A Legal Approach by Nodari Gorgiladze
Today in the United States, digital identity is actively used to grant individuals access to bank accounts and financial platforms, electronic government services, and mobile authentication systems.
However, in the absence of legally recognized ownership rights over digital identity, users remain dependent on service providers and platforms, which creates risks to privacy and economic freedom. According to research, 87% of Americans can be uniquely identified using only a ZIP code combined with gender or date of birth. This demonstrates how vulnerable digital identity becomes when legal regimes fail to protect control over personal data.
As a result, the legal status of digital identity is increasingly moving beyond the realm of technical discussions and becoming a subject of legal analysis. A fundamental legal question arises: can digital identity be owned in the same manner as property?
One of the researchers who systematically addresses this issue is Nodari Gorgiladze, an expert in Digital Law, the first inventor of a U.S.-patented protocol for the tokenization of real-world assets, and Director of the program at NOTA Digital Currencies Research Center Inc. This issue lies at the core of his 2025 study “Digital Identity Tokenization as a Challenge to Traditional Legal Concepts of Property,” published in the journal Ukrainian Political and Legal Discourse. In this work, he analyzes how the tokenization of digital identity reshapes traditional notions of ownership, control, and personal rights, and why classical legal constructs fail to function adequately in digital environments.
When Classical Property Law Ceases to Be Universal
Gorgiladze emphasizes that property law historically evolved to govern tangible objects—real estate (land, buildings, apartments) and movable property. Digital identity does not fit within this framework.
“As it combines personal data, elements of intellectual property, and digital records existing within distributed systems,” the researcher explains.
He demonstrates that modern technologies—blockchain, decentralized identifiers (DIDs), and verifiable credentials—already allow individuals to exercise technical control over their digital attributes.
“The user decides when, how, and to whom information is disclosed,” he notes. “However, legal systems continue to apply approaches designed for physical objects, resulting in regulatory gaps.”
As early as 2021, within the G20 framework, digital identity was recognized as a priority element of digital government and economic inclusion, with the United States participating in these discussions and contributing analytical data.
Control Exists, Ownership Does Not
According to data from the analytical company Research Nester, the global digital identity market was valued at approximately USD 64.86 billion in 2025, with projections reaching nearly USD 490 billion by 2035.
Despite these figures, none of the legal systems analyzed by Gorgiladze—the United States, the European Union, Ukraine, or Singapore—recognize a digital identity token as an object of full ownership.
“In the United States, a fragmented model prevails, where the concept of ‘control’ over electronic records partially substitutes ownership, without recognizing ownership rights over identity itself,” Gorgiladze explains. “In the EU, the dominant approach focuses on personal data protection and the rights of the data subject under eIDAS 2.0 and GDPR.”
Ukraine, according to his observations, is harmonizing its legislation with EU standards, treating digital identity primarily as a trust service instrument. Singapore combines centralized systems with elements of decentralization, also without recognizing identity as property.
A common feature across these jurisdictions is that digital identity is primarily treated as a carrier of personal rights rather than as an alienable asset.
As noted in the American Bar Association journal Jurimetrics (Winter 2024):
“There is no definitive right to identity in the United States. Rather, federal and state laws form a patchwork of identity protection.”
Thus, the question of ownership rights over personal data and digital identity remains unresolved, and legislative development in this area proceeds slowly. Only in 2022 did the United States adopt UCC Article 12, introducing the concept of “controllable electronic records” (CERs)—electronic records that may qualify as property if certain conditions are met. Effectively, prior to 2022, tokens (including NFTs and potential digital identity tokens) lacked a clear legal basis for recognition as property.
“Control Without Ownership” as a New Legal Logic
In response to this legal uncertainty, Gorgiladze proposed the concept of “control without ownership”, or “digital possession,” in his 2025 work as an alternative to classical property rights. The idea is that a user can exercise full control over a digital identity token—managing access, authenticating themselves in digital environments, and restricting data use—without transforming identity into a commodity.
“This approach preserves personal sovereignty and minimizes the risks of commodifying identity,” the researcher explains. “Law begins to view possession not as a static property right, but as a dynamic system of powers where control is central.”
Contemporary research on digital identity supports concepts closely aligned with Gorgiladze’s approach. For example, Frederico Schardong and Ricardo Custódio emphasize that the Self-Sovereign Identity (SSI) model places users at the center of data governance:
“The user maintains and controls their data in this model. When a service provider requests data, the user sends it directly, bypassing third-party intermediaries.”
This reinforces Gorgiladze’s core thesis: effective control over digital identity is achievable without recognizing it as traditional property, allowing users to retain autonomy and reduce dependence on platforms and providers.
Expert Commentary
From the perspective of U.S. law, the concept does not conflict with existing legal frameworks.
“On the contrary, it strengthens the principle of user autonomy in digital environments,” notes Dmytro Lyushenko, an expert in international law and digital inheritance. “U.S. regulators could view such a system as an innovative means of ensuring privacy and security without redefining ownership rights.”
An Issue That Affects Everyone
Personally identifiable information (PII) is not treated as user-owned property by default. Companies collecting such data often hold extensive legal rights to use and distribute it—for example, for targeted advertising—effectively exercising greater control over the data than the individual. Users cannot exclude third parties from using their digital information, a classic indicator of the absence of ownership rights.
Tracking research shows that since 2010, behavioral tracking has increased by approximately 400%, meaning each website visit triggers dozens of independent data-collection processes. Yet no U.S. state explicitly recognizes these digital profiles as property owned by the user.
Conclusion
The situation calls for change. The concept of “control without ownership” outlined by Gorgiladze offers a viable legal framework that aligns technological capabilities of self-sovereign identity with existing legal systems. It provides a practical direction for the evolution of digital identity regulation—one that balances innovation, autonomy, and legal certainty.
https://orcid.org/0009-0007-2384-0036
