Self-Sovereign Identity for KIDS ~ onboarding the next generation to the web we want/web of trust
From IIW
- Self-Sovereign Digital Identity for Kids
- Tuesday 5I
Convener: Shaun Conway
Notes-taker(s): Bryan Pon
- Tags for the session - technology discussed/ideas considered
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Situation:
Consent is trying to onboard large population for Barclay's in South Africa
- For government-approved subsidy claims
- 750k children that need records
- As a service provider, what is the obligation, what would be the right way to onboard these youth?
Challenges
- Custodianship
- Kids under 18 (or legal age) can't legally sign off on T&Cs
- Also seniors/elderly may need care
- In Global South, fewer kids have custodians
- Biometrics are challenging—Consent has tested fingerprints, facial scan, both failed
- Suggested ongoing biometrics at regular interval
- Include a key along with the biometrics for increased correlation
- Margin of error for biometrics
- Regulations around child protection
- e.g., COPPA which precludes collecting any data on kids under 13
- Onboarding -- age verification requirement; kids often lie
- EU GDPR includes ideas of car-owner as parent-child relationship
- Safety -- interactions between minors and adults online, may need to scramble/encrypt identity to protect child
- Need a mechanism to protect the most vulnerable kids; need to have checks in place so kids don't compromise themselves or their own safety
- Need to bake in privacy-first, privacy by design
- Online safety should be in context of other risks, and an empowered child is a safer child
- Role of digital literacy
- Once youth reaches legal age, how do you transfer complete control back to the youth
- Youth might also want to delete old data
- Possibility of institutions--school, church, etc--could play a role custodial role
- Privo -- organization advocating for youth
- Who decides what data to collect?
- Can children manage a self-sovereign identity?
- Maybe children can't be "self-sovereign" maybe it is a "collective-sovereign" or custodial-sovereign
- Maybe custodians are required for some actions (onboarding) but youth can manage and perform certain actions without custodian
- Sami has used a number of different identities signing up for different websites, services; says kids are already used to circumventing age controls
- Vulnerable populations
- Challenge of LGBT or trans kids who find a community online might actually want to keep this "identity" private from their parents
- Does this all apply just as much to other vulnerable populations? seniors? mentally disabled?
- Should there be different needs for different ages or stages of vulnerability?
- Need to be cognizant of the Western perspective of our group in terms of views on privacy, safety, etc.
- Bill mentioned possible tie-ins to his session at last IIW on identity lifecycle
- More curators a child has, makes things more transparent, and limits the possibilities of bad things happening
- Child-centric identity!