At Procivis, we've developed distinct advantages that make our solutions stand out in the marketplace. These advantages deliver tangible benefits and address the real challenges organizations face with digital identity. Over the next several weeks, we'll explore the key advantages that set Procivis One apart in an article series. It’s the unique combination of properties that sets Procivis One apart in the market:
Flexibility and Interoperability | Enterprise-Ready | End-to-End Experience | Privacy by Design | Scalable Performance | Deployment Freedom
Why is Privacy Important?
Digital identity systems deal with some of the most sensitive data we can share online – information that uniquely identifies us and enables access to critical services. When this data is issued or certified by government bodies, the potential for misuse, surveillance, or unintended tracking increases significantly. That’s why trust in the security and privacy of the system is not just a nice-to-have, but a fundamental requirement. For digital identity to be adopted at scale, users must feel confident that their personal information is handled with the utmost care, and that the system itself cannot be used against them.
Privacy isn’t just a feature for us, it’s a foundation. For several team members, ensuring privacy is the driving force behind their involvement in this project. We recognize a simple truth: you can always configure a private system to behave less privately – but you can’t retrofit privacy into something that wasn’t built with it from the start. That’s why we design with maximum privacy in mind, at every layer of the architecture.
Designing for Privacy
Modern digital identity systems are shifting away from traditional, centralized models toward decentralized architectures built around a three-party model: issuer, holder, and verifier. In the centralized “Identity Provider” (IdP) approach, a single authority authenticates users and mediates every interaction. This creates significant privacy concerns because every transaction can be logged – the issuer can see what the user is doing, when and especially where they use their identity. It introduces an inherent potential for surveillance, simply due to the architecture.
In contrast, decentralized identity puts individuals in control. The issuer provides verifiable credentials to the holder (typically a citizen or user), who stores them locally in a secure wallet. When interacting with a verifier, the holder can selectively disclose only the necessary information. Crucially, the issuer is not involved in the verification step. This breaks the real-time connection between authentication and the credential issuer, eliminating passive tracking and surveillance risks.
We design for privacy at every layer of the system by following key principles:
- Eliminate “phone home” mechanisms: Verifications occur entirely between the holder and verifier. Issuers are not contacted during credential presentation, ensuring they cannot track how or where credentials are used.
- Eliminate back-channel interactions: We avoid hidden communications between verifiers and issuers that are not visible to the holder – particularly in sensitive areas like credential revocation.
- Support selective disclosure: Holders can disclose only the information necessary for a specific interaction, without revealing more than required.
- User control: Credentials are stored and managed by the holder, not by a central authority. Users choose when and how to use their identity.
By eliminating unnecessary intermediaries and giving users full control over their data, we ensure that privacy isn’t just promised. We’re proactively building our decentralized architecture with privacy at its core – closely monitoring and integrating emerging industry standards as they solidify.
Current Challenges in Privacy-Preserving Digital Identity
Developing privacy-first digital identity solutions means navigating a complex landscape of competing priorities. While principles like user control and data minimization are well understood, their implementation often involves nuanced trade-offs and technical challenges.
One area where these tensions surface is the intersection of regulation and privacy. For instance, the eIDAS regulation mandates that Member States must support wallet revocation “upon the explicit request of the user”. This introduces the need for mechanisms such as wallet attestations, that may unintentionally compromise unlinkability.
Similarly, the relationship between security and privacy presents its own complexities. Advanced cryptographic techniques, like zero-knowledge proofs, offer powerful privacy protections. However, their adoption is limited by regulatory uncertainty and the maturity of supporting infrastructure such as hardware security modules (HSMs) and secure elements in mobile devices.
Conclusion: Building the Future of Trust
Privacy is not a constraint – it’s a prerequisite for digital trust. As digital identity systems become more embedded in everyday life, the responsibility to safeguard personal data only grows. At Procivis, we believe that meaningful privacy protection must be embedded from the start, not bolted on later. By combining a decentralized architecture with strong user control, selective disclosure, and ongoing alignment with regulatory and technical standards, we’re helping define what trustworthy digital identity should look like – now and for the future.
