Categories
Latest News Legislation Technology

New Data Bill set to radically expand use of digital ID in the UK

Potential boost to UK economy by £10 billion over 10 years

Digital identity providers are to be regulated in a sweeping overhaul of the law. The Data (Use and Access) Bill will introduce oversight of digital ID, replacing the current voluntary system with a government register that could bring a £10 billion boost to the economy over 10 years.

Digital identities are an increasingly common way of accessing age-restricted online services or products. Providers like Luciditi offer security at the level demanded by banks, allowing individuals to securely verify their identity and/or age and helping to minimise the risk of identity fraud.

Trust is a key feature of an industry that serves as a ‘middle man’ between online consumers and suppliers. At the moment, digital ID providers – including Luciditi – may be voluntarily certified against the UK’s digital identity trust framework, a set of rules defining a good digital ID service.

However, in some cases where identity needs to be verified, for example employers looking to check someone’s criminal record or right to work, trust is needed at a deeper level. Similarly public agencies would be able to operate far more efficiently if identity verification were better regulated.

Setting standards, regulating providers


The Data (Use and Access) Bill – abbreviated to DUA – will transform certification, putting it on a more formal footing. DUA proposes wide-ranging reforms that will expand trust in four main areas:


1. UK digital identity and attributes trust framework
DUA will bring legal standing to the trust framework, expanding it and transforming it into the Digital Verification Service, giving it a broader and more structured regulatory foundation.

2. Register of digital identity services
DUA will establish a publicly available register of digital ID providers, listing organisations that have been independently assessed and certified against the trust framework. Under DUA, ministers will assess applications to join the register and potentially refuse applications or de-list providers.

3. Trust mark
Under DUA, registered providers will be able to display a designated ‘trust mark’ to distinguish their services in the market.

4. Information sharing
DUA will lay the foundations of a new information gateway, which in time will allow public authority data to be shared with registered services to enable identity and eligibility to be checked.  

Reusable ‘smart data’


Key parts of DUA are inherited from a Bill that began life under the previous government but failed to get through parliament before the general election. In the King’s Speech in July, the new Labour government introduced the Digital Information and Smart Data Bill, (DISD).

DISD was updated over the summer, and the Bill was renamed as DUA to reflect its broader scope. Nevertheless, ‘smart data’ remains at its heart – a reference to standard identity data managed in a smart way.

For example, Luciditi’s app allows individuals to upload their personal data to a digital identity wallet. After they’ve done this once, they can then reuse the data as many times as they want whenever they sign up for online services or products that require identity or age checks.

While online suppliers may ask for identity verification or proof of age, Luciditi’s app typically does not release personal data to a third party. It simply gives them basic assurance that the individual is who they say they are and the age they claim to be. The app gives users a choice. If they choose to, they can release the data to a third party that needs to see it, for example when opening a bank account. The key point here is that Luciditi allows users to choose whether to share information, every time.

Standardised reliance on digital identity throughout a particular industry is known as a smart data scheme, though at the moment only online banking comes close to this.

Outside banking, suppliers need to believe that assurance is reliable. For them, digital identity providers who are voluntarily certified against the trust framework can be expected to securely support online access to restricted services and products. Regulation of this system into broader areas of the economy will speed up processes such as renting a home or starting a new job.

Embedding ID tech into public agencies


Under DUA, identity assurance will only be available to an authorised third-party supplier upon an individual’s request. But it paves the way for something more.

The government has said it wants to “harness the power of data for economic growth, to support a modern digital government, and to improve people’s lives.”

Government agencies, managing the data of millions of individuals, are currently bogged down in paperwork. By embedding smart data and identity assurance in public services, DUA will make it easier and quicker to manage people’s personal data, cutting down on laborious bureaucratic procedures.

The government believes that DUA “will free up 1.5 million hours of police time and 140,000 NHS staff hours every year speeding up care and improving patients’ health outcomes.” The Bill would allow for healthcare information – like a patient’s pre-existing conditions, appointments and tests – to be easily accessed in real time across all NHS trusts, GP surgeries and ambulance services, no matter which IT system they were using.

The new Bill will also allow births and deaths to be recorded online instead of via the current paper-based system. Registrations could also be carried out over the phone, not just in person.

For some people, making it easier to release their personal health data will be a cause for concern. In Luciditi’s case, the developers’ previous product already safeguards health data for millions of people across the UK. The Luciditi app benefits from this same level of trusted security.

The government has confirmed that the Bill does not include a mandatory national digital ID card, or any requirement to possess a digital identity. By simply creating a legislative structure of standards, governance and oversight for providers, DUA will demand that all registered digital ID providers meet a similar standard.

Managing oversight of DUA


The trust framework and register of providers will be overseen by a newly created team known as the Office for Digital Identities and Attributes (OfDIA) which sits within the Department for Science, Innovation and Technology. DUA’s provisions will be carried out, under the authority of the DSIT Secretary of State.

OfDIA staff created the trust framework, in collaboration with industry, academia, and civil society groups, and intend to review and refresh it every year. OfDIA believe that, under the framework, hundreds of thousands of digital identity checks are already taking place each month.

Beyond digital ID, the new Bill also supports a national chart of the UK’s underground infrastructure. The National Underground Asset Register is a new digital map that will shape the way pipes and cables are installed, operated and repaired. It will give planners and excavators standardised, secure, instant access to the information they need, reducing excavation accidents that can quickly disrupt business.

Next steps


DUA was introduced in the House of Lords on 23 October and will take a year or so to work its way through Parliament. Welcoming its introduction, Technology Secretary Peter Kyle said: “This Bill will help us boost the UK’s economy, free up vital time for our front-line workers, and relieve people from unnecessary admin so that they can get on with their lives.”

The new legislation won’t force anyone to use a digital identity. But a legally-protected structure of standards will give consumers and online suppliers new confidence in the broader use of smart data schemes.

Data is critical for UK business: 77% of UK companies handle some form of digital data, increasing to 99% for businesses employing more than 10 people. DUA has the potential to unlock much needed national growth and ensure that, in the push towards digitally-based business, Britain isn’t left behind.