The government has issued its response to last year’s call for evidence around digital identity, stating that it will now develop proposals for a legal framework to remove regulatory barriers and establish safeguards for citizens.

The consultation outcome explained that responses called upon the government to take a lead role in developing the UK’s digital identity economy.

“You wanted to see us create a clear framework that enables businesses to innovate; you wanted us to enable individuals to access the products and services they want with ease, confident that they are protected from fraud and that robust privacy protections are in place,” said Matt Warman, minister for digital infrastructure.

The Cabinet Office and Department for Digital, Culture, Media & Sport (DCMS) stated that they will also now work on developing the next generation of digital identity use in government, promoting a pragmatic approach to international digital identity standards.

The call for evidence received 148 responses from a wide range of sectors, with technology professional services and financial services most heavily represented.

Respondents generally recognised the importance of privacy protections for trust, although there were different opinions on what privacy meant in the context of digital identity. “Some respondents from civil society cautioned that any digital identity system must not force the sharing of personal data or exploit the user into sharing more personal data,” noted the response document.

Again, there was a lack of agreement on the best delivery model, but an overall warning that a lack of government action could create overly complicated or fragmented markets. They also pointed out that a lack of clear definition around digital identity could cause confusion, with many urging government and industry to increase public education levels.

Several responses identified that the success of digital identity schemes depended on achieving widespread adoption. Respondents felt the government was best placed to establish consistent standards, develop meaningful accountability and enforce compliance.

Some advocated for a similar body to the Information Commissioner’s Office (ICO) to build public confidence by being an independent organisation protecting consumer and citizen rights – noting how the ICO helped with the awareness and rollout of the General Data Protection Regulation.

Several technology options - including distributive ledgers, biometrics and digital identity wallets - were suggested as ways to aid inclusion or safeguard rights. However, there was no consensus on these technologies, which tended to polarise opinion.

Little evidence was provided in relation to cost models. Some stated that costs could focus around the provision of attribute checking, although others cautioned against any model where user data was commercialised for any sort of profiling, algorithm training or marketing. A small number of submissions indicated the potential for user data to be commercialised if consent is provided.

Various government departments have been brought together in a cross-government strategy board, which guides the work of the digital identity teams in the Government Digital Service, focused on the use of digital identity within government, and DCMS, focused on enabling the use of digital identity in the private sector.

The board has developed principles to frame digital identity delivery and policy in the UK, which will be reviewed on an annual basis.

1. Privacy – When personal data is accessed citizens will have confidence that there are measures in place to ensure their confidentiality and privacy. Where possible, citizens select what personal data is shared. Organisations will have privacy standards to uphold and will need to prove their ongoing compliance.
2. Transparency – Citizens must be able to understand by who, why and when their identity data is used when using digital identity products.
3. Inclusivity – This means those who want or need a digital identity should be able to obtain one. We will look at how citizens could use different attributes (e.g. name, date of birth etc.) held across government and by other parties to support identity proofing.
4. Interoperability – Setting technical and operating standards for use across the UK’s economy to enable international and domestic interoperability.
5. Proportionality – User needs and other considerations such as privacy and security will be balanced so digital identity can be used with confidence across the economy.
6. Good governance – Digital identity standards will be linked to government policy and law. Any future regulation will be clear, coherent and align with the government’s wider strategic approach to digital regulation.

The principles will inform how the government develops a legal framework to remove regulatory barriers; develops the next generation of digital identity use in government; explores with citizens how they want to use their government-held identity attributes; promotes a pragmatic approach to international digital identity standards; and further enables the secure use of digital identity without the need for ID cards.

The government stated that it plans to update existing laws on identity checking to enable digital identity to be used in the greatest number of circumstances.

It will consult on developing legislation to set provision for consumer protections relating to digital identity, specific rights for individuals, an ability to seek redress if something goes wrong, and where the responsibility for oversight should lie.

The government will also consult on the appropriate privacy and technical standards for secure digital identities, looking at how to establish sufficient oversight of these standards to build trust and facilitate innovation – providing organisations with a handrail to develop new future facing products.

The UK’s transposition of the fifth Anti-Money Laundering Directive highlights how digital identities can reduce risks in non face-to-face financial transactions.

Future legislation will bring further potential for regulators to authorise the use of digital identity in their context. The government is also considering options to ensure citizen online accounts and data are adequately safeguarded, reducing opportunities for cyber crime.

In the light of the COVID-19 pandemic, which has led to unprecedented demand for key online services using digital identity, the government announced in April that the Cabinet Office could continue GOV.UK Verify operations for up to a further 18 months.

Looking beyond GOV.UK Verify, departments have committed to using standards-based digital identity.

Meanwhile, a Document Checking Service pilot is underway to test the commercial and technical feasibility of responsibly opening up part of the government’s authoritative identity data.

The consultation announcement comes less than a week after techUK published its whitepaper on digital identity, demanding government action on the issue in order to make sure it forms part of the post-COVID recovery.

Julian David, chief executive at techUK said that the intimation that government will open government-held data for wider use is welcome. “However, we are very keen to work with the government to develop plans which are more detailed, more widespread in terms of opening opportunities for SMEs and with faster implementation, with real progress this year.”

In terms of the promises for action, he added that while they address the right issues, government must turn them into concrete plans.

“Consultation on privacy, on standards and legislative change must be done rapidly and then action must meet the scale of the opportunity – this means concrete plans must be developed and we must convert the welcome rhetoric in this response into action with urgency if we are to establish the digital economy the UK needs.”

Share Story: