The UK government has published the outcome of its consultation on digital identities, which includes the launch of an interim governing body to handle the subject, as well as a pledge that ID cards are not on the horizon.
The feedback will underpin legislation to make digital identities as trusted and secure as official documents such as passports and driving licenses. This follows the publication of the digital identity and attributes consultation published on July 2021, with the government’s proposals to advance its vision on that front.
Government proposals included creating a digital identity and attributes governance framework, enabling a legal gateway between public and private sector organizations for data checking and establishing the validity of digital identities and attributes.
Some 270 responses from various stakeholders with an interest in the digital identity space were received, including likely users such as identity and attribute providers, industry bodies, regulators and the civil society.
New legislation will aim to support the introduction of an accreditation and certification process, as well as a trustmark, which organizations will need to obtain to show they can handle people’s identity data.
The upcoming rules will be required to confirm the legal validity of digital forms of identification as equal to physical forms of identification, such as physical passports. Legislation to be introduced will also give public bodies the ability to enable certified and accredited third parties to run identity checks.
The document noted that the consultation’s respondents supported the idea of allowing certified organizations to check identities against data held by the government. The argument is that this would ensure “greater adherence to high standards of security and privacy overall”.
Building trust in the new system
According to the government, the respondents welcomed proposals for the governance framework, as this was understood as a way to build trust and confidence in the new system. On the other hand, responses on the location of a governance function were not conclusive.
Moreover, the outcome of the consultation noted respondents supported the idea that governance arrangements should be flexible and proportionate as the standards of the trust framework evolved in response to the maturing market.
To address this, the Office for Digital Identities and Attributes (ODIA) will be set up in the Department for Digital, Culture, Media and Sport (DCMS) as an interim governing body for digital identities. According to the document, a permanent location will be sought for the governance function and the ODIA will work with key stakeholders through the process.
Meanwhile, the consultation outlined the functions of the ODIA. The new body will have power to issue trust marks. It will “ensure trust-marked organizations adhere to the highest standards of security and privacy”, the DCMS said.
The publication of the consultation outcomes was accompanied by a statement in the consultation that the government is not proposing a system that could lead to the announcement of mandatory ID cards.
According to the consultation, many of the individuals who responded to the consultation said they were against the roll-out of a compulsory ID card.
“The government has heard this and has no plans to make the use of digital identities compulsory,” it said. “The government also understands that there is no public support for ID cards in the UK and has no plans to introduce ID cards.”
The proposals set out in the consultation outcome will not require the roll-out of ID cards. Instead, the suggestions are aimed at creating trust and confidence in methods to prove identity and eligibility, the document noted.
“This means that, when it suits people to prove things about themselves or others on the basis of a digital identity, this can be achieved with as much ease and security as is offered by physical proofs of identity such as a passport,” it added .
The rationale for digital ID
DCMS argued that digital identities will be useful in tackling fraud, which an estimated five million cases in the year ending September 2021, according to numbers cited by DCMS. The idea is that reducing the amount of personal data shared online will make it harder for fraudsters to obtain and use stolen identities.
Moves to advance digital ID in the UK is also part of a business-driven agenda, with a set of “interlinked policy initiatives led by the government to prepare the UK for the digital world and to improve the lives of businesses and citizens”, said Heather Wheeler, secretary in relation to the Cabinet Office, to projects such as One Login, the digital identity platform currently being developed by the Government Digital Service.
“These initiatives, alongside enabling legislation, will help ensure the UK is able to take full advantage of the opportunities that digital identities and the wider digital economy have to offer,” she said.
Industry body techUK described the publication of the outcomes as a “positive step forward in the UK’s implementation of digital identity”, and “has welcomed DCMS’s efforts in working with industry to get us to where we are today” – but stressed that public trust needs to be built in the process.
“Given the next steps now being taken, continued cooperation between industry and government remains the best chance for a successful implementation of a digital identity ecosystem in the UK,” said Sue Daley, director for technology and innovation at techUK.
“However, we must also ensure we bring citizens on this journey with us: building public trust and confidence in Digital ID must be a key priority as we move forward.”