Editorial

Government puts digital identity under the spotlight

DCMS announces updates plans “to unlock the UK’s digital identity economy”

Posted 1 September 2020 by

The government has announced its next steps in its plan to introduce digital identity across the UK.

They include plans to update existing laws to enable digital identity to be used as widely as possible, alongside a new set of guiding principles for policy development.

The Department for Digital, Culture, Media & Sport (DCMS) said the proposals come after 2.6 million people made a claim for the Self-Employment Income Support Scheme online since its launch in May. DCMS said 1.4 million claimants had no prior digital identity credentials and needing to pass through HMRC’s identity verification service.

“We want to make it easier for people to prove their identity securely online so transactions can become even quicker – it has the potential to add billions to our economy,” said digital infrastructure minister Matt Warman. “I look forward to working with partners in the private sector to unlock the UK’s digital identity economy.”

The government said it will consult on “developing legislation for consumer protection relating to digital identity, specific rights for individuals, an ability to seek redress if something goes wrong, and set out where the responsibility for oversight should lie.”

It will also consult on the appropriate privacy and technical standards for administering and processing secure digital identities.

DCMS cites 2019 figures that show a 32 percent rise in identity fraud over five years, with 223,163 cases recorded in that year alone – up 18 percent on the previous year.

Guiding principles

A new government Digital Identity Strategy Board has also developed six principles to strengthen digital identity delivery and policy in the UK.

The six principles it outlines are:

1) Privacy: When personal data is accessed people will have confidence that there are measures in place to ensure their confidentiality and privacy; for instance, a supermarket checking a shopper’s age, a lawyer overseeing the sale of a house or someone applying to take out a loan.

2) Transparency : When an individual’s identity data is accessed when using digital identity products they must be able to understand by who, why and when. For example, being able to see how your bank uses your data through digital identity solutions.

3) Inclusivity: People who want or need a digital identity should be able to obtain one. For example, not having documentation such as a passport or driving licence should not be a barrier to not having a digital identity.

4) Interoperability: Setting technical and operating standards for use across the UK’s economy to enable international and domestic interoperability.

5) Proportionality: User needs and other considerations such as privacy and security will be balanced so digital identity can be used with confidence across the economy.

6) Good governance: Digital identity standards will be linked to government policy and law. Any future regulation will be clear, coherent and align with the government’s wider strategic approach to digital regulation. For example, firms verifying your identity will need to comply with laws around how they access and store data.

The government is also exploring how secure checks could be made against government data. This month the Document Checking Service pilot scheme was launched to provide access to digital services which require identity checks, such as online mortgage applications, financial services and recruitment onboarding.

Cautious optimism

“Along with other industry stakeholders I welcome this development, albeit cautiously as the ‘devil is always in the detail’ and that is yet to come,” said Think Digital Partners publisher, Matt Stanley. “The principles seem fine as far as they are described and generally reflect similar sets in Canada, New Zealand and other nations, though it’s unusual to see ‘security’ missing from the list since all the other principles would rest upon that requirement. But perhaps it is implicitly assumed.

“Government is an authoritative source for much of our identification-related data so I do hope that those sources will be enabled to assert yes/no confirmation to claims put to them from assured third parties, with the individual’s explicit consent of course. The reference to standards is commonplace but without credible assessment and certification of providers, devices and device apps, standards alone can’t move the dial on these principles. Trust and accountability is essential to enable consumers to have confidence and industry to innovate.

“We will obviously be following this very closely in our Digital Identity for Government conference series which continues this November but I for one am cautiously optimistic.”