Learner & Employee Privacy
Where does privacy fit in with web3 technologies? Is individual privacy a concern? How will the future protect individuals’ privacy, but also allow for personalized learning?
Privacy and consent mechanisms are the cornerstone of Verifiable Credentials (VC) and Decentralized Identifier Documents (DID), the key underlying Web3 technologies of the IoE.
Traditional models for storing learner, parent, teacher, and employee data—course completions, skill attainment, degrees, badges, certificates—rely on centralized infrastructure such as databases or paper filing cabinets. In the context of learner records, centralized infrastructures have two shortcomings. First, because all learner data is stored in one location, if the security perimeter is breached through human or system error, private learner data is vulnerable to whole-sale privacy leaks. Second, centralized infrastructures limit the options for an individual to leverage their own credentials—often requiring 1) a public endpoint for the credential (in the case of many online certifications and badge), 2) expensive, time-consuming operations like requesting a an official transcript from a registrar, or 3) no access to credentials at all because of issues with the centralized system. How often is somebody’s former work experience no longer available for validation because the old employer has changed their HR system?
On one end of the spectrum, a learner must sacrifice privacy for verifiability of their credential with a public link, on the other hand, a learner gains privacy at the cost of making their credentials virtually inaccessible on a daily basis.
Even if an institution does provide access to the credentials, the credentials are often in a proprietary format from a proprietary access portal—meaning a learner must open up the Learning Management System of their community college to see the skills and achievements from class, then open up Udemy to see their online credentials, then open up another website or app to see their continuing education credits. Today, an individual learner’s understanding of their own skills and credentials is fragmented, complicated, and beyond their control. What if a learner or employee could see and share a complete history of all of their credentials in one, unified space of their choosing?
Web3 will not replace traditional infrastructures—Web3 will augment and enhance traditional infrastructures with critical mechanisms for balancing privacy with rich functionality when it comes to learner and employee data: consent-and-control, interoperability, machine verifiability, and selective, progressive disclosure.
An example will illustrate best: Gabriella is taking nursing classes at a local community college, brushing up on her Arabic in Duolingo, learning Javascript through CodeAcademy, and attending leadership workshops at her library. In an Internet of Education enabled world, each of these institutions—the community college, Duolingo, Codecademy, and her library—issues Gabriella (via her DID identity) a Verifiable Credential at each step of her learning journey: when she develops a mastery in ratios, reaches verbal competency in Arabic, learns React with her first website, and creates impact through a leadership training series she helped design. Because of consent-and-control, she chooses to accept each credential, and chooses how and where to securely store it—privately on her own device with backups in an encrypted Decentralized Web Node she controls, or to broadcast it publicly in an encrypted, peer-to-peer network a lá LinkedIn.
Because of interoperability standards, Gabriella can visualize all of her credentials and skills in one unified experience in an app she downloaded—and she can transfer her credentials to a new app or website if she chose; there is no vendor lock-in on her data. When she applies for a job, or for graduate school, or signs up on a website as a new freelancer, the employer, school, and website can verify her skills and experience from a wide range of sources—instantly, on the spot, and without an internet connection to the original institution, all because of their machine-verifiability. Lastly, Verifiable Credentials provide an additional, powerful privacy feature—the ability to selectively disclose information through Zero-Knowledge Proofs. That is, Gabriella could selectively disclose that she is of working age in a true or false value rather than revealing her actual age to mitigate age discrimination; or that, true or false, Gabriella has a security clearance, has X years of experience, or verifiably worked at X company—without revealing superfluous information until absolutely necessary, or progressively revealing information as further trust is built between Gabriella and the verifying institution.
Each of these properties—consent-and-control, interoperability, machine verifiability, and selective, progressive disclosure—allows Gabriella to consent with confidence into the the functionality of modern applications while leveraging key private credential information as necessary without oversharing: matching markets for jobs and opportunities, pathways and GPS’ for learning, AI mentors and assistants, etc.
Last updated