Canadian Developments in Digital Identity
Digital identity is increasingly becoming a hot topic globally and Canada is no exception. For example, amendments to the Bank Act (and equivalent legislation in respect of federal insurance companies and federal loan and trust companies) have recently been introduced permitting federally regulated financial institutions to provide “identification, authentication or verification services”. The Digital Identification and Authentication Counsel of Canada (DIACC), a non-profit coalition of public and private sector leaders, has also traditionally been active in the space, and has developed and issued its Digital Identity Ecosystem Principles.
There have been two additional recent developments of note in Canada. First, the Canadian Bankers Association recently published a White Paper entitled Canada’s Digital ID Future - A Federated Approach (the “White Paper”). Second, on May 28, 2019, Canada and Estonia entered into a Memorandum of Understanding (“MOU”) covering Digital Government and Economy (“MOU”). The two developments have a tie in: Estonia’s approach to digital identity is mentioned in the White Paper as a possible model for Canada.
Canadian Bankers Association White Paper
The White Paper states that identity is the representation of an individual which answers the basic question “Who are you?”. It is more than the digital authentication process of logging into a social media site or entering a network password. The challenge with identity is that defining who an individual is has traditionally required in person interaction and physical documents, which is cumbersome and time consuming. Building a digital identity system has the potential to reduce such challenges in an increasingly digital world.
The White Paper proposes a “Canadian Digital Identity System” A digital identity system is an organized way for individuals to answer the question “Who are you?” based on commonly trusted information. The White Paper suggests several benefits of such a system. Since, government and private sector organizations frequently collect the same information as part of their identification processes, there is room for significant cost savings. Secure information sharing between government physical identity cards has the potential to reduce fraud while giving users more control over misinformation. The private sector would also be able to use such a system for improved regulatory compliance, particularly with respect to Know Your Customer (“KYC”) rules.
The White Paper identifies common elements to a successful digital identity strategy, based on the experience of other countries, including Estonia. In these countries, the digital identity strategy was outlined in government legislation, creating certainty for business and government decision makers. Government also took an active role in developing the infrastructure and bringing the digital identity system to market before providing a role for private sector. The White Paper suggests Canada could follow a similar approach and endorses a mixed public/ private sector solution, with modernizing Canada’s regulatory framework to encourage innovative digital identity solutions being a useful first step.
Ideally, the White Paper argues the ultimate goal should be a “federated digital identification framework”. A federated framework would store information on a person’s attributes and electronic identity across linked but distinct systems. This way there is no central repository with all of an individual’s information, and individuals can authenticate using different linked pieces of information. For example, one might be able to authenticate using a combination of distinct identity systems such as a driver’s license, biometric data, and banking credentials. The idea behind a federated digital identification framework is that each of these systems can talk to one another so the individual has a seamless experience.
Canada-Estonia Memorandum of Understanding
One of the first steps for Canada to become more like a digital leader such as Estonia is to develop closer ties between the countries. The MOU between the two countries seeks to facilitate cooperation between Canada and Estonia in areas of common interest such as the digital economy, digital identity, and other digital government policy challenges.
Under terms of the non-legally binding MOU, the two countries have committed to organizing joint events and exchanges between public officials and other experts. There are also several provisions dealing with information sharing. These include sharing operational lessons for public sector information systems, Artificial Intelligence (AI), approaches to digital government services, and teaching children to code. Canada and Estonia have further committed to consult together on digital issues in other forums including the Digital 7 Intergovernmental Working Group, the Open Government Partnership, and the Freedom Online Coalition.
Digital identity and its applications are attracting attention globally, and Canada is no exception, with a number of developments, particularly in the banking sector, beginning to manifest themselves in the area. Further developments can be expected as Canada outlines and determines its digital identity strategy in further detail.
For more information about our firm’s Fintech expertise, please see our Fintech group’s page.
Cybersecurity privacy identity Bank Act Estonia