New One Login advisory group sparks amendment to UK data protection law

The advisory group formed to oversee work on the UK Government Digital Service’s One Login digital identity program and advise on issues of privacy, accessibility and inclusivity has borne regulatory fruit, according to a report from PublicTechnology.net.
Formed late last year from the merger of the Privacy and Consumer Advisory Group and the Privacy and Inclusion Advisory Forum, the One Login Inclusion and Privacy Advisory Group (OLIPAG) features 20 members from organizations including Privacy International, Big Brother Watch, Age UK, Citizens Advice, Open Data Institute and the University of London. Its website says it “aims to ensure that GOV.UK One Login maintains privacy for users and is an inclusive and accessible service.”
Now, a briefing from its first meeting in November of 2023 has been used as the basis for an amendment to the Data Protection and Digital Identity Bill (DPDI) currently in the House of Lords. A blog post from Assuriant Consulting’s Nick Tegg reports that the amendment has two parts. The first states that the digital verification service (DVS) trust framework “must include a description of how the provision of digital verification services is expected to uphold the Identity Assurance Principles.”
The second part lists the principles. There are nine, as defined by OLIPAG: user control; transparency; multiplicity; data minimization; data quality; service user access and portability; certification; dispute resolution; and exceptional circumstances.
The problem, says Tegg, is partly that “GOV.UK One Login is only one of a plethora of schemes that will exist in five years time and citizens may not consider it the most important, as they seek to use their digital identity in all aspects of their daily lives.” As well, there is the question of who will assess whether the IA Principles are being applied.
Tegg’s suggestion is the establishment of “a new independent supervisory body,” to report on the application of the principles “across the whole trust framework; an OLIPAG with a remit for the whole ecosystem,” from trustmarks and international standards, to fraud monitoring, cyber security and risk management controls.
Minutes from OLIPAG’s first session also raise the issue of access to login services for certain segments of the population, especially older adults, as well as plans to address at the next meeting a “face-to-face identity-checking route to be delivered at Post Offices” for citizens unable to prove their identity with a passport or driver’s license.
OLIPAG is set to meet four times a year. The group’s twenty members are as follows:
Edgar Whitley, London School of Economics (co-chair)
Louise Bennett from the Digital Policy Alliance (co-chair)
Margaret Ford, Consult Hyperion
Sam Smith, Med Confidential
Colin Griffiths, Citizens Advice
Tom Fisher, Privacy International
Lizzie Coles-Kemp, Royal Holloway, University of London
Mariano delli Santi, Open Rights Group
Silkie Carlo, Big Brother Watch
Gavin Freeguard, Open Data Institute
Sally West, Age UK
Chris Pounder, Amberhawk
Mark Durkee, Centre for Data Ethics
Hannah Whelan, Good Things Foundation
Nadine Trout, Rural Services Network
Brendan Shepherd, Unlock
Elizabeth Anderson, Digital Policy Alliance
Helen Dobson, Citizens Online
Swee Leng Harris, King’s College London
Bryn Robinson-Morgan, Moresburg Ltd
Article Topics
Data Protection and Digital Information Bill (DPDI) | digital government | digital identity | identity assurance | OLIPAG | One Login | standards | trust framework | UK
Comments