ex_flow - stock.adobe.com

Cabinet Office publishes response to data sharing for digital ID consultation

The majority of respondents to government’s consultation on data sharing for digital identity are critical to the plans and concerned about data privacy, but Whitehall’s response says many of the responses ‘were driven by anti-digital commentaries’

The government has published its response to the public consultation on its proposed legislation to enhance data sharing across the public sector to support its digital identity plans.

Whitehall’s One Login project, which will replace more than 190 existing sign-in routes and 44 separate accounts, allowing citizens to prove their digital identity once and then reuse it to access all government services online via a single account, is currently in beta testing, and the government is mandating the use of the system.

To safely check and share  the government-held personal data that will be used by the system, the government published a consultation in January 2023, proposing amending the UK’s 2017 Digital Economy Act to support the sharing of information between specified public authorities for identity verification purposes.

The consultation received more than 66,000 responses, with the majority of those expressing strong concerns around data privacy in particular. Despite this, the government is committed to take forward the proposed regulations “as soon as parliamentary time allows”.

According to the responses from the consultation, the majority did not believe that data sharing would improve public services or provide a benefit to individuals or households.

“The main reasons for this were concerns around erosion of data privacy and protection, data security against cyber attacks and a general mistrust in government use of personal data for wider policy issues. For the majority of respondents, these concerns outweighed any improvements in public service delivery,” the government response said.

The response added that it recognises the concerns around data privacy and security, but said: “Data sharing under the proposed regulations would adhere to the principle of using the minimum amount of data to help people prove who they are, thus ensuring that less data is processed overall. This activity further minimises the risks posed by data sharing.

“To further provide confidence as to the safety and privacy of data sharing under the proposed legislation, any service which helps people prove who they are online will publish information on the use of personal data, starting with Gov.UK One Login,” the government said.

The public did also not believe that data sharing would improve the well-being of individuals and households, due to concerns around erosion of data privacy, data security against cyber attacks and a “general mistrust in government use of personal data for wider policy issues”.

While the government firmly believes that data sharing would support the delivery, administration or enforcement of a service provided by a public authority, 75% of those who responded disagreed or strongly disagreed, worrying that data protection would be put at risk and that data sharing could be used to facilitate government monitoring of individuals.

However, the government pointed out in its response that monitoring public services “does not include monitoring of any citizen’s individual activity.

Government criticism

The government also highlighted that most of the interest in the consultation “expressed strong concerns around identity cards, including incorrect interpretations that a change to the Digital Economy Act 2017 could result in compulsory digital identity”.

“The government understands that there isn’t public support for identity cards in the UK. The government remains committed to realising the benefits of individuals being able to identify themselves online in order to access public services. There are no plans to introduce mandatory digital identity.”

It also said that most of those who responded to the consultation commented on wider issues rather than the specific questions asked.

“Responses included comments that identity verification services would mean citizens would not be able to use cash, that they would support a social credit system, that they would lead to an identity card being introduced, or that digital identities are going to be made mandatory for all people,” it said.

The response added that there is clear evidence that of those who responded, “many appear to have been significantly influenced by commentaries against implementing compulsory citizen digital identity in principle and data sharing to support it”.

“For example, we noted that 75% of the emails received used one of a small number of templates and a small proportion of these emails (4%) in template format were against identity verification services in principle, and were responding to a much broader issue around digital identity and data sharing than was in scope of this consultation.”

It added that “many of the responses were driven by anti-digital commentaries without engaging with the specific questions”, with common themes such as an underlying mistrust of government use of personal data, data accuracy leading to poor decision making and feeling that an individual’s data privacy is more important than the benefits of improved public services.

“As a result, some of the analysis statistics appear to be overwhelmingly skewed towards the majority who used the consultation as a vehicle to express these opinions,” it said.

Government aims to dispel false claims

Alongside the government’s response to the consultation, Cabinet Office also published a One Login factsheet to dispel claims and misconceptions about the project.

This includes claims that One Login will be mandatory for citizens and that the proposed legislation will make it easier for government to implement a social credit system.

While government departments will be mandated to use One Login, albeit alongside any other digital identity service, citizens will be able to use face-to-face and offline routes, should they not want to use the online service. The government also said it has no plans to implement a social credit system.

People were also concerned about claims that the legislation would enable bulk data sharing across government, however, the plan will only enable data sharing between specific organisations for the purpose of verifying someone’s identity.

Under the proposed legislation, the specified authorities that would be allowed to share data for identity verification purposes include any person or body listed in Schedule 4 of the Act, such as London borough councils, chief police officers and numerous secretaries of state.

The government’s proposed amended to the Act would also see four more bodies added to Schedule 4, including the Cabinet Office, Department for Transport, Department for Food, Environment and Rural Affairs (Defra) and the Disclosure and Barring Service (DBS).

However,  nearly all of respondents disagreed that the bodies should be added to the schedule and be able to share data, due to “concerns around erosion of data privacy and protection, data security against cyber attacks and a general mistrust in government use of personal data for wider policy issues”.

Some respondents also did not acknowledge that Defra delivered public services.

As a result of the consultation, the government has made four changes to the proposed legislation, including updating the date that regulations will come into force to 21 days, rather than one day after being approved by Parliament.

The government is also updating the Public Sector Equity Duty to include Gypsy, Roma and Traveller communities, and has committed to publishing further information on how One Login will operate “within the regulations and overall data protection framework”.

Read more about digital identity and government

  • GDS has opened up about the reasons why it’s opted for a serverless infrastructure to underpin One Login, and how it hopes the system will provide UK citizens with a more personalised experience.
  • As the Government Digital Service (GDS) prepares for the official end of Gov.uk Verify, it signs three new contracts for its successor programme, One Login.
  • Companies House will introduce a digital identity verification process for people wanting to register and run a company in the UK.

Read more on IT for government and public sector