Yes, over 18” without showing date of birth. 5/ Data doesn’t sit in one giant silo. It stays with the issuing authority (passport office, DVLA, Home Office). So-called federated. Checks are done cryptographically, not by copying documents into filing cabinets all over the economy. 6/ Done right, digital ID reduces risk compared to today, where employers and landlords hoard passport scans, and mistakes in manual checks create Windrush-style injustices. 7/ Of course, the devil is in design. A “canonical event log” of every check could easily tip into surveillance. Guardrails are needed: minimal logs, tight retention, transparency reports. 8/ We need three guarantees: – Share less, prove more – No new central database – Errors are visible and appealable 9/ If those are in place, digital IDs don’t have to be a tool of control. They can be an upgrade in privacy and security 10/ The politics will always be tricky. But let’s not fight the battles of 2005. The technology has moved on.