Links this week are a bit late due to my travel to fabulous São Paulo, Brazil for NetBr’s Overflow conference. My Mastering IAM’s Higher Purpose talk addressed identity not just as a shared service, but as a product with a bewildering variety of customers. Hence the jobs-to-be-done appearance above.

I’m grateful to NetBr and its fearless leader Andre Facciolli for helping me broach this topic from stage and with its customers. If we want to see success in our IAM programs, this is the kind of “CIDO conversation” we need to have.

Now on to the links…

Share

In a world first, Brazilians will soon be able to sell their digital data

From Rest Of World, 30 May 2025

If implemented, Brazil’s will be the first public-private partnership that allows citizens, rather than companies, to get a share of the global data market, currently valued at [USD] $4 billion and expected to grow to over $40 billion by 2034.

Last week I was able to experience Brazil’s impressive edge in payment tech first-hand as I moved about, doing my part for the local economy by selflessly buying souvenirs and coffees. :) And as we know, payment and identity are like a binary star — two components that are “gravitationally bound to and in orbit around each other.”

Will this dWallet data ownership pilot project find success?

The project takes its place in a long line of experiments to allow people to participate directly in the personal data monetization economy. (My team at ForgeRock worked with partners to propose an “operator tokenomics” model in 2022, as one example.) The multi-sided nature of these markets makes ecosystem predictions very tricky indeed. I’m interested to learn what the nth-order effects are.

Banking data reveals early warning signs of cognitive decline in older adults

From Medical Xpress, 16 June 2025

Speaking of banking and personal data…

The study … compared 16,742 individuals who were registered for power of attorney (PoA) due to a loss of financial capacity with a control group of 50,226 matched individuals without reported capacity loss. …

[S]ubtle but significant changes in financial behavior … begin to appear several years before individuals are formally identified as lacking financial capacity. …

"It is a powerful demonstration of how anonymized banking data can be used responsibly to protect the most vulnerable members of society."

Hmm. Having written on ways to use persona-driven identity as a security control, I can certainly see early cognitive decline as a kind of emergent persona that is detectable from context. And the medical implications, as well as the implications for delegated authority, are interesting. But it remains to be seen whether data that can be used responsibly will be. What do you think?

Leave a comment

The Privacy Americans Are About to Lose

From Kim Hamilton Duffy, 24 June 2025

Speaking of wallets and data monetization and jobs-to-be-done…

This post — third in a series on mobile driver’s license (mDL) privacy — is a must-read, and not just because Kim injects two awesome phrases, accidental privacy and digital recklessness:

In the mDL discussions, we’ve been operating from different assumptions because most of the world doesn’t understand how Americans actually use driver’s licenses. Unlike many countries that have widely-used national ID cards for identification and separate licenses for driving, the United States uses driver’s licenses as the de facto national identification for countless daily activities.

Here’s my take, replayed from LinkedIn:

This is a phenomenal post, in great part because it catalogues the many affordances around traditional licenses that have grown into legitimate jobs-to-be-done.

I fear the #NoPhoneHome push is insufficient to actually restore “accidental privacy” (great phrase!) and that digitizing licenses itself will be the root of various other losses even without phone-home. We saw many unintended consequences of electronic health records as well, such as physicians spending less time actually engaging with patients.

If you’re unfamiliar, #NoPhoneHome is a petition, launched in early June, advocating for identity wallet tech to swear off making direct server calls. I was asked to sign but ultimately felt that this take lacks so much nuance that it’s unhelpful. As my SXSW talk noted, what’s even less safe than driving without a seatbelt on is thinking you have one on when you don’t. Without truly extraordinary assurances, people still need to assume tracking.

Thanks for reading! If you’re already making plans for 2025’s identity conference season no. 2, consider adding my unique education, perspective, and foresight to your conference events, customer gatherings, and webinars. I’m already scheduling events into December.

Book a free consultation