The paper sets out the Information Commissioner's position in response to the proposals (set out in the Government's policy paper for a UK digital identity and attributes trust framework), in line with the data protection by design and default principle.
On publication of the position paper, Steve Wood, Deputy Commissioner (Executive Director, Regulatory Strategy), also published a blog piece explaining the paper and the ICO's position on how the UK Government's digital identity and attributes trust framework should address data protection.
Mr Wood says that the ICO acknowledges that a digital identity system with strong governance and effective data protection safeguards can help improve public access to digital services and reduce security risks. He says that the ICO is therefore "broadly supportive" of the establishment of the framework. However he emphasises that "accountability for the way that personal data is processed must be present from the outset".
Mr Wood says that the ICO welcomes the decentralised approach that the framework proposes, as it provides "a strong foundation for a 'data protection by design' approach that must be embedded across the system".
The ICO is recommending that:
- robust governance and clear accountability are established;
- any system is user-centric and boundaries around who controls personal data and how it is used and gathered are clearly established;
- effective measures are in place to address the data protection risks that relate to data minimisation and purpose limitation; and
- organisations operating in the trust framework must have appropriate technical and organisational security measures in place to protect the personal data held in the system.
The paper also provides international models of digital identity verification. To read Mr Wood's blog post and for a link to the position paper, click here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.