Speaker Spotlight

EIC Speaker Spotlight: Maarten Stultjens


Yeah. Well, I think that first is that we have to look indeed at some global initiatives that are taking place in business. And if I have to mention two main things that are happening, one is the gig economy where the relationship between employees and the employer is changing, that employees are much more flexible and that a lot of the work is being outsourced and outsourcing can be done anywhere. And the second thing that is happening is that we are working towards anything as a service. We are used to software as a service, especially here in the it industry, but we're also very familiar at the moment with car as a service. And one of our customers is also thinking of moving to a ship as a service. So rather than buying a ship, you just pay for operating hours of such a ship. And well, these changes in leads to changes in it. It increases dependency on it. It leads to dominance of certain platforms in it. I think of Amazon and Google, Microsoft. It leads to globalization. And of course, as a result, it also requires a higher interoperability. So these things strongly influence the changes in digital identity.
Yeah. When after the, with, with these changes in with the gig economy and anything as a service, I already mentioned that there is a bigger dependency on it and on the BTA pro providers, and there are some concerns, and these concerns result from the behavior of these organizations, not only in how they treat our privacy, but also in taxation or in copyright protection. And also think of the data sovereignty that we want to have here in Europe, where we have seen that the us has implemented the cloud act in 2018. We are very aware here in this geography of privacy. And we have developed the GDPR and adopted to GDPR and beyond GDPR, there will be other rules and regulations like privacy. At the same time, we are in a very fragmented landscape here where interoperability is not so easy. So if you look for example, at data residency, then in the past, we had safe Harbor agreement back in 2015, it was invalidated.
And as a, a follow up of the safe Harbor agreement, there was the privacy shield agreement that again was invalidated last year known as the strengths two outcome. And currently in the, in the EU, we are working towards data severity. We've seen that in Russia and China, and we are implementing now own internet, Gaia X. We are implementing other measures to transfer data from the EU to the us contractual clauses. The UK has their own guidelines and is building their own guidelines. And we see all kinds of interpretations in different countries. For example, in France, where they allow EU SaaS built on AWS provided that sufficient safeguards have been implemented in the privacy area. We see that although GDPR has been implemented, it is still only implemented in a pretty basic fashion. So going forward, I expect that for example, consent management will get a lot more adoption rather than the legitimate interest that we initially thought would be a ground for processing of data.
And at the same time, we see that in different industries, there are per country, different regulations, think of healthcare, think of insurance or banking, and last but not least there is this interoperability question we would like to interoperate. We want to interoperate across, across these verticals, which have their specific regulations and also per country. But at this moment we see, for example, identity providers like speed in Italy, France connect we see in Germany and we see SME in Belgium DGD and a canning in the Netherlands we are working, or the EU is working towards a standardization with EII a, but this is still a bit of a free option for, for the different countries because their own identities have to be notified under the EI a so a new law is currently being developed by the EU for national, for EU wide digital identity based on the wallet. So there are a lot of developments in, in these area of that, that try to solve the challenges of digital identity in, in, in and across Europe.
Yeah,
Well, I think first of all, the, the question for data residency, that is a clear question. So the platforms that customer need need to assure that data is kept in Europe because our customers don't want to be opposed to these constantly changing regulations that are constantly declared invalid and on contractual agreements. So that, that is a clear thing. Other things with the fragmented landscape, with the fragmented identity providers across Europe, we also see a need for a lot of flexibility in building a customer journey for the onboarding of, of users. At every point in the customer journey, you need to be able to make a step out. And the step out in Italy will be different from France and so forth. There is, of course also the, the multi-language in Europe, we, we talk different languages. And for example, I'm from the Netherlands. If I drive two hours to the south, I need to speak French.
And only French. If I drive two hours to the east, I need to speak German. And very often only German and to the west, there is the UK. So, and, and these language barriers do not only give requirements for the end user, the consumer, but also if you work business to business and you work in a delegated fashion, then your business customers or your partners, I think again of that, anything as a service or the gig economy, also, you need to address these type of business users with in their own language. So language support, not only for the consumer, but in the whole chain, B2B TOC needs to be supported. And of course, with our consciousness on privacy, it is very important that we give full control in the platforms to the consumer on the usage of their data.
Well, of course, for the customers, when they are looking for a platform, they need a platform that fulfills the requirements that were just mentioned the flexibility, the language, but it's not only that there is a lot of dynamics in this world, the gig economy and the SAR of anything as a service is constantly evolving. And that means that if you have a vendor far away, most likely that vendor doesn't completely understand, or doesn't have the doesn't adopt these type of dynamics quickly enough. So I'm advocating being a European vendor also to work with European vendors because they are on top of all these developments. And there is for the next, year's no such thing as a standard for customer identity. I think that is place, especially in the regulated industries, eh, telco energy finance, and, and maybe to a lesser extent to retail and consumer goods, cause things are less privacy sensitive.

Video Links

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00