WIREDGOV

The public viewed Identity as a core human right, with trust and accountability key to any successful framework

Context: In March 2023, DSIT commissioned a public dialogue to seek views from the public on building trust in digital identities. This February 2024 report summaries views from members of the public on building trust in digital identity services. 

The purpose: DSIT consulted the public to inform their evidence base for the next version of the trust framework, the design of OFDIA’s governance of these services, and public communication strategies.  

The report summarises key findings relating to transparency, accessibility, accountability. 

Key takeaways: The public saw Digital ID as more than just a convenient way to prove identity. Identity was seen as a core human right and so any frameworks must be guided by the aim of improving society. Trust, transparency, inclusivity and accountability is essential. 

What did the public think? Attitudes, benefits and concerns 

1. Trust in digital identity service cannot be seen in isolation: The public didn’t hold a lot of trust in the Government , citing management of Covid, Brexit and the cost-of-living crisis. This context must be considered when analysing public trust in digital identity. 

2. Taking care of digital identity service users: Data about people was considered not just practically important, but ethically, as many saw identity documents as basic human rights. More than just digital implications about data being stored, the public viewed this is a moral issue, with data worthy of safeguarding given the personal rights to privacy and civic inclusion. 

3. Benefits to society: More than just being quick and convenient, the public wanted to see Digital ID providers and regulators emphasise the benefits to broader society. 
    

What did the public think? Policy expectations, solutions and implications 

1. Accountability and transparency: It is essential that users have recourse if their data is misused, with clear outlines of where liability lies. Any frameworks from regulators must include details of minimising risks long-term for the service providers to be considered trustworthy. 

2. Accessibility, agency and involvement: The public thought it was important to have digital identity pathways that work for all members of society. The public should be central to the development, delivery and updating of digital ID services, including clear choices to whom they can share data with. 

Amendments and additions to the trust framework 

Participants propose specific amendments and additions to the trust framework: 

1. The benefits of digital identity services:Clearly articulate the benefits of digital identity. This means going beyond convenience and efficiency to inclusion. 

2. Embedding simplicity in the trust framework : Providing templates for the terms and conditions for using digital identity services so that people can clearly understand what happens to their data and how potential risks are mitigated. 

3. The importance to participants of having control over their data: Participants believe the trust framework should provide a clear statement on how users ‘own’ and ‘control’ their data, including being able to update it and protect personal data they do not wish to share. 

4. A rigorous, effective and human centred complaints procedure: There is a strong feeling amongst participants that the trust framework needs to be explicit about what is expected of service providers in relation to their complaints procedures. 

5. Future proofing digital identity services: Participants call for the trust framework to demonstrate that consideration has been given to future proofing both service provision and its oversight, for example, putting protections in place to make sure digital identities do not, either by design or default, become mandatory 

6. Ensuring there are protections against system over-reach: Participants want assurances within the trust framework that the data (now and in the future) can only be used for the purposes of verifying identity and nothing else. 

7. The importance of inclusion: Participants like the examples given in the trust framework on inclusion but consider that there could be more examples and more detail to ensure this is specific enough and does not leave, what they consider to be an important aspect of digital identity service provision, to chance. 

Principles of trust 

Participants agreed on principles of trust for digital identity service providers: 

• Act with transparency, using clear communications and with the expectation of openness in all relationships. 

• Define, and act within, high ethical standards meeting expectations for what good looks like. Look after users’ data, protect them from harm, protect the vulnerable in society from harm and bring them into an inclusive system. 

• Be reliable and proactive: say what you are going to do, do it, and tell people that you have done it. This extends to complaints, recourse and responding to those who need guidance to use the technology. 

• Be genuine, authentic and human: show that service providers care and put people at the heart of the service. This includes using clear, honest communications which does not over-promise. 

• Secure the data: data shared with digital identity service provider should not be shared with others without express user permission. 

• Put safety first. Do nothing to harm people or knowingly put them at risk and have safeguards in place for when things do go wrong. 

• Demonstrate that public benefit comes before financial motivations.