The UK has begun to come up to speed with the EU and Australia in its move to enhance digital identity solutions, but faces a fallout with Brussels as it hints at reforming the General Data Protection Regulation (GDPR).
UK citizens will be able to easily and quickly prove their identity using digital methods instead of having to rely on traditional physical documents, under new plans unveiled by the government as it outlines its legislative agenda.
Following a public consultation, the government has announced it will introduce legislation to make digital identities as trusted and secure as official documents.
“This government is committed to unlocking the power of data to benefit people across the UK,” said Julia Lopez, the UK’s data minister, in a statement. “The legislation we’re proposing will ensure that there are trusted and secure ways for people and organisations to use digital identities, should they choose to.”
Among the changes that the government aims to bring in is creating a legal gateway to allow trusted organisations to carry out verification checks against official data held by public bodies to help validate a person’s identity.
In addition, legislation will confirm that the legal validity of digital forms of identification are equal to physical forms, such as passports
The government has also committed a new Office for Digital Identities and Attributes (ODIA), which will be set up in the Department for Digital, Culture, Media & Sport (DCMS) as an interim governing body for digital identities.
The ODIA will have the power to issue an easily recognised trustmark to certified digital identity organisations, to prove they meet the security and privacy standards needed to handle people’s data in a safe and consistent way.
It will also be tasked with ensuring that trust-marked organisations adhere to the highest standards of security and privacy.
Among its strengths, digital identities can help tackle fraud, which the government said hit record highs with an estimated 5m cases in the year ending September 2021, by reducing the amount of personal data shared online and making it harder for fraudsters to obtain and use stolen identities.
Lobby group techUK has said that it welcomes DCMS’ efforts. “Today’s announcements are a positive step forward in the UK’s implementation of digital identity.”
Sue Daley, technology and innovation chief at the organisation, said: “Given the next steps now being taken, continued cooperation between industry and government remains the best chance for a successful implementation of a digital identity ecosystem in the UK.”
Daley continued that citizens must be involved in the journey, citing the need for public trust and confidence in the opportunities presented by digital identity.
Adequate enough?
In addition to digital identity legislation, the government has set its sights on overhauling the EU-transposed data protection regime.
The Data Reform Bill would be used to reform the existing GDPR and Data Protection Act, which the government has criticised as complex and says currently encourages “excessive paperwork”.
Reforms to the GDPR may end up proving a headache for UK businesses that have close trade ties with the EU.
Although the EU granted the UK adequacy on its data protection laws last year, which means information can move between the two unimpeded, the trading bloc did for the first time implement a sunset clause following pressure from stakeholders, such as the European Parliament.
This means that the adequacy decision has an expiry date of 2025, providing a short window to account for and address possible divergence.