Introduction

DPIs that provide a digital identity or data exchange layer raise important questions about how this personal information is governed and how this personal information is transacted to other parties.

One approach to building such systems is called Self-Sovereign Identity (SSI).

Closely related is the concept of signed data, which is often implemented as verifiable credentials.

Both concepts have been praised as privacy-friendly innovations — but they are also criticised as potential enablers of increased harm and mass surveillance if implemented poorly.

What Is Self-Sovereign Identity (SSI)?

Self-Sovereign Identity is a design model in which:

• Individuals control their own identity data.
• Credentials are stored locally (e.g., in a digital wallet) rather than in a central government or corporate database.
• Users can decide when, with whom, and what information to share.

SSI is often linked to decentralised identifiers (DIDs), which are globally unique IDs that can be verified without relying on a single central authority.

<aside> 💡

The core promise of SSI is “Your identity is yours, not the government’s or a company’s.”

</aside>

What Is Signed Data / Verifiable Credentials?

Signed data (often called verifiable credentials):

• Is digitally signed by a trusted issuer (e.g., a university, government, or employer).
• Can be stored and presented by the user to prove a fact about themselves.
• Allows the verifier (and everyone else!) to check authenticity without contacting the original issuer.

<aside> 📌

Signed data often comes with transferable proofs. Meaning, anyone can check if it’s authentic. If that data gets lost, it can be much more dangerous for the user.

</aside>

Example:

A university issues a credential that says “Jane Doe has a Master’s degree in Computer Science.”