UK establishes Office for Digital Identities and Attributes, new legislation and trustmark
The UK government has established the interim Office for Digital Identities and Attributes (ODIA) to oversee security and privacy for digital IDs, a trustmark for organizations to demonstrate they are deemed competent to handle individuals’ identity data and will bring in new legislation for accreditation and certification processes, announces the government following a public consultation on the issues which received 270 responses.
Certain uses of the certified technology will be available even before the proposed legislation is passed. The announcement also brings further clarity that British people will be given no clarity in the form of an overarching digital ID system. It will be every man for himself, and optional: “Many of the individuals who responded to the consultation said they were against digital identities in principle”.
New identity office and powers, unclear regulator
The ODIA will sit within the Department for Digital, Culture, Media and Sport “as an interim governing body for digital identities,” according to the release. A permanent home will be found “as the market develops and we gather data on the challenges associated with its operations”.
The ODIA “will stand up a governance and coordinating role for the trust framework, which will not itself be set in legislation, and trust mark” which means it will have the power to issue an “easily recognized trustmark to certified digital identity organizations” that have proved they meet the security and privacy standards for handling personal information. A list of trust-marked organizations will be publicly available.
Feedback on who should regulate the digital identity framework was inconclusive. Some suggested the Information Commissioner’s Office (ICO), other disagreed. The report deems it too early to tell.
Proposed identity legislation
Three areas of legislation have been proposed to introduce the system, when Parliament has the time. One would establish the accreditation and certification process and trustmark, another set would create a legal gateway to allow trusted organizations to perform verifications against data held by public bodies. The third would make digital forms of identification as equally valid as physical forms such as passports.
Landlords, letting agents and employers will be able to start as soon as the 6 April 2022 when they can use certified technologies to carry out right to work and rent checks on people, as well as Disclosure and Barring Service (background) checks. Legislation for all three is due to come into effect on 6 April.
Julie Dawson, Director of Policy and Regulatory at Yoti, a British digital identity developer, commented on the developments: “We are pleased to read the Government’s commitment to introduce legislation to make digital identities as trusted and secure as official documents such as passports and driving licences.
“The parity of acceptance of digital forms of identification will be a game changer in terms of fraud prevention and increasing the utility of digital identity for consumers in the UK. All in all, these are significant steps and pave the way for greater utility for consumers.”
The UK is not going to bring in a national digital ID and will instead leave it to the private sector. “It will be for people and businesses to decide what digital identity technology works for them to prove their identity, should they choose to create a digital identity at all,” states the announcement, with Data Minister Julia Lopez underscoring the point: “The legislation we’re proposing will ensure that there are trusted and secure ways for people and organisations to use digital identities, should they choose to.”
Negative responses side-lined
“The consultation feedback shows that not all potential users of digital identity tools and products feel confident about the government’s proposals. We want to reassure people that the government is not seeking to make digital identities mandatory,” states the report.
People who took part in the consultation but were unwilling or unable to consider the concepts of trust frameworks, digital attributes, certification and accreditation and were simply against the idea of a digital identity have effectively had their contributions to the process set aside.
“Of the 270 responses received, 134 (50%) indicated they were against digital identity in principle. The vast majority of responses that indicated they were against digital identity in principle came from individuals who did not engage with the substance of the consultation. We counted a respondent as against digital identity in principle if their comments indicated that they were against any form of digital identity and they did not engage with the consultation questions, or if their opposition was predicated on claims which were not substantiated by the facts set out in the consultation. For example, if they claimed digital identities are going to be made mandatory for all people and opposed our proposals based on that false assertion. For the purposes of statistical analysis of the questions in the consultation, we have not included the 134 responses that did not engage with the questions.
“Nevertheless, outside the context of producing the statistical analysis, we have taken these responses into account as part of this consultation exercise. We will continue to work to address the types of concerns these respondents raised in our future policy decisions and communications, for example, as we strengthen the standards of the trust framework as we iterate from alpha to beta.”