The internet has a big privacy problem: you don’t control your data, and laws or alone aren’t going to fix it, and here’s why:
- You don’t control with which third parties it is shared (malicious or non-malicious).
- You don’t control which of the company’s employees can see (or mutate) it.
- You don’t control how long it is kept.
- You probably don’t have a receipt to prove you shared it (so the company can just lose your data or plainly lie about not having it).
SSI (self-sovereign identities) is good starting point for solving these issues since it allows you to have more fine-grained control over what you reveal to whom. The hardest problems to solve is limiting who can read your data and for how long.
There is interesting research upcoming to only let holders of a certain attribute (e.g. older than 18, working at the customer department, physically checked-in at the office) decrypt the data your share, applied on the Dutch IRMA (I Reveal My Attributes) SSI solution.
This doesn’t solve all the issues (e.g. how long a party can read your data): we still more, new solutions to improve our privacy.