Part 2 of the Data Protection and Digital Information Bill, concerning the safe provision of online digital verification services in the UK, faced scrutiny in the House of Lords this week. The relevant clauses of the bill establish a regulatory framework to make it easy to use “trustworthy” digital verification services.
The bill overall will legislate requirements that social media companies have to hold more accountability to retain information in connection with an investigation into a child’s death, suspected to be caused by suicide.
The Lords committee examinations of the bill entered a fifth day on Wednesday around the data trust provisions of the framework to enable safe digital identity services.
The system will encourage “the wider adoption of “reusable” digital identities” at the “request of an individual”, and so are separate to mandatory digital identities – making it easier for everyone to prove who they are online.
The system will eventually instil “absolute trust” and proper controls for those using digital ID services and implement regulation for verification providers which is a long way off from being achieved right now. However, the current framework is legislating a register of verification providers, an information-sharing gateway – for certified providers to access information from public bodies – and a trust mark.
During the hearings, Hannah Rutter, Deputy Director of Digital Identity at the Department for Digital, Culture, Media and Sport (DCMS), who led the team developing the regulation, acknowledged its subject in the House of Lords.
She commented on LinkedIn: “Thanks to my brilliant team for all their work to get us here, and the many, many people who’ve given us their time and expertise to make sure we’re proposing the right things”.
The committee acknowledged a number of Henry VIII powers given to the Secretary of State to set out the rules for the provision of new digital verification services.
A number of robust changes for the bill were identified during the Committee.
- Firstly, there are no principles to ensure “services are designed and implemented around user needs and that they reflect the important privacy and data protection guarantees debated elsewhere in the Bill”.
- No options to “opt out” of digital verification in favour of offline methods.
- It is not clear in the Bill how a new office for digital identities and attributes in DSIT will be “regulated to ensure proper independence and accountability”.
- No indication of the international implications of the scheme of global companies seeking compliance with digital verification schemes, UK domestic security risks.
There is confusion about how the digital verification services trust framework will interact with the One Login scheme, emphasising the need for clarity on how digital identities will be joined across government departments and whether DVS will be included or if One Login will operate independently.
Catch-up on the proceedings from 20.3 to 17.4 on Parliament TV and read the Lords Hansard transcripts.
Day 5: Lords Hansard transcript / Parliament TV
Hannah Rutter will be speaking at Identity Week Europe 2024. Book today!
