ID-Side Advocates for User-Centric Encryption in ICO Consultation
24 Jun 2025
As the UK Information Commissioner’s Office (ICO) consultation on encryption closes today, ID-side has submitted a compelling case for encryption as a cornerstone of user-controlled privacy and anti-reidentification. Our company’s patented system enables individuals to store and share encrypted credentials, ensuring minimal and dynamic data sharing. By allowing users to express privacy preferences through encrypted attributes, such as request-based identifiers, our approach enforces data minimization while providing robust security measures under Article 32 of EU GDPR and UK data protection law.
Unlike traditional anonymization (i.e. AdTech tokenisation), which often fails to prevent reidentification, ID-side’s solution leverages reversible pseudonymization via time-bound encryption keys. This empowers individuals to revoke or rekey identifiers, breaking cross-platform data linkage and ensuring compliance with accountability requirements. The system shifts today’s fragmented privacy landscape(where users are forced into repetitive opt-outs)toward a user-centric and an automated model. Encrypted credentials embed default preferences (e.g., "no data sale", "OK with scientific AI training"), requiring businesses to respect these choices before processing data, eliminating reliance on cookies or coercive tracking tactics.
By integrating request-based cryptographic enforcement into data flows, ID-side’s framework aligns with GDPR "accountability", "Privacy-by-design" and "PETs" principles but also purpose and storage limitation while eliminating choice fatigue. The system removes the need for consent banners or manipulative "take-it-or-leave-it" approaches, ensuring privacy preferences are automatically enforced across services. As regulators seek scalable solutions for modern privacy challenges, ID-side’s submission highlights encryption as a critical tool for safeguarding individual rights without compromising usability or security. Taking this contribution into account, the ICO’s doctrine could shape the future of privacy-enhancing technologies in the UK and beyond.
Unlike traditional anonymization (i.e. AdTech tokenisation), which often fails to prevent reidentification, ID-side’s solution leverages reversible pseudonymization via time-bound encryption keys. This empowers individuals to revoke or rekey identifiers, breaking cross-platform data linkage and ensuring compliance with accountability requirements. The system shifts today’s fragmented privacy landscape(where users are forced into repetitive opt-outs)toward a user-centric and an automated model. Encrypted credentials embed default preferences (e.g., "no data sale", "OK with scientific AI training"), requiring businesses to respect these choices before processing data, eliminating reliance on cookies or coercive tracking tactics.
By integrating request-based cryptographic enforcement into data flows, ID-side’s framework aligns with GDPR "accountability", "Privacy-by-design" and "PETs" principles but also purpose and storage limitation while eliminating choice fatigue. The system removes the need for consent banners or manipulative "take-it-or-leave-it" approaches, ensuring privacy preferences are automatically enforced across services. As regulators seek scalable solutions for modern privacy challenges, ID-side’s submission highlights encryption as a critical tool for safeguarding individual rights without compromising usability or security. Taking this contribution into account, the ICO’s doctrine could shape the future of privacy-enhancing technologies in the UK and beyond.