CC BY-NC 4.0Martin, NicholasNicholasMartinMetzger, Frederik M.Frederik M.Metzger2024-09-092024-09-092024-09-092024https://publica.fraunhofer.de/handle/publica/474640https://doi.org/10.24406/publica-364310.14254/1795-6889.2024.20-2.110.24406/publica-3643This paper analyses the claim that Self-Sovereign Identity technology (SSI) gives users greater control over their data and identity than established digital identity systems, and studies empirically how users view this claim and its impact on adoption decisions. We argue that the claim is objectively false. SSI does not offer users greater control over their data, though in combination with laws like the GDPR, certain add-on features to SSI might have mildly privacy-/control-enhancing effects. Absent GDPR-like laws, however, SSI threatens to turn into a "disclosure machine" where users are forced to give up more data than they would likely have (or be able to) with extant identity solutions. SSI attempts to solve political-institutional problems through technology/architecture, but cannot eliminate the power imbalances at the heart of users’ lack of control. Presented with an SSI system, we find that most users do not seem to intuitively conclude that it gives them "control" over their data. A minority does however reach this conclusion, and for these people it seems to be an important factor driving adoption decisions.enSelf-Sovereign IdentitySSIPrivacyData protectionInstitutionsGDPRThe chimera of control: Self-sovereign identity, data control, and user perceptionsjournal article