Tous les articles

Personal data theft: what solutions?

December 12, 2024
Analysis of the causes and consequences of personal data piracy and ways to restore trust.

Personal data theft: what solutions?

A hyperconnected society means that the sharing of personal information is becoming commonplace. Whether on social networks, e-commerce sites or mobile applications, we leave traces every day after our visit.

However, this profusion of data raises a major concern: the theft of personal information.

We no longer count the number of businesses that have been victims of customer data theft. For example, in February 2024, a large-scale attack affected half of the French population. More than 33 million people have had information held by their complementary health insurance stolen.

Data theft is a complex phenomenon that goes beyond the simple unauthorized appropriation of information. It includes the collection, use, and dissemination of personal data without the informed consent of the individuals concerned. This problem is causing growing concern among the population.

Today, more and more people don't fully understand why businesses need to collect so much information and are questioning this model. This misunderstanding fuels widespread distrust, even of organizations that say they don't store the data they collect.

Public distrust of data sharing

Although these data collections originally took place to ensure the smooth functioning of businesses. They are now arousing growing distrust among the population.

This distrust can be explained by several factors:

Multiplication of the dangers of sharing personal data

Identity theft via stolen data

A hacker accesses a database containing personal information (names, addresses, social security numbers, etc.) following a cyberattack.

This information is then used to open bank accounts, apply for loans, or make online purchases on behalf of the victim.

Targeted phishing (spear phishing):

After your personal information (email, phone number, etc.) is stolen, cybercriminals send personalized messages to encourage you to provide additional data (passwords, bank card numbers).

Financial scams

With your bank details or login details, scammers make fraudulent transactions, transfer money, or make online purchases.

Personal or business account theft

cybercriminals target online accounts (emails, social networks, banking services) using stolen passwords or techniques such as phishing and credential stuffing (automatic testing of stolen passwords on multiple platforms) .Professional accounts, in particular emails or business management tools (Slack, Microsoft 365, etc.), are prime targets.

Misunderstanding the reasons for sharing data

A lot of people don't understand why businesses need so much personal information. Privacy policies, which are often long and complex, do not help to clarify the situation. This opacity fuels fears about the real use of the data collected.

Skepticism about claims of non-storage of data

When businesses say they don't store the data they collect, they run up against a wall of skepticism. Recurring data breach scandals have shaken public trust. Users remain wary and question whether these statements are really reliable.

The limits of current technical solutions

Faced with these concerns, various technical solutions have been proposed.

The homomorphic hash example

Homomorphic hashing is a technique that allows encrypted data to be processed without decrypting it. In theory, this should protect the confidentiality of information. However, this approach also raises concerns.

The simple fact that their information is being processed, even in a transformed form, is seen as a potential threat to their privacy. There is also the persistence of concerns about the possibility of recovering the original data.

Despite the technical guarantees, many fear that it will not be possible to find the original data from the encrypted information. This fear, whether founded or not, illustrates the lack of confidence in the solutions offered by technology companies.

A new approach: ownership of personal data

Faced with these challenges, a new approach is emerging: giving individuals ownership and control of their own data.

The concept of individual data ownership

This approach proposes to consider personal data as the property of the individual, in the same way as his material assets. This means that each person would have the right to decide how their data is used, shared, or stored.

In this model, based on the principle of Self Sovereign Identity Users could choose exactly what data they want to share with which companies, and for what purposes. They would also have the option to revoke these permissions at any time.

The benefits and challenges of this approach

This approach has several advantages:

  • It reinforces the autonomy of users.
  • It could increase trust in the digital ecosystem.
  • It would encourage businesses to be more transparent about how they use data.

However, it also raises challenges:

  • The technical implementation of such a system would be complex.
  • The business models of many businesses should be rethought.
  • The regulations should be adapted to frame this new system.

To go further

An article in Le Point questions this idea of individual ownership of personal data.. This article looks at the controversial idea of giving individuals ownership over their personal data, thereby forcing tech giants like google, facebook and amazon to remunerate users for the exploitation of this information.

This proposal aims to remedy a perceived economic imbalance between the profits generated by these companies thanks to user data and the apparent free nature of the services offered in return.

It also comes amid growing concerns about mass surveillance and privacy in the face of the pervasive collection of data by various connected devices.

Although supported by some thinkers, this idea is opposed by organizations such as the CNIL for whom the data is of an inalienable nature. You shouldn't be able to sell or own them.

Conclusion

The challenge of protecting personal data is crucial today. The current public distrust of data collection and processing practices calls for change. The idea of giving individuals ownership of their data offers an interesting way to restore trust and ensure a better balance between technological innovation and respect for privacy.

ShareID provides a strong and compliant authentication solution that allows for secure authentication.

Our particularity is our method of managing and securing the personal and biometric data of our users. In fact, we never store data and thus avoid any risk of theft or possible alteration of your personal data.

Contact us today to find out more about our strong authentication solutions.

Personal data theft: what solutions?

RéglementationExigence cléRéponse ShareIDRésultat pour vous
DSP2 – Directive (UE) 2015/2366 + RTS SCA (UE 2018/389) Source DSP2 : Directive (UE) 2015/2366Authentification forte du client (SCA) obligatoire (art. 97) avec lien dynamique (art. 5 RTS) et indépendance des facteurs (art. 9 RTS).- Full IDV : authentification du document d’identité + biométrie (détection du vivant) - MFA 3.0: Ré-authentification forte basée sur l’identité Full IDV + MFA 3.0Conformité immédiate SCA ; fluidité pour l’utilisateur, sécurité renforcée.
DSP3 / Payment Services Regulation (projet) Source RTS SCA : Règlement délégué (UE) 2018/389 Entrée en vigueur prévue en 2025/ 2026.Articles 85–89 : consolidation de la SCA, règles d’accessibilité, clarification des exemptions.- Full IDV : authentification du document d’identité + biométrie (détection du vivant) - MFA 3.0: Ré-authentification forte basée sur l’identité Solution déjà alignée sur les parcours biométriques & exemptions. MFA 3.0Anticipez les évolutions futures sans refonte lourde.
DORA – Règlement (UE) 2022/2554 Source DORA : Règlement (UE) 2022/2554Authentification forte pour protéger les systèmes et les données critiques (art. 9(4)(d)), encadrement strict des prestataires de Technologie de l’information et de la communication (art. 28–30).- MFA 3.0: Ré-authentification forte basée sur l’identité. Intégrable via SDK/API (iOS, Android, Web), traçabilité complète. MFA 3.0Sécurisation des systèmes d’informations critiques, conformité démontrable aux superviseurs.
eIDAS (UE 910/2014) + implémentation 2015/1502 Source eIDAS (2014) : Règlement (UE) 910/2014Niveaux simple / substantiel / élevé ; multi-facteurs encouragés pour les niveaux substantiel et élevé.Authentification des documents + biométrie (détection du vivant). Full IDVValeur probante proche d’un contrôle présentiel.
eIDAS 2 – Règlement (UE) 2024/1183 Source eIDAS 2 : Règlement (UE) 2024/1183Les EUDI Wallets devront fonctionner à un niveau d’assurance élevé, avec partage sélectif d’attributs.- MFA 3.0: Ré-authentification forte basée sur l’identité Intégrable via SDK/API (iOS, Android, Web), traçabilité complète. MFA 3.0Intégration fluide des futurs portefeuilles européens.
MiCA – Règlement (UE) 2023/1114 Source MiCA : Règlement (UE) 2023/1114Les prestataires de services sur crypto-actifs doivent appliquer les obligations KYC/AML (Directive 2015/849) ; art. 76 impose CDD (renforcement de la vigilance client) renforcé pour certaines plateformes.Authentification des documents + biométrie (détection du vivant) = anti-deepfake et anti-spoofing. Doc IDV ou Full IDVRéduction drastique des fraudes, conformité crypto-AML.
ETSI TS 119 461 (V2.1.1, 2025) Source ETSI TS 119 461 : Norme européenneVérification d’identité à distance : 5 étapes (initiation → collecte → validation → liaison → résultat). Liveness et anti-spoofing obligatoires pour les parcours à distance.- Enrôlement complet : authentification des documents + Biométrie (détection du vivant) - Algorithmes entraînés sur une base de données de vrais et de faux documents de la Gendarmerie Nationale. Full IDVEnrôlement KYC robuste, valeur probante reconnue.
FIDA – Financial Data Access (projet) Source FIDA (proposition) : Commission européenneConsentement explicite, traçable et révocable via des tableaux de bord.- MFA 3.0: Authentification forte basée sur l’identité au moment du consentement + réauthentification fluide avec un simple sourire. MFA 3.0Accès aux données conforme et centré utilisateur.
RGPD – Règlement (UE) 2016/679 Source RGPD : Règlement (UE) 2016/679Durée de maintien de données chez ShareID paramétrable. Aucun stockage biométrique : hachages homomorphiques brevetés , ISO 27001.Image de marque, risque réglementairejuridique réduit, confiance accrue des régulateurs et clients.



← Tous les articles
Our newsletter - Digital Consciousness

Each month, get tips and tricks to protect yourself against online fraud.

Paris
San Francisco
Casablanca
Copyright © 2025 ShareID, Inc. All Rights Reserved.