DSIT publishes results of public digital identity trust consultation

The Department for Science, Innovation and Technology (DSIT) has published the results of its public consultation on building trust in digital identity solutions.

Summarised findings from the public dialogue show that attitudes to digital identity services shifted during the process, highlighting the need to view results in the context of the social, economic and political situation in 2023 when the research took place.

The report said those who participated in the research thought accountability and transparency were “at the core of trustworthy digital identity services” and called for a clear route in the digital identity trust and attributed framework outlining actions to minimise long-term risks.

“They argue for longer-term assurances, articulated in the trust framework, that their data will be held carefully and protected,” the report said.

It added that having control of their data was key to the participants, as well as assurance that they will have a choice about who they share their data with and why.

“They call for the public voice to be centred as the primary stakeholder of digital identity services,” the report said.

The consultation found that the public wants the government to be accountable and transparent when it comes to digital identity. Some suggested a government department, working together with academia or another public sector body, should take responsibility for delivering identity services.

“These participants articulate a ‘trust tension’: whilst they do not trust government, they feel that a public sector organisation, a non-profit organisation or a research consortium might be more trustworthy than private sector organisations,” the report said.

“This is seen as more trustworthy as it would operate without vested interests or the need to satisfy company shareholders.”

“Whilst [public participants] do not trust government, they feel that a public sector organisation, a non-profit organisation or a research consortium might be more trustworthy than private sector organisations”

The digital trust and attributes framework was first published in 2021 and is continually iterated. It sets out how digital identity providers can become certified, and so far around 40 providers have received accreditation.

Those who participated in the research were keen to know that the digital identity providers aren’t just motivated by financial gains, and called for the trust framework to make it clear that public benefit is a core value to those being certified.

“Monetisation of the system causes concern, particularly when they think about digital identity service providers charging other organisations to access user data,” the report said. 

Some participants are also concerned that there are too many digital identity providers involved.

“For some, the number of private sector companies involved is a problem and a challenge for developing trust in the system and ensuring effective oversight. There is a concern that with over 40 companies in the system, it will be hard for individuals to differentiate between the different services on offer.

“As a result, they call for consistency in approach, set out in the trust framework rules and the certification process, with independent oversight.”

Another issue raised by the public is the over-reliance on digital services, and issues arising should something go wrong, including the loss of digital devices, or emergency situations such as floods or power cuts.

Accessibility is another concern among the public, particularly for disabled or elderly people, or those digitally illiterate.

“They are concerned for people who do not have, and cannot afford, a smartphone, a tablet, a computer or the broadband to access the internet. They are also worried about those who do not have English as their first language and will be excluded if they can’t understand basic instructions,” the report said.

The participants suggested several amendments to the trust framework, including embedding simplicity and having a “rigorous, effective and human-centred complaints procedure”. DSIT has proposed the changes, alongside others, including the importance of inclusion and ensuring digital identity services are future-proofed.