The Government has now introduced the Data (Use and Access) Bill in Parliament. Part 2 of the Bill underpins the Government’s plans to ensure that digital identity products and services offered in the UK can be trusted by those that want to use them.
We are part of the team which has been preparing this legislation for parliamentary scrutiny – and wanted to take you through a few highlights.
Digital identities already exist, and quite a lot of people already find them easy and convenient to use. Bringing in legislation won’t force anyone to use a digital identity. Instead, the proposed new law will create a legislative structure of standards, governance and oversight for organisations that provide ‘digital verification services’ (which is what digital identities are called in the Bill) and want to be registered as a trusted service.
Once passed, the legislation will cover four main aspects:
1. UK digital identity and attributes trust framework
The Data Bill will require the Secretary of State to publish a baseline set of rules called the ‘trust framework’ and enable him to publish supplementary rules for specific use cases, known as ‘supplementary codes’.
2. Register of digital identity and attribute services
Legislation will establish a new publicly available register of those providing digital verification services that are certified against the trust framework and supplementary codes, so that users can be confident that organisations have been independently assessed as compliant with the rules.
The Data Bill will also enable the Secretary of State to exercise governance functions in relation to the new register. These activities will include things like assessing applications to join the register and refusing applications or removing providers from the register where this is in the interests of keeping the overall system secure and trustworthy. Our team in DSIT, the Office for Digital Identities and Attributes (OfDIA), will carry out these functions, under the authority of the Secretary of State.
3. Trust mark
The Data Bill will enable the Secretary of State to designate a ‘trust mark’ to be displayed by registered providers to distinguish their services in the market. We’ll share more information about the trust mark down the line.
4. Information sharing
Finally, the legislation will lay the ground for public authorities to share information with registered organisations to enable them to carry out identity or eligibility checks for the public. This information may only be released on the request of the individual to whom the information relates.
What happens next?
None of this is UK law yet. These provisions have to be passed by both Houses of Parliament, receive Royal Assent (which means it is signed off by the King), and formally ‘commenced’ by secondary legislation before they actually become law. That will keep those of us in OfDIA’s legislation team busy for a while yet!
We will post updates about the bill on this blog as it goes through Parliament so you can follow our progress.
Leave a comment