The Government introduced the Digital Economy Act in 2017 to give them the flexibility to introduce new data-sharing gateways to support the delivery of key services.
The Government has recently proposed new regulations under the Digital Economy Act 2017 (DEA 2017), Digital Government (Disclosure of Information)(Identity Verification Services) Regulations 2023. A consultation will run from 4 January 2023 to 1 March 2023 in relation to the proposed new regulations.
What is being proposed under the Digital Government (Disclosure of Information)(Identity Verification Services) Regulations 2023?
The Government Digital Service has been developing a service known as GOV.UK One Login. This is a digital verification service that will allow people to reuse digital identities to access public services. The purpose of this is to make it easier for people to find and access Government services whilst also reducing the risk of identity fraud and theft. For the One Login service to work effectively, participating public authorities will need to be able to check and share several types of personal identity with the identity verification service.
Under Section 35 of the DEA 2017, only specified public authorities can share personal information for the purposes set out within the Act. Public authorities are therefore restricted on what data can be shared and who it can be shared with. In its current form, the DEA 2017 will prevent the One Login service from working effectively.
Under the new regulations, the Government is proposing to create a new objective under Chapter 1 of Part 5 of the DEA 2017. The proposed objective will enable data sharing between the public authorities already included within Schedule 4 of the DEA 2017 and the following new authorities:
- The Cabinet Office;
- Department for Transport;
- Department for Environment, Food and Rural Affairs; and
- Disclosure and Barring Service.
The proposed new data-sharing objective would enable public bodies to share a wider range of data than is currently possible. Within the consultation, the Government has set out the types of data that will be shared including name, date of birth address, email address, photographic images, passport number or driving licence number, etc. In some circumstances, the special category may also be processed.
The consultation confirms all public authorities who are party to the data sharing will ensure that the:
“data is held securely, to the appropriate security and information management standards, maintained to the appropriate quality, used only for the specified purposes of identity verification services, kept as long as required for the specific purpose of identity verification services, and then securely deleted”.
It does not confirm what measures will be put in place to ensure that this is done.
Comment
The Government is set to publish the response to the consultation by 24 May 2023. It will be interesting to see the responses. Whilst the consultation confirms that data will be held securely and that the appropriate security measures will be put in place it is concerning that there is no confirmation of the measures that will be put in place to achieve this. Particularly in the context of the number of data breaches being reported by public authorities every year. In our recent blog, we discussed the Ministry of Justice’s annual report and their reported number of data breaches for 2021-2022.
How can Nelsons help
Ruby Ashby is an Associate in our expert Dispute Resolution team.
If you need any advice concerning the subjects discussed in this article, please do not hesitate to contact Ruby or another member of the team in Derby, Leicester, or Nottingham on 0800 024 1976 or via our online enquiry form.
Contact us