Zero-Party Data and the Future of Data Privacy: Glenn Gore, Affinidi

In an exclusive interview with Glenn Gore, CEO of Affinidi, discussed the revolutionary concept of holistic identity and its transformative impact on digital identity management. Glenn delves into the intricacies of holistic identity, contrasting it with traditional identity management systems, and elucidates how it integrates with existing data management practices.

He also provides insights into the four types of data—zero-party, first-party, second-party, and third-party—highlighting their distinctions and implications for data privacy and security

This comprehensive interview offers a deep dive into the future of digital identity and data management, emphasizing the need for robust privacy measures and consumer empowerment.

Excerpts

DQ: Explain the concept of holistic identity and how it differs from traditional identity management systems.

Glenn: Identity is an often-overloaded term, typically referring to what makes you unique as an individual. It encompasses your experiences and the environment in which you’ve grown up. Traditional identity management systems usually define identity as just an account—an email address paired with a password on a platform. This, however, fails to capture the richness and uniqueness of your real-world identity.

Holistic identity aims to redefine your digital identity to be as rich and unique as your real-world identity. From a consumer's perspective, it involves rediscovering the fragmented pieces of your identity scattered across various platforms like Google, Apple, Facebook, X, TikTok, and others. Each platform captures a different dimension of who you are, but none provides a holistic view.

People typically have over 100 to 150 online identities, with younger generations having even more. Holistic identity allows you to collect these fragments and store them securely on your device, creating a comprehensive view of yourself. You can then selectively share this holistic identity with other platforms to enhance your customer experience. For instance, you could share your preferences, sizes, hobbies, and interests to receive personalized recommendations and offers.

Over time, this comprehensive view of yourself can disrupt traditional aspects of identity management. Your holistic identity becomes valuable, allowing you to exchange it for savings, discounts, or even monetary value. Essentially, holistic identity represents your digital self as fully as your physical self, creating a rich, multidimensional identity similar to how you present yourself in real-world interactions.

DQ: How does holistic identity integrate with existing data management practices within an organization?

Glenn: Integrating holistic identity with existing data management practices within an organization aligns quite well. When we talk about identity, there are two key attributes: authentication and authorization. Authentication ensures that you are who you claim to be. Organizations already have existing authentication frameworks to combat identity theft and fraud. Our application, Affinity Login, works with these existing frameworks. Most of the world uses the OpenID Connect Framework (OIDC), utilized by Google, Facebook, and Apple. This framework allows you to log in using your Google, Apple, or Facebook ID on various websites.

We’ve taken this standard and adapted it so you can have your own authentication software on your device with a decentralized identifier, a unique attestation of who you are. This means you can log in using your credentials instead of those from Google, Apple, or Facebook.

The second part is authorization, which determines what you are allowed to do. For example, whether you can access a bank account or make purchases. These systems function as they do today, but the key difference is a shift in control. Currently, you log into various services like Facebook, Apple, Google, and your bank. In the future, these entities will log into you. You own your identity and control who can access your financial data, health data, shopping interests, and more.

This approach fundamentally reverses data ownership, bringing it back to the individual, allowing you to choose what and with whom you share your personal information.

DQ: What exactly is zero-party data, and how is it different from first-party or third-party data?

Glenn: In the industry, we talk about four types of data: zero-party, first-party, second-party, and third-party data.

Zero-party data is information you voluntarily share about yourself. This could include preferences, hobbies, or aspirations. For example, you might share that your favorite color is blue or that you enjoy mountain biking. This data may not always be accurate or verifiable.

First-party data is gathered from your direct interactions with a company. For instance, if your zero-party data states you want to run five kilometers, first-party data would come from your smartwatch tracking your daily steps and running progress. It’s a measurement of your actual behavior, not just your aspirations.

Second-party data involves sharing your first-party data with another entity. For example, sharing your Garmin running data with Strava for competition and gamification purposes. You control this sharing, seeking enhanced experiences.

Third-party data is collected by someone else without your direct permission. It could be data shared multiple times, generating a perspective of you that might not be accurate. The problem with third-party data is its potential for inaccuracies and privacy issues. For instance, data about you from five years ago could still be out there, or new data might be fabricated easily, especially with AI.

This shift has led to a loss of trust and privacy concerns among consumers. They dislike brands knowing personal details without permission, which erodes trust. Zero-party data, combined with first and second-party data, can enhance customer experience without the need for intrusive third-party data.

DQ:  How is Affinidi leveraging zero-party data or holistic identity to maintain data privacy and security?

Glenn: The main issue with third-party data is the lack of control—you don't control what is shared or with whom. Affinidi addresses this by providing tools and services for you to manage your data, rather than managing it for you. The Affinidi Vault, for example, is software that can be installed or run in the cloud, allowing you to store and collect your data securely.

This data can be used to streamline onboarding processes for new websites. Companies like Rose Hub, Grow Club, and Analyte can make onboarding frictionless with just a click of a button. You provide consent for sharing specific information like your name, contact details, payment information, and delivery address. This gives you control over what you share, enhancing the customer experience.

From a business perspective, a holistic identity is beneficial. For example, GrowClub rents bicycles to children, requiring sensitive data like growth rates and usage patterns. By allowing customers to control their data, businesses don’t have to store it, reducing the risk of data breaches. In 2024, cyberattacks have increased by 28% in the last quarter alone. Minimizing stored data significantly enhances security since you can't breach data that isn't held.

Affinidi's approach aligns with a growing demand for greater consumer control over personal data. Startups are increasingly wary of holding sensitive data due to the high costs and risks associated with breaches. Affinity provides the connectivity to facilitate secure data sharing between consumers and businesses without retaining the data themselves.

DQ: What practices and initiatives are in place to enhance customer relationships and trust in your company?

Glenn: Our focus is on transparency and customer choice. We build on cutting-edge technologies with a strong emphasis on portability. Portability allows customers to decide where to store their data and with whom to share it. This flexibility ensures that even if customers choose to leave Affinity, they can easily move their data to another platform.

This approach benefits consumers and fosters innovation at Affinidi. Knowing that our customers can leave anytime, we are motivated to continually improve and do right by them. It prevents complacency and bad practices, keeping the system honest and driving the best innovation cycles.

DQ: Has Affinidi formed any strategic alliances to drive innovation in data management and personalization?

Glenn: Yes, we have several partnerships with cutting-edge technologies, particularly from the decentralized world, often referred to as Web3 and blockchain technologies. Web3 emphasizes ownership, unlike Web1, which was about consuming content, and Web2, which was about creating content.

Web3 aims to reclaim data ownership, and we've integrated technologies that allow developers and partners to build open solutions. For instance, we use the OpenID Connect framework and verifiable credentials standardized by the W3C. These partnerships are primarily with innovative startups that share our philosophy of customer data ownership and control.

India, a highly targeted country for cybercrime, with an average of 2,807 attacks per week, leads in adopting these new approaches. The high frequency of cyber threats in India has underscored the importance of not storing sensitive data. By decentralizing data storage and returning control to consumers, we make it less attractive for hackers.

DQ:  How does Affinidi plan to stay in the digital landscape while continuing to support startups and SMEs?

Glenn: Education around privacy is increasing, driven by frequent news of massive data breaches. For instance, IDC forecasts that by 2025, up to 50% of consumers will make decisions based on a brand's transparency and privacy policies.

Our strategy focuses on portability—allowing customers to move their data between platforms. This flexibility fosters innovation and ensures we continually improve our services. Our goal is to establish trust with consumers through transparency and privacy while delivering superior customer experiences.

DQ:  What developments do you expect in the field of data privacy in the coming years?

Glenn: Techniques like decentralized identity and edge computing will be crucial. For example, Apple’s recent announcement about running AI on-device aligns with what we've been developing at Affinity. This hybrid approach allows some AI processes to run on your device while more complex models can be trusted to the cloud without sacrificing privacy.

Encryption and device security will remain critical. However, the key will be increasing awareness and education about data privacy. Frequent data breaches have made consumers more aware of their digital identities. The future will see a shift in behavior, with individuals taking more responsibility for protecting their data. The companies that excel in balancing privacy, security, and customer experience will be the most successful.