We should be concerned about privacy – but we still need to introduce digital IDs
Some people are very sceptical about the concept of digital identity. But digital IDs are more of an infrastructure than anything else – one that would make accessing public services a lot easier, writes Rosie Beacon
Public debates in the UK on proof of identity have always been fraught with hostility. Enter digital identity, add in the unknown unknowns of technology, the concerns about excessive data collection that comes with it and the civil liberties and these debates are gaining a new lease of life.
While there are adamant opponents of digital identity, it does also have its loyal advocates. It’s intrinsically efficient and slick when it works well, which it often does. It scales easily, and could enable a new age of efficient, digitally enabled services – whether that’s energy payments being delivered seamlessly or stopping criminals from opening multiple bank accounts under different identities to execute fraud.
On the checklist of things public policies should achieve, it ticks a lot of them – its cost relative to impact is fairly impressive.
However, the arguments against state-imposed ID systems are well known: data will be hacked, leaked or misused; citizens will have to share sensitive personal information with every man and their dog; and the system will be used to collect and share new information about citizens, such as location data, with government bodies or private companies.
Unsurprisingly, given my previous columns, I fall into the pro digital identity school of thought, but I don’t think the concerns in and of themselves are unreasonable. Dismissing them without acknowledging them does little to further the argument. Equally, these concerns, while valid, are not enough of a reason to not innovate and improve services. Instead, they should motivate the government to ensure they have robust privacy and security systems – a fairly basic expectation in an already digital world.
For absolute clarity, digital identity is not merely a digital version of an identity card. It can be if it is designed to be, but that is not its sole purpose. And even if it was, the government remains the original issuers and source of truth for most official identity documents anyway. Digital identity is more a type of infrastructure than it is an ID card – connecting public services from the NHS to HMRC together and enabling them to work better.
These problems have rarely materialised in other countries, if at all – and it is used in pretty much every European country as well as Canada and Australia. Digital identity is actually a well established policy now and so these problems have largely been designed out of the system. Estonia’s digital identity is “self sovereign”, in that citizens choose who to share specific ID attributes with (like age or postcode) but can also see which entity has accessed information about them without consent.
In fact, it’s increasingly easy to see digital identity as the more secure option. Australia is considering rolling out digital identity for private sector use following a hack and data leak from Optus, a telecoms company, on the basis that digital identity would prevent the need for citizens to provide sensitive data multiple times to multiple entities.
Similarly in the UK it is the willingness to share data for very specific purposes that makes us need digital identity more. Polling from the Tony Blair Institute in 2021 found that 58 per cent of respondents thought it was acceptable for their personal data to be collected for a Covid passport, contrasted with 32 per cent who trust government agencies with their data.
This has led to a chaotic data landscape across government, and actually ended up undermining how governments use data to improve public services. If information is fragmented in different databases, joining up that data to a coherent whole remains impossible, so someone looking to get the service they need has to start from scratch with each authority.
Digital identity is quickly becoming an obvious opportunity for any radical but sensible policymaker. As ever, implementation requires thought and painstaking care, but there are enough examples out there to show us how to minimise the risks and maximise the benefits. If in ten or twenty years’ time people have a more positive experience of public services, save time nearly every day and are protected from fraud, they may well ask why we didn’t get our IDs sooner.