New UK data bill proposes dedicated digital ID office, biometrics retention changes

The Data (Use and Access) Bill (DUA) has been introduced in UK Parliament, and if passed it would establish conditions to support digital verification services and open banking.

A new Office for Digital Identities and Attributes (OfDIA) will be established by the bill, if it passes, within Department for Science, Innovation and Technology (DSIT). The OfDIA will handle approvals under the Digital Identity & Attributes Trust Framework, and issuance of trust marks to certified entities.

DSIT was recently expanded by the UK’s new Labour government, just as it was introducing the Digital Infrastructure and Services Development (DISD) Bill to replace the previous government’s Data Protection and Digital Information Bill (DPDI).

Julie Dawson, chief policy and regulatory officer at Yoti, calls the bill “a significant step forward for digital identities and data innovation in the UK. The establishment of the Digital Verification Service (DVS), which builds on and expands the previous Digital Identity & Attributes Trust Framework into a broader and more structured regulatory foundation, will enhance confidence in digital identities,” she says. “This will enable individuals and businesses to securely access services, reduce fraud, and strengthen data privacy protections.

“Digital IDs have the potential to transform how we complete everyday tasks, such as purchasing age-restricted goods and services, collecting parcels, opening bank accounts, and even moving house. They are already being successfully used for employment checks, and this Bill opens up further opportunities to make life simpler for UK citizens by expanding the practical applications of digital IDs.”

Civil registration would also be further digitized, with an electronic register for births and deaths replacing the current paper-based system. Registrations could also be carried out over the phone, not just in person.

A section on the retention of biometric data makes minor amendments to the Counter-Terrorism Act 2008, such as extending retention to people found not guilty due to insanity. It also allows police to store biometric data indefinitely in pseudonymized form, in certain conditions.

The DUA would make pixel-tracking and device fingerprinting technologies used in behavioral biometrics and analytics subject to data consent rules, like cookies.

Online harms are addressed in the legislation as well, with a requirement for online service providers to retain information on any deaths of children who use their service. They would also be required to make data available to researchers looking into online safety.

The Bill proposes changing the requirement for police officers to manually log each time they access personal data during case work. It is also intended to make health data more portable, and provide a statutory footing for the National Underground Asset Register (NUAR).

Changes introduced by the bill will generate an extra £10 billion for the UK economy, while freeing up millions of working hours for police and National Health Service staff, the government claims.

The government goes out of its way to assure the public that the Bill does not include a mandatory national digital ID card, or any requirement to possess a digital identity. It also emphasizes the privacy benefits of a digital identity system that support limited disclosure.

A factsheet from the government suggests that the digital identity sector could boost the UK economy by £4.3 billion over the next decade. The supports for the digital identity sector in the DUA include a recognition of EU conformity assessment bodies that can perform evaluations of trust services providers under eIDAS. It also introduces a mechanism for the recognition of eIDAS and other EU standards to be removed.

Dawson suggests that if the measures are not quickly adopted and implemented by government departments, the UK could fall behind countries like Australia and Germany that are further ahead with their digital ID systems.

Article Topics

biometrics  |  Data (Use and Access) Bill (DUA)  |  data privacy  |  data protection  |  Department for Science Innovation and Technology (DSIT)  |  digital ID  |  digital identity  |  legislation  |  OfDIA  |  UK  |  Yoti