tostphoto - stock.adobe.com

Cabinet Office looks to expand public data sharing for digital ID

Cabinet Office seeks feedback on proposed legislation to enhance data sharing across the public sector, in support of the UK government’s ambition to have a single sign-on identity-check system for all public services

The Cabinet Office has launched a public consultation on inter-departmental data sharing in support of the UK government’s digital identity plans to make verification easier online.

The Government Digital Service (GDS), part of the Cabinet Office, is currently working with other departments to build a single sign-on and identity checking system for all public services.

Known as Gov.uk One Login, the three-year, £400m project will replace more than 190 existing sign-in routes and 44 separate accounts, allowing citizens to prove their digital identity once and then reuse it to access all government services online via a single account. The system went into beta testing in August 2022.

However, to safely check and share the government-held personal data that will be used by the system, the government has proposed amending the UK’s 2017 Digital Economy Act to support the sharing of information between specified public authorities for identity verification purposes.

The consultation, which closes on 1 March 2023, is therefore seeking views on how exactly this increased public sector data sharing should work, and whether the measures proposed by the UK government would be effective.

“Inclusion is at the heart of Gov.uk One Login,” said Alex Burghart, parliamentary secretary for the Cabinet Office, in a foreword to the consultation. “The proposed data-sharing legislation will ensure that more people than ever before will be able to prove their identity online and access government services, so that anybody who wants to use online services is able to. Furthermore, the government is committed to realising the benefits of digital identity technologies without creating ID cards.

“Gov.uk One Login and the proposed legislation will ensure the government continues to drive inclusive digital transformation, to level-up opportunities across all corners of the UK and deliver brilliant public services.”

Read more about digital identity

The specified authorities that would be allowed to share data for identity verification purposes include any person or body listed in Schedule 4 of the Act, such as London borough councils, chief police officers and numerous secretaries of state.

The government’s proposed amended to the Act would also see four more bodies added to Schedule 4, including the Cabinet Office, Department for Transport, Department for Food, Environment and Rural Affairs (Defra) and the Disclosure and Barring Service (DBS).

The consultation document added that while government had considered other legislative options, there is currently no legislation in place specifically to enable data sharing across government for identity verification purposes.

“Identity verification services currently rely on a variety of different data sharing powers and the draft regulations provide for a single piece of legislation to improve access to services by citizens,” it said. “Government believes that these draft regulations are necessary to deliver benefits to individuals and households.”

The government has also conducted an impact assessment of the draft data sharing legislation, which it has published a summary of alongside the consultation.

It said that a number of groups are likely to benefit from the proposed data sharing changes, including people from “low socio-economic groups”, those with disabilities and the young.

Past failures

One of the key issues with One Login’s predecessor, Gov.uk Verify, was that less than half of those who tried to set up a digital identity were able to do so, with young people and disabled people in particular facing disproportionate challenges.

“We identified that the legislation will reduce the need for in-person identity proofing procedures,” claimed the government in its impact assessment summary. “This will increase the accessibility of government services for individuals who suffer from a disability, which means they may be unable to, or find it difficult to, complete an in-person check.

“We further identified that the legislation will benefit individuals on low incomes who cannot afford a passport and/or driving licence, documents which are often used to prove one’s identity online, as they will be able to draw on a wider range of data sources to prove their identity. Additionally, young people, with a limited credit and address history, will also be able to access more data sources to verify their identity.

“We have not identified any elements of this amendment that discriminate against any of the protected characteristics either directly or indirectly.”

Computer Weekly contacted the Cabinet Office about obtaining copies of the impact assessments, and whether it plans to publicly release the documents to prove its claims.

The Cabinet Office said while it has not undertaken a data protection impact assessment on the proposed legislation (because no personal data will be processed directly as a result of it), any public body that wishes to use the legal powers in due course would have to complete one.

It added that although it does not plan to publish any other impact assessments at this stage, it will consider whether to do so when it releases its response to the public consultation.

In November 2022, HM Revenue and Customs (HMRC) confirmed that it will begin migrating to the One Login platform sometime in summer 2023, which will entail transferring services away from Government Gateway, the department’s current identity, authentication and transaction platform.

“No migration can occur until the service can meet all of our HMRC requirements to an equivalent or better standard than the existing services,” said HMRC chief technology and design officer Tom Skalycz at the time, adding that the migration will be “transactional” and there will be no automated bulk migration.

Read more on IT legislation and regulation