New One Login advisory group sparks amendment to UK data protection law

The advisory group formed to oversee work on the UK Government Digital Service’s One Login digital identity program and advise on issues of privacy, accessibility and inclusivity has borne regulatory fruit, according to a report from PublicTechnology.net.

Formed late last year from the merger of the Privacy and Consumer Advisory Group and the Privacy and Inclusion Advisory Forum, the One Login Inclusion and Privacy Advisory Group (OLIPAG) features 20 members from organizations including Privacy International, Big Brother Watch, Age UK, Citizens Advice, Open Data Institute and the University of London. Its website says it “aims to ensure that GOV.UK One Login maintains privacy for users and is an inclusive and accessible service.”

Now, a briefing from its first meeting in November of 2023 has been used as the basis for an amendment to the Data Protection and Digital Identity Bill (DPDI) currently in the House of Lords. A blog post from Assuriant Consulting’s Nick Tegg reports that the amendment has two parts. The first states that the digital verification service (DVS) trust framework “must include a description of how the provision of digital verification services is expected to uphold the Identity Assurance Principles.”

The second part lists the principles. There are nine, as defined by OLIPAG: user control; transparency; multiplicity; data minimization; data quality; service user access and portability; certification; dispute resolution; and exceptional circumstances.

The problem, says Tegg, is partly that “GOV.UK One Login is only one of a plethora of schemes that will exist in five years time and citizens may not consider it the most important, as they seek to use their digital identity in all aspects of their daily lives.” As well, there is the question of who will assess whether the IA Principles are being applied.

Tegg’s suggestion is the establishment of “a new independent supervisory body,” to report on the application of the principles “across the whole trust framework; an OLIPAG with a remit for the whole ecosystem,” from trustmarks and international standards, to fraud monitoring, cyber security and risk management controls.

Minutes from OLIPAG’s first session also raise the issue of access to login services for certain segments of the population, especially older adults, as well as plans to address at the next meeting a “face-to-face identity-checking route to be delivered at Post Offices” for citizens unable to prove their identity with a passport or driver’s license.

OLIPAG is set to meet four times a year. The group’s twenty members are as follows:

Edgar Whitley, London School of Economics (co-chair)

Louise Bennett from the Digital Policy Alliance (co-chair)

Margaret Ford, Consult Hyperion

Sam Smith, Med Confidential

Colin Griffiths, Citizens Advice

Tom Fisher, Privacy International

Lizzie Coles-Kemp, Royal Holloway, University of London

Mariano delli Santi, Open Rights Group

Silkie Carlo, Big Brother Watch

Gavin Freeguard, Open Data Institute

Sally West, Age UK

Chris Pounder, Amberhawk

Mark Durkee, Centre for Data Ethics

Hannah Whelan, Good Things Foundation

Nadine Trout, Rural Services Network

Brendan Shepherd, Unlock

Elizabeth Anderson, Digital Policy Alliance

Helen Dobson, Citizens Online

Swee Leng Harris, King’s College London

Bryn Robinson-Morgan, Moresburg Ltd

Article Topics

Data Protection and Digital Information Bill (DPDI)  |  digital government  |  digital identity  |  OLIPAG  |  One Login  |  standards  |  trust framework  |  UK