by Thekla Bartels
Verimi and the European netID Foundation are two organizations currently attempting to bring a healthy level of data ownership back to Europe. Both associations have committed themselves to creating a transparent alternative to the US data powerhouses and their walled gardens.
In recent years, platforms such as Google and Facebook have created a de facto standard for user authentication via social login features. The introduction of the GDPR hasn’t changed this. Both Verimi and netID provide a privacy portal that is designed to simplify user login processes, make them identifiable and manage all opt-ins in one, central location where users can make their privacy wishes clear.
Both Verimi and netID provide added value that sensitive user data will not leave the EU and are therefore much better protected. Login and check-out simplicity should also be possible with these systems. We at Webtrekk have an interest in looking more deeply into both options and carefully evaluating the benefits these solutions really offer.
Uncomplicated or all-encompassing – which one will prevail?
netID is set up as a foundation and is based on a decentralized data-exchange with partner organizations. Due to netID’s decentralized data-exchange, it is not necessary for users to create extra accounts; user data is based on information gathered and stored by the first netID partner. This partner also manages the privacy settings for the user. The basic function is similar to verification functions of Facebook, Google and other similar organizations. Prominent organizations such as Ströer, Gruner & Jahr and the Otto Group have already partnered with netID.
The low barrier to entry clearly makes using netID attractive to users due to the simple fact that no initial registration is required, plus it is not necessary for users to register at every portal separately. netID is not yet available, but more partners are currently being announced.
Verimi was initiated by Allianz, Daimler, Deutsche Bank, Axel Springer Verlag, Deutsche Telekom and Lufthansa, et al.. It has a "classic" registration and verification process which involves confirmation via bank account. In the long run, this should make it possible to process bank requests, digital signatures and manage state-related paperwork. It therefore promises a long-term simplification or reduction of bureaucracy, which presently remains to be quite analogue in Germany.
With Verimi, the amount of data that is transferred to online shops etc. is controlled by the user. However, the effort required to successfully register is high, which may put off users who are looking for a convenient and easy login solution.
Voluntarily giving out data?
We welcome and encourage any effort that aims to create transparent alternatives to the omnipresent US companies. However, it remains unclear why users should give away even more personal data to yet another organization. Both alliances store non-anonymized, personal information that they can share with one another behind the login umbrella. In the current data-protection climate, it remains to be seen whether users are willing to give out even more personal data.
Alternative: No login
Our founder, Christian Sauer, advocates the anonymous storage of identifying information. This means data cannot be connected to a person’s name. He states, "If I don’t own my data, I'm reduced to a plaything of the big platforms.”
With Webtrekk’s Cross-Device Bridge solution, we help companies identify users anonymously across multiple devices, apps and web pages. Specifically, the unique characteristics of each user are collected and stored in a pool. Our solution is designed to anonymize and transfer unique user characteristics – without any login barrier.
The GDPR is necessary, but should not be feared — especially in Germany. Let's break it down.
This blog post looks at some actual GDPR text to see exactly what is (and isn't) about to change. Read it now.