Whenever there is a new policy regarding digital identity, the whole industry is listening as it shows signs of where governments and legislators are at regarding the future of the sector. The UK Government has recently published a new framework, detailing new digital identity use cases and how people can verify their identity online, in an attempt to offer clarity on and increase public confidence in the rapidly developing sector.
The new ‘trust framework’ includes principles, policies, procedures, and standards attempting to regulate and manage and administer the use of digital ID. More importantly, the new policy wants to clarify the way information is shared amongst public authorities and private firms.
In an official statement, Digital Infrastructure Minister, Matt Warman outlined the motivations behind this policy as following:
“Establishing trust online is absolutely essential if we are to unleash the future potential of our digital economy. Today we are publishing draft rules of the road to guide organisations using new digital identity technology and we want industry, civil society groups and the public to make their voices heard. Our aim is to help people confidently verify themselves while safeguarding their privacy so we can build back better and fairer from the pandemic.”
The document is currently in draft form and its next iteration which is believed to be enacted as law, will be published in the summer of 2021. As it currently stands, the paper proposes specific standards and requirements for organizations providing or utilizing digital identity services.
Here are its main proposals:
- A clear data management policy outlining how data is created, obtained, disclosed, protected, and deleted
- The establishment of industry standards regarding information security and encryption
- A transparency policy informing users about changes to their digital identity details
- A clear account recovery process
- Guidance on how to select secure authenticators
While all of the above sounds good, what’s more interesting is that digital ID services providers will have to publish a yearly report breaking down their demographics.
Here’s what Emma Lindley, Co-founder of Women In Identity, had to say:
“We believe that digital identity systems should be inclusive and accessible for anyone that chooses to use them. This collaborative approach by the government in designing the trust framework is a step in the right direction towards accountability across all stakeholders who are involved, and ensures no one is left behind.”
Another point referenced in the paper is the idea of ‘vouching,’ a practice that proposes individuals can be identified through trusted people within the community. Who are these people? The list provided by the UK Government outlines dentists, doctors and accountants amongst others. This obviously begs the question, “Does your profession ensure your trustworthiness?” which is something the government will need to address in its next iteration.
“Products that help digitally to verify a person’s identity are becoming increasingly important as more areas of our work and home lives move online,” said Cabinet Office Minister Julia Lopez. “Creating a common trust framework will give greater clarity and certainty to organisations who want to work in this field about what is expected of them. More importantly, however, it will help to deepen users’ trust and confidence in digital identities and the standards we expect in the safeguarding of their personal data and privacy.”
Even though what has been released is still a draft, the paper does show promise for a more transparent digital identity community. The UK government recommendations are in line with the latest developments in the both perception and technology surrounding the sector. What remains to be seen is the next iteration of the framework and above all, enforcing it.