It is great for me to be here, back at a I C in Munich, and be able to talk to such a distinguished crowd. So everyone here has done a lot of sec identity work to make it a key enabler for security and productivity at eight. And I think we actually had a lot of talk, you know, yesterday and this morning that now we need to have a little talk about privacy.
We've reached pretty much a tipping point because you know, even the best security is not enough follow people. People are starting to say to frankly, both consumer and enterprise services, they're talking about that is enough.
You're collecting way too much data about me. And they're even starting to say to the services, they love the ones they think they can't live without. And just like any relationship, if your rights are not respected, you disengage. So how many of you in the audience have changed your social media settings, privacy setting in the past year? Raise your hand pretty much everybody in the room. You're not alone. Now. Just how many of you have either disengaged or left a social media platform altogether? All right. I see quite a few hands.
Many people actually have
People want to have more control over their personal data, and that control begins with identity because in every day of your digital life, everything starts with you. It is everything about who you are, everything you say or you do, and that you experience in your every single day life.
Last year, I talk about identities central role for security. And when Martin asked me how I think about GDPR, I said, getting ready for GDPR was actually a great thing for Microsoft because it has taught us just how much data we're collecting and what we have to do in order to take care of every single piece of information that we're collecting from the individuals. So it really got me starting to think about how identity is central to privacy.
We think identity can provide the same control plan for privacy, just like it has done for security, even the best security solutions as they're getting more sophisticated, which is a great thing, frankly, for organizations and individuals. But when it comes to privacy, there's actually a huge imbalance of power. And a responsibility individuals would say, organizations are having way too much control of their personal data.
And as an individual, my privacy is in the hands of organization software and frankly, their user agreement and as organization, they would say they have too much liability and that they're struggling to implement tools and the processes in order to manage every single piece of information that they're collecting from their customers. And frankly, in some cases, organizations don't even know how much data they've collected and a way is all stored. And meanwhile, the regulations are adding more pressure.
So we have a situation which is nobody's happy.
So how can our industry help to change this? How can we help individuals to have more control? And at the same time to help organizations to reduce their liabilities? I think we have a lot of opportunities to do that. What we are looking for is a rebalance of the equation, and we think technology should really facilitate in order for respect the privacy. And then we think there's three important steps in order to help us to get there. The first step is instead of issuing new identities to your users, let individuals bring their own identity.
The one just belong to themselves that is strong and independent of any organization. So in my example, you can think of such an identity, like a wallet.
So here, this is my wallet. I don't wanna hand over my entire wallet to you.
I wanna keep it to myself. I only want to show you the information that you need to know in order for me to do business. I don't want to show you you anything I don't have to a user owned identity, make this possible in the digital world. And like many of you, we believe that a digital identity leveraging the distributed ledger technology will be a key enabler.
So shifting from a user identity that is owned and controlled entirely by organizations to a decentralized identity that is owned and controlled by individual, frankly benefit both sides of equation in. So even the ownership of the identity has changed business, go on as usual because organization can still collect and steward the same type of information. The only change at first is instead of issuing new identity, starting to accept the identity. Yeah. That user brings with them.
And this brings that to the second point, that organizations, instead of trying to, you know, collect all the information, they really show the exam. What kind of data they collected, where the data come from and where it is all stored. And by accepting information that's provided by the user and independent authority can verify organization can limit their liability while still have access to the same information in order to do business. So let's go back to my wallet example. I am not just a username and a password. I have a name, I'm an adult.
I am a citizen of the United States and I have a graduate degree of computer science. I also like coffee. I love hiking. And I actually love, really love German cars. So this is type of information I carry around in my wallet, like my passport, which proves my citizenship and it's issued by my government that they can verify it.
So with a verifiable credentials and a claims, that's digital, that I can establish a mutual trust relationship with any organizations so that I can prove who I am. And I can also verify, provide what I am with every single organization.
And this becomes very useful in many aspects of our lives. Like when I'm screening job candidates, I can pull, I can verify their university degrees and when I'm ready to purchase my next cool German car, my dealership can verify my driver license as well as my insurance. But I wanna talk a little bit something a little bit more fun for me.
So when I go shopping Munich later this week, I will show my passport to prove I'm not a citizen of Europe so that I can get a refund of the VA tax. When I go home, just trust me. I do this a lot.
Well, it is shouting is one of my favorite thing. When I come to Europe, well, apart from presenting at EIC, I would say, so my store accepts my passport, which is issued by my government. And then they verify it. They add my passport number to the tax form and they give back the passport to me. They don't have to keep a copy of the passport. The only information that store really need in order to refund the VA tax is actually proof. I'm not a citizen of Europe.
They don't need to keep a co a copy of any other sensitive information, like the date of birth, where I was born, or the places I've traveled. So by letting a verified information stays with the individual organizations, don't have to collect or protect such sensitive information, but they still have access to the same information in order to do business.
And this brings us to the third point in the digital world that we believe we must enable individuals to set constraints and the controls of their personal data organizations should only get the information that is necessary in order for them to do business with individuals no more, no less. And then with decentralized identity, with verified the information, stay with me, I can decide how to dial up or dial down and how much access I give to organization. I have more control and this changes the relationship. I become a data controller.
So what we all looking for is a much better balance.
And we all know in many cases, organizations such as you will still be responsible for user data, but by providing a mechanism for individuals to bring their own digital identity, provide, verify the information that stay with them and let individual decide how much data and to share. And where is all the data stored? We make everybody happier as an individual. I will have more control so that I can protect my privacy and as organizations that I can still collaborate with everyone, but with much higher confidence, reduce liability and improve compliance.
So what this all result is a much BA much better balance between the individual and organizations.
And we are seeing the support for such shift in our industry. The decentralized identity foundation, or diff is working on an implementation of exactly this. And we at Microsoft are actively contributing open source code to diff so that we can bring this technology to the developers to support this decentralized identity, along with many companies that diff will soon have everything that you need in order for organizations and individuals to start using them. We're very excited.
And we are working with the community to bring the support for the decentralized identity into Microsoft platform so that businesses and individuals can bring decentralized identity and a benefit from the mutual trust relationship. We're doing this to elevate privacy and we're opening our platform to enable innovation so that we can bring all the organizations and individuals together for a much stronger security and privacy at the same time. So what's next.
Instead of issuing new identities, let let individuals to bring their own ID identity, limiting the data you need to collect, accept independently, verified information from individual and decide where you can balance the control between your organization. And the individuals recognize individuals as data controller, privacy is a human right, and to protect that right, we must enable individuals to own and control their own digital identity. We at Microsoft are committed to make this happen and we hope you will join us as well. Thank you.
So thank you. Thank you very much here.
Maybe there will be more so, so the question I already see and hopefully is displayed soon, is do users want to become data controls?
I think it's really is an option, right?
I mean, to us, it's not about one or one end of the spectrum or the other end of the spectrum. It's really about empower users if they want to be data controller, but organizations, you know, were still steward a bunch of information. And frankly, the more we can reuse the existing identities that user provides, I think previous speakers like Katrina, many others talk lot about that. I think that is a starting point.
Yeah. And then there's the other side of the coin, which is the enterprises. Yeah. And I personally see two challenges there.
The one is the, the miner, the other is a technical issue. So if you accept identities, other types of identities, it means you need to be somewhat flexible in, in the way you authenticate. A lot of solutions are still with one specific type of authentication built in. They are super inflexible and it goes first because it means you also need to be flexible in your application regarding the way you deal with the data. So it means most of the stuff you have probably will not be easy, easily be converted into that world.
And even the, the way most of the digital services are constructed today from an architecture perspective is far away from being able to work with such approaches. So what is your opinion on that?
Yeah, it's actually, there's a lot of precedence of that. I mean, the example is like, you know, obviously with Microsoft platform, we have our enterprise identities, but even today we are already supporting the identities, personal identity users bring when business want to work with their customers directly. So the user's own identity already brings that.
So to us, the decentralized identity is just the, the next, the next evolution of that. And the beauty of that is it works with the entire ecosystem of enterprise identity uses personal identity, their professional identity, as well as decentralized identity, but with decentralized identity with further empower that a independent authority verified data can stay with the user while business still have same access.
So for us, this is the natural progression okay. For the, for the future.
Okay. And there's another question, which is an interesting one. Okay. Right now it's displayed here. What do you mean by specifically by opening the Microsoft platform?
Yeah, I mean, as I said, you know, the Microsoft identity platform is not about just Microsoft identity. It's about all the organizations, the enterprise ID it's about all the user customer identities that they can bring with them. And then it's about the different decentralized identities that we will support. So it's really an ecosystem play for organizations for our customers as well as for our partners
Together. Okay.
Thank you, Troy.
Yeah. Thank you so much.
Pleasure to have you on stage again.
