While the government service, which began operating almost five years ago, has conducted a Data Protection Impact Assessment, the full unedited results of the exercise seem unlikely to be released

While it has yet to release details of its formal review of the privacy implications of the GOV.UK One Login system, government is working on an “easily digestible” version of the document and will release it by the end of 2026, according to ministers.

The first departmental services began using the new government-wide sign-in system in 2021 and, since then, adoption has grown steadily. As of January, 122 government services have now implemented One Login, and 14 million citizens have used the tool.

A privacy notice – setting out how One Login collects and uses these people’s personal data – was published by the Government Digital Service on GOV.UK in June 2025.

GDS has yet to release any details of its Data Protection Impact Assessment (DPIA) for the new cross-department sign-in platform. The completion of a DPIA is a statutory requirement for many government services engaged in the processing of citizens’ sensitive personal data.

Related content

• One Login regains government trustmark as GDS deploys systems to prevent future lapses
• HMRC enters public beta tests of One Login as transition from Government Gateway gradually progresses
• EXCL: One Login delivery date revised to 2028 with hundreds of millions of extra spending set to be committed

According to digital government minister Ian Murray, GDS will eventually publish information related the privacy review – but it will not be the full unedited document.  

“We are preparing an easily digestible version of our Data Protection Impact Assessment for publication, which will be published later this year,” he said. “We continually develop our Data Protection Impact Assessment to take into account the new identity verification journeys, such as the no photo ID route. We have an obligation to let citizens know how we are processing their data, which we do via a privacy notice published on GOV.UK.”

The minister’s comments were made in response to a written parliamentary question from Conservative MP Neil Hudson.

PublicTechnology exclusively revealed last year that the GDS has disbanded the One Login Inclusion and Privacy Advisory Group, an independent body comprised of academics and civil-society representatives convene to “advise the Government Digital Service’s GOV.UK One Login programme on inclusion, privacy, data usage, equality and digital identity”.