Patryk Kosmider -

UK government unveils next steps in digital identity plans

Long-awaited response to July 2019 consultation highlights private sector demands for digital identity support from government

The government has announced the next steps in its plans for digital identity across the UK and has finally released its long-awaited response to the 2019 call for evidence seeking views on future policy.

A new Digital Identity Strategy Board will oversee plans to update laws and develop new consumer protection legislation to support the use of digital identities across the UK. The board will also ensure that suitable privacy and technical standards are in place to allow interoperability and establish individuals’ rights over the use of their digital IDs.

Last year, the government announced the creation of a Digital Identity Unit (DIU), which was meant to combine resources from the Department for Digital, Culture, Media and Sport (DCMS), which owns policy for the use of digital IDs outside government, and the Cabinet Office, which is responsible for its use within Whitehall. The DIU will continue to exist “informally” as a “collaboration between these departments”, according to DCMS.

However, the new board will include a much wider group of stakeholders, adding the Home Office, the Department for Work and Pensions (DWP), HM Revenue and Customs (HMRC), the Department for Health and Social Care, the Departments for Transport, Business, Energy and Industrial Strategy, and HM Treasury, with a representative from the Information Commissioner’s Office also in attendance. 

A consultation on digital identity was launched in July 2019 and was completed the following September. The government response was due to be unveiled by the end of 2019, but was subsequently delayed until spring this year – and only now has it finally been released.

The government received 148 submissions to the call for evidence, many of which focused on issues around privacy, trust, and the role of government in enabling a private sector market for digital identities.

Companies particularly want to be allowed access to trusted government data, such as passports and driving licences, to help people prove that they are who they say they are when setting up a digital identity for use online.

Last month, the government launched a year-long pilot allowing external access to the Document Checking Service (DCS), which aims to open up passport data to allow private-sector organisations to check identities digitally.

“We want to make it easier for people to prove their identity securely online, so transactions can become even quicker – it has the potential to add billions to our economy,” said digital infrastructure minister Matt Warman. “I look forward to working with partners in the private sector to unlock the UK’s digital identity economy.”

Cabinet Office minister Julia Lopez added: “It is clear that there is a need and an expectation for the government to make it easier for people to use digital identities quickly, safely and securely, and we are committed to enabling this.

“We want to ensure there is transparency for people when they create and use digital identities so that they are always in control of who has access to their data and for what purpose.”

The Digital Identity Strategy Board has developed six principles to underpin its approach, covering privacy, transparency, inclusivity, interoperability, proportionality and good governance (see box below).

The principles are similar to those developed in 2014 by the Privacy and Consumer Advisory Group (PCAG), which was set up by the Cabinet Office to provide independent advice on development of digital identity policy at that time.

The Digital Identity Strategy Board’s six principles

  1. Privacy – When personal data is accessed, people will have confidence that there are measures in place to ensure their confidentiality and privacy; for instance, a supermarket checking a shopper’s age, a lawyer overseeing the sale of a house, or someone applying to take out a loan.
  2. Transparency – When an individual’s identity data is accessed when using digital identity products, they must be able to understand by who, why and when; for example, being able to see how your bank uses your data through digital identity solutions.
  3. Inclusivity – People who want or need a digital identity should be able to obtain one; for example, not having documentation such as a passport or driving licence should not be a barrier to having a digital identity.
  4. Interoperability – Setting technical and operating standards for use across the UK’s economy to enable international and domestic interoperability. 
  5. Proportionality – User needs and other considerations, such as privacy and security, will be balanced so that digital identity can be used with confidence across the economy.
  6. Good governance – Digital identity standards will be linked to government policy and law. Any future regulation will be clear, coherent and align with the government’s wider strategic approach to digital regulation. For example, firms verifying someone’s identity will need to comply with laws around how they access and store data.

The response to the call for evidence also appears to sound the death knell for Verify, the troubled £200m digital identity system developed by the Government Digital Service (GDS). The response said: “Looking beyond Verify, departments have committed to using standards-based digital identity.”

Verify was due to run out of budget in April this year, but was given an 18-month extension by the Treasury because of the surge in Universal Credit applications. DWP has since reduced its dependency on Verify with the adoption of its own in-house product and integration with HMRC’s identity system, which underpinned the Self-Employment Income Support Scheme launched as part of the Covid-19 pandemic response.

GDS has been working on a new system, the Identity and Attributes Exchange, which may prove to be an option for ensuring interoperability of the growing number of public sector digital identity schemes under development.

Last week, technology trade body TechUK called on the government to “urgently prioritise” digital identity as part of its forthcoming digital strategy. The group had previously written privately to DCMS secretary Oliver Dowden to express the industry’s ongoing frustration with the slow progress and continued delays in digital identity policy.

Responding to the government's latest announcement, TechUK CEO Julian David said: “We welcome the fact the response contains promises for action. The government does address the right issues but it must turn them into concrete plans. Consultation on privacy, on standards and legislative change must be done rapidly and then action must meet the scale of the opportunity. This means concrete plans must be developed and we must convert the welcome rhetoric into action with urgency if we are to establish the digital economy the UK needs.”

New regulations in the financial services sector, such as open banking, have also accelerated the need for digital identity and the private sector response to the consultation showed that companies are looking to government to establish the laws and standards necessary for a market to succeed.

Felicity Burch, director of innovation at business lobby group the CBI, said: “This publication [of the response to the consultation] is an important step towards creating a robust digital identity system in the UK. A framework based on privacy, transparency and interoperability will bring many benefits to individuals and firms, providing greater access to online services and increasing productivity.”

Read more about UK digital identity policy

Read more on IT for government and public sector

Data Center
Data Management