Empowering Consumers through Web3: A Vision for Personal Financial Data Rights 

By Sena Loyd & Amit Sharma

A pivotal moment has arrived in the ever-evolving landscape of technology and finance: America’s leaders have acknowledged that our digital data—identity, financial, and beyond—is at risk, and we must act now.

This moment is reinforced by two recent events: President Biden’s groundbreaking Executive Order (EO) issued in late February and the Consumer Financial Protection Bureau’s (CFPB) recent Notice of Proposed Rulemaking (NPRM) on Personal Financial Data (PFD) Rights.

As the digital world transitions to Web3, an internet characterized by decentralized control, it’s crucial to grasp the dual significance of these events.

Executive Order: Advancing Protections and High-Security Standards

On February 28, President Biden issued an EO to protect Americans’ sensitive personal data from exploitation by countries of concern, marking the most significant executive action ever taken for data security. It aims to prevent large-scale transfers to these countries, including genomic, biometric, health, geolocation, financial data, and specific personal identifiers. It is designed to facilitate collaboration between the Departments of Justice and Homeland Security to set high-security standards to prevent access by countries of concern to Americans’ data through commercial means. It also calls upon the CFPB to take steps against data brokers assembling and selling extremely sensitive data, including that of U.S. military personnel. 

Emphasis must now be placed on the EO’s comprehensive implementation, as well as alignment with any subsequent executive, regulatory, and legislative actions. This implementation should explicitly incorporate obligations through financial regulatory agencies and the Federal Financial Institutions Examination Council (FFIEC) to advance consumer-oriented privacy tooling. This alignment is crucial for strengthening Know Your Customer (KYC) procedures and individual identity verification within highly regulated industries like financial services. In addition, the EO implementation process must address shareability concerns and acknowledge the need for explicit data ownership by consumers themselves–be they individuals or legal entities. By integrating these aspects, we’ll ensure the EO’s framework is robust and aligns with its initial recommendations, setting a strong foundation for the protective measures our digital data requires.

CFPB’s NPRM: Empowering Consumers Through Personal Financial Data (PFD) Rights

The NPRM, issued last October in response to Section 1033 of the Dodd-Frank Act of 2010, aims to establish regulations for data portability and open banking. It introduces the innovative concept of PFD rights. These rights are crafted to empower consumers, providing them with control over their personal and financial data, thereby fostering economic opportunity, freedom, and security.

Web3 ID Coalition: Empowering Data Ownership through Web3

To empower consumers to own their data, members of the Web3 ID Coalition—a collective of technology, finance, and business leaders—offer a perspective rooted in the principles of Web3 and essential regulatory compliance controls required for a safe and equitable financial services sector. This next-generation blockchain-enabled internet starkly contrasts the centralized control–and PII exploitative environment–prevalent in Web2, introducing decentralization as a paradigm shift. Web3 IDs enable a future where individuals have sovereignty over their digital identities, allowing them to choose which personal data they share, monetize, or keep private, while providing the assurances their digital service providers need to affirm they are who they say they are.

Importance of Decentralized Identity and Verifiable Credentials

Harnessing Web3 for personal and financial data control hinges on integrating decentralized identifiers (DiD) and compliance-backed verifiable credentials (CVC). DiDs give individuals ownership of their compliance information, allowing them to share it securely with their chosen financial institutions and services providers. CVCs streamline identity verification processes, embedding the essential controls driven by Know Your Customer/Know Your Business (KYC/KYB), associated due diligence, and monitoring. CVCs also reduce costs for financial institutions while maintaining individuals’ control over their financial identity, providing a value-added ‘asset’ to both service providers (increased secure engagement with their consumers and partners), and consumers (essential consumer protections related to their personal and proprietary identifying and economic data).

Issuer-Holder-Verifier Model: A Consumer-Centric Approach for Web3 Digital Identity

One DiD and CVC implementation model worth considering is the Issuer-Holder-Verifier model, which underscores a transition towards a consumer-centric approach to data control. In this model, consumers become the rightful holders of their personal data, establishing direct relationships with verifiers. This ensures a secure and transparent process for data verification without compromising privacy, a stark departure from the traditional centralized and intermediary-dependent model. This new model attaches attestable attributes to an individual or entity for verification and authentication alongside financial data, account credentials, and other identifiers, enhancing privacy. It allows regulated institutions like banks to validate individuals’ verified statuses without exposing sensitive information.

Practical Application of Web3 Technologies

To spur interest in PFD rights adoption, we must understand the practical, real-world applications of Web3 ID technologies. For example:

    • Secure loan applications: A consumer applying for a loan can use Web3 for privacy-preserving verification.
    • Portability: A consumer switching bank or service provider can retain portable, verifiable data using Web3 and securely share and re-use their credentials for near-instant verification and proofing.
    • Control and privacy: Through cryptographic signatures and real-time authorization, consumers retain granular control over the data they share, resulting in efficient and privacy-preserving transactions.

Future-Proofing Standards: It Takes A Village

Acknowledging President Biden and the CFPB’s efforts to advance PFD rights, the Web3 ID Coalition emphasizes the need for future-proofing standards that promote user-centric, secure, and interoperable identity ecosystems, ensuring practical implementation across jurisdictions and service providers–characteristic of web-enabled and native financial ecosystems. We are not alone in our efforts. Current organizations such as the Decentralized Identity Foundation (DIF), World Wide Web Consortium (W3C), Sovrin Foundation, Trust over IP (ToIP) Foundation, and Internet Identity Workshop (IIW) are similarly fostering awareness and collaboration for greater consumer control, privacy, and interoperability.

All Data, Data for All: Safeguarding a Digital Future

Addressing Web2’s shortcomings, where consumers lack ownership of their data, the Web3 ID Coalition commends President Biden’s executive action and the CFPB’s proposed rule for significantly advancing consumer awareness and safeguards. Covered data should encompass all information collected by financial institutions, empowering consumers to make informed choices about their data and control its access to channels they intend, while enabling verification and authentication for risk, compliance or business purposes. The Issuer-Holder-Verifier model facilitates secure and authorized use of sensitive data for secondary purposes, giving consumers control over monetization, usage, and distribution.

The combined impact of these events marks a crucial step towards reshaping PFD rights. The integration of Web3 technologies and principles stands to revolutionize how consumers interact with, control, and share their data. By fostering collaboration and advocating for robust standards, we can facilitate a digital future where individuals can navigate their financial landscape securely and with the consumer protections we now require in a globally interconnected world.

Sena Loyd is the President of Web3 ID Coalition, a 501(c)6 organization that advocates for public policy that paves the way for secure, portable, and trusted digital identities. Amit Sharma is the Founder & CEO of FinClusive, a provider of modern financial crimes compliance (FCC) and identity solutions for a new era of financial services.


Next Blog