Guidance

What GOV.UK One Login is doing to meet the identity assurance principles

Published 3 May 2024

1. User control

We are working to give users more agency in creating, using, and sharing digital identities.

Digital identities are not created for people without their knowledge.

We only create digital identities because a user requests online access to a government service for which we are the provider of identity verification.

We justify why we collect identity data and we communicate this to the service user.

Personal information is shared with authoritative sources outside GOV.UK One Login so it can be checked for anomalies and validated.

We perform some digital identity assurance activities in the background, not initiated by users, to protect people from identity misuse, fraud, and theft.

When personal information is shared with third parties for convenience reasons only, this is done on an opt-in basis, and we gain user consent first.

We do offer alternative face-to-face mechanisms for people to prove their identity, but the end result is still the creation of a GOV.UK digital identity.

2. Transparency

We aim to be as transparent as possible, so that people trust our service.

We explain to users why we need the information we ask for.

We explain to users when their information will be checked with authoritative sources outside GOV.UK One Login.

We publish public information on what we do with personal data in blogs, technical documents and vocabularies about the data we collect, and we publish a GOV.UK One Login privacy notice.

We balance the need for transparency with our accessibility obligations. There is a risk of putting too much information in front of a user at the point of access, where they are just trying to get through to the government service they need.

We must sometimes check and share personal information with other authoritative sources without the user initiating this for example, to meet our lawful obligations in preventing identity fraud. We always get the user’s consent for this. When this happens, where possible, we will keep users fully informed about what is happening and why.

3. Multiplicity

As GOV.UK One Login will be the single front door for many government services, there are no plans to permit a service user to gain access to those government services with a different identity provider.

We will allow users to always be able to create multiple GOV.UK One Login user accounts.

While we are looking at ways for users to connect together or merge multiple GOV.UK One Logins, the benefits of doing so must outweigh the costs. If this functionality is implemented, the choice to do this will be offered to the user.

Users can choose which documents and sources to provide information from in order to prove their identity, as long as they are documents and sources we trust for digital identity verification.

4. Data minimisation

We only collect, process, and share personal information where there is a genuine need and a clear purpose, and when we do, we strive to use as little personal information as possible.

When a user interacts with GOV.UK One Login, we use the minimum data necessary to meet the needs of the user or to fulfil the service’s function or obligation as set out in law.

We adopt open standards for data models from OpenID Connect and W3C. These are related to sharing data in an authentication and identity-proving context.

We collect, process, store, and share the minimum possible data, for the shortest possible time, for those purposes.

We do not hold personal information for longer than is needed. We justify how long we hold onto personal information for, and communicate this in published information.

We use data retention periods that comply with GOV.UK One Login privacy notice.

We minimise both the types of data and the volumes of data.

Where possible, we ask for and transmit a yes/no response to identity assurance questions, rather than requesting or sharing personal information.

In cases when we share personal information from an identity document with another government department, we share the minimum data (number of fields) that will uniquely distinguish that document from another. We do not share the entire document data.

We are looking at the possibilities of sharing only the confirmation of identity proved to the required level of confidence, without sharing personal information from identity documents. 

We enable users to share their data with other government departments and third parties if and when they want to do so.

When we need to retain records of our system activity for an indefinite period, we remove or redact as much personal information from these records as possible.

Data from authoritative sources outside GOV.UK One Login will not be duplicated at the centre.

We put in place appropriate security measures to protect users’ personal information.

Our approach to data security is informed by the work of organisations such as the 14 cloud security principles from the National Cyber Security Centre.

5. Data quality

Checks are performed on personal data accuracy at the time the user proves their identity.

We take all reasonable steps to ensure the personal information we hold is not incorrect or misleading.

We give users the opportunity to manage their personal information and update their records.

We are working towards better user control of data. We are going to enable users to trigger updates to their personal information at any time, simply and easily. They will not need to be using a government service in order to request an update to their personal information.

We have longer-term plans to allow an authorised person to manage somebody else’s identity data and will provide updates to this document when those are in place.

We also correct or erase personal information when we are notified from an authoritative source outside GOV.UK One Login that it is no longer up to date.

The General Data Protection Regulation (GDPR) also has requirements for data quality and accuracy that we must account for. This may mean we have a legal obligation to update data when we learn it may be incorrect or misleading - even if the user has not explicitly ‘chosen’ to update it.

6. Service user access and portability

We provide users with copies of personal information on request, in a standard electronic format. Users can move and remove their personal information within the limits set by data processing laws.

7. Certification

GOV.UK One Login is replacing other identity assurance services that some government  departments use to allow access to government services. 

When government services migrate to GOV.UK One Login, this must not negatively impact accessibility. 

We will continue to maintain and maximise access to government services for citizens while the certification standards and procedures are being developed as part of the UK digital identity and attributes trust framework.

8. Dispute resolution

We take responsibility for how we comply with GDPR and other related principles about identity and privacy. We put in place measures and retain records to demonstrate our compliance.

We engage accountable risk owners, the Cabinet Office Data Protection Officer (DPO) and the Information Commissioner’s Office (ICO) through our Data Protection Impact Assessment (DPIA) processes.

We value external views of the work we’re doing and we speak to users through our user research work and to organisations like the National Cyber Security Centre and the One Login Inclusion and Privacy Advisory Group.

The ICO acts as an independent arbiter for problem resolution in the event a user has a dispute.

9. Exceptional circumstances

While this principle does not directly impact any process or system design choices, GOV.UK One Login operates within its legal boundaries.