Counting The Cost of Data Collection, And A New Paradigm Of ‘Identity Holder Present’

The following was published as Chapter 7 of our series, The Seven Deadly Sins of Digital Customer Relationships. This chapter can be read by itself as a great introduction to the benefits of sourcing data directly from the customer. However, if you’d like to start from the beginning, you can find the entire series here.

Seven Deadly Sins - Envy: A new paradigm of 'identity holder present'

It’s commonly argued today that access to customer data has become a competitive advantage. Companies are racing to keep up with each other around how much data they can collect at scale, how large they can make their databases, and how deep their customer insights and data-driven operations can be.

Predictably then, the tech vendors, data consultants, and analysts have all been promoting vast data innovation programs that enable businesses to collect the richest, most detailed, and most valuable personal data.

It all feels like data envy to me. Aristotle described envy as the pain at the sight of another’s good fortune, stirred by “those who have what we ought to have.” Precisely.

From a purely commercial perspective, you can see why collecting more and more customer data can be seen as valuable: with deeper customer insights companies can achieve greater levels of personalization and drive up average revenue per user. But from a compliance (where did you get that data?), customer experience (consent form hell), and privacy point of view (“why are those ads following me around?”), not so much.

This envious data collection behavior is damaging customer trust, and the customer relationship. These business data lakes and mountains have become honey-pot databases waiting to be hacked. Not a day goes by without some major announcement or other from an embarrassed big brand about yet another data breach.

We’re in a kind of customer data arms race – which manifestly can only be a race to the bottom

Trust has never been lower in companies when it comes to looking after our data.

Innovation culture is (in)famously about forgiveness not permission, “…to move fast and break things.” But personal data is tricky stuff to work with: in reality, businesses need permission not forgiveness. And that means having and building customer trust. Not easy, and certainly not the default today. We’re in a kind of customer data arms race – which manifestly can only be a race to the bottom.

If this data collection Hotel California is systemic across the whole digital economy, what’s the way out of this mess?

Well if you put together SSI tools like digital wallets with new private DIDs, customers can get involved directly when data is needed by a company; in some respect, the individual can become the master data record. Let’s call it “customer-direct data.”

The economic case

Let’s look at the two sides of this: the real costs of collecting and storing data with today’s approach; and the new ROI of customer-direct data using SSI.

Counting the real cost of data collection.

Businesses need economies of scale for customer data to be useful. So it makes sense to collect lots of it, and to centralize and analyze it. But how much does it actually cost the business to collect, store, clean, secure, analyze, and maintain these data sets? Add to that the ‘soft impacts,’ like how much customer trust is lost when the company asks for too much data or when they deliberately obscure data practices with user experience dark patterns? Not to mention the brand impact when (not if) the business gets hacked.

The ROI of customer-direct data.

Here companies can ask the customer directly for what data they need, when and where they need it. It means the business can sidestep extensive customer tracking, cookies, and data surveillance, remove the need for 3rd party data brokers, and kill-off the lengthy consent form at registration. Not only is the data acquired much more valuable when it comes from the customer, but it’s also lower cost, and critically, much more compliant with data protection regulations.

With DIDs, businesses can connect directly with individuals, and ask for precisely the data they need to get something done. And because asking for the data is so seamless, so simple, the idea of having to store, secure, insure, and clean it becomes less and less attractive. In fact, once the data has been processed it can be deleted (subject to data protection and KYC regulations of course). And when the business needs the data – perhaps someone’s age – they can just ask for it again at that moment.

New SSI-based data strategies

The shark-eyed among you will have also realized that when used together with the technology behind ‘zero knowledge proofs’ (go back and read Greed), the data never needs to leave the individual at all. The organization can minimize what data is stored centrally, and thereby minimize the compliance liabilities (not to mention the costs to secure, clean, store, and insure the data in the first place). They can store facts about the data, rather than the data itself.

Simply put, the pure economics of customer-direct data makes a pretty compelling case for developing a new SSI-based data strategy.

Now, centralized databases will continue to exist, and mostly for good business reasons. But with SSI, we can challenge what data needs to be captured and stored centrally. For example, most businesses today don’t want to hold a store of credit card details. So they ask for it only when they need it (or pass it off entirely to another third party to handle it).

So why should a business want to store a load of customer identity data like addresses and age?

SSI will shape how businesses develop their data strategies: shifting from today’s default position of ‘collect, use, and store’ to ‘request, use, and delete.’

Today, organizations hold on to those datasets because it would ruin the customer experience if customers had to put in their address every time. But with SSI, it can be shared seamlessly in the same transaction as the check out ‘click.’

The cherry on top is that businesses will then be capturing the latest, correct, and, in many cases, verified data. But perhaps even more importantly, we’ll see a new market force emerging: the most valuable data the (highest quality, lowest risk, most useful, most compliant) will come directly from the individual, not a third party.

Putting all of this together, SSI will shape how businesses develop their data strategies: shifting from today’s default position of ‘collect, use, and store’ to ‘request, use, and delete (and ask again when you need).’

A new paradigm: ‘identity holder present’

The knock-on implications of customer-direct data are profound for companies in terms of risk and costs.

Think of it like card payments. For a business, a ‘card present’ transaction is lower risk and therefore lower cost (the payment processing companies charge a lower fee). ‘Card not present’ transactions are more expensive to put through because they carry more risk of fraud and payment chargebacks.

With SSI, we can do the same. Digital wallets enable businesses to get high levels of assurance that the holder of a credential is involved in the transaction. That means higher trust and lower risk interactions – the equivalent of having an ‘identity holder present’ watermark on every transaction.

Any other digital identity processes would be considered ‘identity holder NOT present’ which means more risk, and therefore would cost more.

So the very economics of the costs vs benefits suggests that SSI will become the preferred approach.

But back to customer relationships. If a company can seamlessly ask for whatever data is needed at that moment, for that specific transaction or purpose, then why would they ever need to envy others’ troves of customer data – which will be likely out of date, expensive to manage, and introduce more liability than value?

Maybe we can call it the envy shift: from being jealous of others’ massive data collection capabilities to envying the seamless, frictionless, and low-cost user experiences of competitors who inevitably will start taking market share.

So I’m betting that when the penny drops and businesses fully embrace the opportunities provided by self-sovereign identity – including asking customers directly for data with one click – they’ll be tickled pink. Which will be better than being green with envy.

Enjoyed this chapter?

You can find our entire series on the Seven Deadly Sins of Digital Customer Relationships here, or use the buttons below to view the previous and next chapters:


Previous Chapter

6. Pride

How open ecosystems and true data portability can move us beyond proprietary systems once and for all, to the benefit of organizations and individuals alike.

7 Deadly Sins of Digital Customer Relationships

Next Chapter


A summary of the seven deadly sins, and self-sovereign identity’s lasting legacy in breathing life and trust back into our digital economies, and into our digital lives.