Article

People Should Be Able to Control Their Own Data

Secure identity

The public conversation around protecting consumer data and privacy is taking on new urgency in 2023. Last year, Congress considered the American Data Privacy and Protection Act — the first time a federal consumer privacy bill has passed out of committee — and will likely consider comprehensive privacy legislation again this session. Five states had already passed privacy laws, and an additional 24 have introduced bills for deliberation this year (with Iowa’s being the first to pass). Data privacy advocates are debating whether the federal government -– or states — should be the ones regulating how private companies handle people’s data.

ID.me, the secure digital identity network, applauds policymakers for leaning-in on this issue, which is critically important to Americans’ personal security.

With all of the online platforms Americans use — each requiring different passwords and adhering to their own difficult-to-decipher privacy policies — it’s no wonder the subjects of privacy and digital identity are confusing and overwhelming. Organizations handling consumer data must be transparent about their policies and empower users to control their data.

ID.me believes in promoting user control. We have built our platform on these foundational principles that we believe should underpin all policy pertaining to consumer data and privacy:

  • User control of data: Individuals should be empowered to control their own data.
  • Informed consent for data sharing: Credential service providers and other covered entities should be required to collect informed consent from individuals for the use of their data and should likewise provide options to revoke such consent for continued use.
  • Data governance: Covered entities should provide a portal to show users where they have provided consent to share data – and allow them to revoke such access.

These principles are at the core of how ID.me operates. A secure and functional internet depends on trust, which is why we are committed to transparency and security. We believe in properly aligning incentive structures to reward security and efficiency, not profit. That is why ID.me does not sell our users’ data. We instead provide a digital credential that leads to further security, access, and convenience.

ID.me is ready to contribute to the policymaking process. We will support an open system that puts individuals in sole command of how their data is utilized. We publish our privacy policies online in full, including our Privacy Bill of Rights. ID.me strives to make the internet a more secure and trusting place to interact — and that starts by putting users first.