GDS pledges user control, data minimisation, and ICO arbitration for new government digital ID service

GDS has published a set of ‘principles’ that will inform and regulate departments’ use of digital identity, alongside details of how the new One Login system will meet these standards

The GOV.UK One Login system will seek to minimise the amount of detail collected about users while giving them control over how this information is used and offering independent dispute resolution via the UK’s data watchdog.

The Government Digital Service, which developed One Login, has published two new policy documents: one setting out nine ‘principles’ to guide and regulate how identity verification is used in government services in general; and another outlining how One Login in particular will meet these standards.

The nine principles are:

  • user control
  • transparency
  • multiplicity
  • data minimisation
  • data quality
  • service user access and portability
  • certification
  • dispute resolution
  • exceptional circumstances

The principles, which are accompanied by advice for how they should be applied by departments in practice, were created by a group of independent advisors and will be monitored going forward by the dedicated One Login Inclusion and Privacy Advisory Group

The first principle of ‘user control’ is intended to ensure that “identity-assurance activities affecting [users]… can only take place if [they] consent or approve them”.

To meet this requirement, One Login will “justify why we collect identity data and we communicate this to the service user”. The new government-wide login system will share some data with external “authoritative sources.. so it can be checked for anomalies and validated”. But, where “personal information is shared with third parties for convenience reasons only, this is done on an opt-in basis, and we gain user consent first”, according to GDS.

The tenet of ‘transparency’ asks that government bodies ensure users understand when and how their identity data is used, while ensuring ‘multiplicity’ will mean citizens can “use and choose as many different identifiers” as they wish.

Related content

To demonstrate ‘data minimisation’, services will need to use only information that is strictly necessary to support the user’s needs.

In One Login’s case, GDS claims that this means: “We collect, process, store, and share the minimum possible data, for the shortest possible time, for those purposes. We do not hold personal information for longer than is needed. We justify how long we hold onto personal information for, and communicate this in published information. We use data retention periods that comply with GOV.UK One Login privacy notice. We minimise both the types of data and the volumes of data.

“Where possible, we ask for and transmit a yes/no response to identity assurance questions, rather than requesting or sharing personal information. In cases when we share personal information from an identity document with another government department, we share the minimum data (number of fields) that will uniquely distinguish that document from another. We do not share the entire document data.”

Exceptions and disputes
To meet the principle of ‘data quality’, individuals must be able to freely update their own information. ‘Portability’ will require services to allow users to demand and obtain copies of their data, or its deletion.

These options will be offered to One Login users, according to GDS, as will a ‘certification’ process based on a principle of “common governance requirements” that is applied to all users.

This cross-government standardisation that the new login platform is intended to provide is a departure from the current landscape, in which agencies use a total of almost 200 discrete systems, incorporating 44 different sign-in methods.

GDS pledges that “when government services migrate to GOV.UK One Login, this must not negatively impact accessibility [and] we will continue to maintain and maximise access to government services for citizens while the certification standards and procedures are being developed”.

The principle of dispute resolution requires that users are offered an “independent third party” adjudicate on any complaints or other issues with how their digital identity data is user.

In delivering One Login, GDS says that it will “take responsibility for how we comply with GDPR and other related principles about identity and privacy”. This compliance will include data-protection regulator the Information Commissioner’s Office serving “as an independent arbiter for problem resolution in the event a user has a dispute” with how One Login treats their data.

The final principle is that any exception to the rules “has to be approved by parliament and is subject to independent scrutiny”.

“While this principle does not directly impact any process or system design choices, GOV.UK One Login operates within its legal boundaries,” the GDS policy document says.

Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter