Editorial

Digital Identity: Global Roundup

Digital identity news from around the world

Posted 11 July 2022 by Christine Horton


United Kingdom

Yoti and the Post Office, as well as HooYu are now certified digital identity service providers (IDSPs) for Right to Work, Right to Rent, and criminal records checks in line with the UK Digital Identity & Attributes Trust Framework (DIATF).

The move will enable British and Irish citizens to use their passports to streamline the processes using the firms’ digital ID verification software instead of needing to present physical documents.

Another IDSP, OneID, claims to be the first provider with a 100 percent digital process to achieve this certification. It also says it is the first Orchestration Service Provider (OSP) to receive certification. As an OSP, OneID plays the role of a ‘hub’ to connect all of the UK’s high street banks with providers of any online journey that needs customers to identify themselves.

Additionally, OneID says it is the first ‘Scheme Owner’ to be certified against the DIATF for any roles. The company operates a multi-sector scheme that enables bank customers to consent to safely share their bank-verified identity information.

Global

The global biometric system market is expected to grow at a CAGR of 12.4 percent from 2022 to 2029 to reach $51.6 billion by 2029.

The figures are from a new report, Biometric System Market by Offering, Biometrics Type (Fingerprint Recognition, Voice Recognition), Contact Type, Authentication Type, Platform, Application, End User (Government, Military & Law Enforcement, and Others)– Global Forecast to 2029.

Growing demand for mobile biometrics devices, rising government initiatives for biometrics technology, increasing use of biometric technology in consumer electronics for authentication and identification applications, and growing need for security measures are the key factors driving the growth of the biometric systems market. However, the substantial costs associated with biometric systems and misconceptions and lack of knowledge pertaining to biometric systems are notable restraints affecting the growth of this market.

Ireland

Questions have been raised over Ireland’s plans for facial recognition technology for surveillance. The Irish Council for Civil Liberties (ICCL) has submitted a Shadow Report on what it determines as gaps between the International Covenant on Civil and Political Rights and the reality in Ireland, plus recommendations to rectify them. The group also blames Irish authorities for failing to uphold GDPR, thus allowing surveillance to remain business as usual for digital companies worldwide.

The ICCL report, an alternative to the report submitted by the Irish state, is endorsed by 37 organisations and has identified gaps across areas such as the right to a fair trial and freedom from torture, as well as three breaches involving police surveillance and six across data protection.

Czech Republic / Europe

On July 1, the Czech Republic took over the presidency of the Council of the European Union from France — and for the next six months, it will set the priorities for the EU’s political agenda. One of those priorities is data and digital identity.

The new president of the Council will likely push for the adoption of a pan-European tool to prove a citizen’s identity, the European Digital Wallet. But for the European Digital Wallet to become a reality, the EU needs new data rules governing how institutions and companies would use and have access to a new pool of data.

The Data Act is another piece of legislation that the Czech presidency will likely push in parallel to the Digital Wallet. This new law will provide companies with more access to data, including data from non-EU companies, and it will provide citizens with more control of their data and who has access to it.

Australia

Public servants at the Digital Transformation Agency (DTA) tried to stop the government’s proposed digital identity bill being used to remove anonymity from social media platforms, internal documents revealed, via Crikey.com.au.

The federal government has been pursuing a number of programs to verify the identity and the age of Australians online. The Digital Transformation Agency has drafted a Trusted Digital Identity Bill, while the eSafety Commissioner has been developing an age verification roadmap.

In the preparation for an October 2021 meeting between the Office of the eSafety Commissioner and the DTA, a prepared memo for the eSafety Commissioner’s office suggests that staff were surprised to hear the then minister for employment, workforce, skills, small and family business Stuart Robert suggest in a Sky News interview using the trusted digital identity scheme to reveal the identity of people behind social media accounts.

“It’s not a big step to go forward to say: well, hang on, maybe we should be using digital identity for […] areas where identity needs to be proven,” the minister said, referring to holding social media companies to account over trolling.

“Has the DTA been requested to take any action relating to these public comments?” a section of the eSafety Commissioner’s office memo reads.

Notes made during the meeting show that staff from the DTA hoped to “hose down any scope creep” for the trusted identity scheme: “Noted they are still trying to keep other ideas/suggestions for the digital ID at bay.”

Using the trusted digital identity scheme to reveal the identity of social media trolls would only be possible where Australians were forced to link their social media accounts to their government digital identity — a significantly broader use of the scheme than currently suggested.  

Zimbabwe

Zimbabwe has issued more than 110,000 biometric passports just six months after launching the programme.

At least one million national ID cards and birth certificates have also been delivered since a special campaign launched in April. Local reports quote Zimbabwe’s Registrar General Henry Machiri, who said a total of 110, 195 passports had been issued as of June 3, 2022.

The official is hopeful the current backlog of 200,000 passports (the machine-readable version) will be cleared by the end of the year.

Brazil

A report published by Cambridge University Press highlights data protection and justice concerns related to Brazil’s national digital ID.

Biometric Update reports the paper is part of a broader research agenda developed by the Data Privacy Brasil Research Association and focused on a descriptive and qualitative study of the Brazilian National Civil Identification System (Identificação Civil Nacional, or ICN).

“The present paper […] aims to assist policymakers from Brazil to think of ways and solutions to avoid possible violations of data subjects’ rights, which arise from the implementation of a country-wide unified identification system,” reads the report.

It suggests that there are tensions between the National Identity System and the country’s data protection rules and principles.

Further, the report says that despite hopes of inclusion resulting from government digitisation and digital identity, they could generate exclusion if poorly implemented, which is also a finding of a recent UN report.

it mentions how, this year, there was an almost simultaneous launch of two national identity documents, one by the Superior Electoral Court and the other by the Federal Government. According to the paper, these initiatives had essentially the same function, thus adding to inefficient government spending and public policies.

As for the information architecture of the digital ID database, the report cautions that a large-scale personal database, composed of the fusion of other databases and with a centralised structure, presents risks in terms of data protection and privacy. These include abusive use of data, insecurity of data and government surveillance.

Further, the research highlights how the large volume of data managed as part of these digital ID projects should have triggered a data protection impact assessment, which has not been done.

The final part provides some context for the digital transformation of Brazil’s government. Opening a discussion about the use of the ICN database to login into gov.br, the website with access to government services from the federal government.

United States

US lawmakers are suggesting that there is an even greater need for a biometric data protection bill in the wake of the Supreme Court’s decision to overturn Roe v. Wade. Tech Target reports that the comments came during a recent hearing held by the House of Representatives Subcommittee on Investigations and Oversight, during which chairman Bill Foster argued that the reversal of Roe v. Wade effectively limits people’s right to privacy, at least in certain cases.

The problem, according to Foster, is that states that ban abortion could try to use biometric data to enforce those laws. Without a strong data protection bill, there is little to stop a third party (such as the developer of a period tracking app) from sharing someone else’s data with law enforcement. That means that extremely sensitive information could be used against them in a court of law, even if they never shared that information with anyone in their personal lives.

“States attempting to criminalise access to medical care may try to use biometric data to prove where someone has been and what they did when they were there,” said Foster. “Third parties may also try to access biometric information to collect the bounties now being offered by some states to enforce their new laws. This makes protecting Americans’ biometric data more important than ever.”