Digital Government (Disclosure of Information) (Identity Verification Services) Regulations 2023 Debate
Full Debate: Read Full DebateBaroness Chapman of Darlington
Main Page: Baroness Chapman of Darlington (Labour - Life peer)Department Debates - View all Baroness Chapman of Darlington's debates with the Cabinet Office
(11 months, 4 weeks ago)
Grand CommitteeMy Lords, I am grateful to the Minister for her helpful introductory remarks. This regulation concerns the sharing of information between public authorities to ensure that any information sharing under Section 35 is justified and proportionate. It permits public authorities to share information only for purposes consistent with tightly constrained objectives which are set out in regulations. This measure adds a new objective relating to identity verification.
In future, individuals will be able to create a reusable digital identity, which the Government say would be secure, convenient and efficient. Instinctively, we would be very supportive of this, but it would be helpful, certainly to me, if the Minister could perhaps explain with a practical example exactly how this will work from a citizen’s perspective, imagining perhaps that she is applying for universal credit. What will she be able to do that she cannot do now? How would her interaction with the service provider be enhanced by this new objective? Will there be a benefit to those who do not have a passport or a driving licence and who, on occasions, find it difficult to prove their identity? What future use does the Minister anticipate?
There are some future uses. The noble Lord, Lord Clement-Jones, quite rightly highlighted some of the potential problems with this, but there are potential benefits that I can see. For instance, could digital verification, in time, be helpful at polling stations in enabling individuals without passports or driving licences to vote, without having to obtain a certificate in advance? I do not know if noble Lords have ever seen one of these certificates that people have to get at the moment, but the one I saw recently was just a blurry picture on a piece of A4 paper. These things are meant to last for years. Perhaps the Minister could make inquiries as to whether digital verification at polling stations might be more convenient, perhaps even allowing real-time voter registration. It does matter, and it is vital that digital transformation benefits and enhances citizens’ experience and access to services, as well as making public services more efficient.
A number of respondents to the consultation were concerned—and I think everyone will have anticipated this—about the security of their information, and whether or not this could be the thin end of the wedge as they see it. We are pleased that this amendment would make things, I think, more convenient for individuals. To anticipate what the Minister may say, this is because they will no longer have to prove their identity multiple times, and should have a more seamless experience when accessing public services online.
However, there is concern from some that digital verification may become in some sense compulsory. It is rather like the banks, which have a strong high street presence—then online banking becomes very popular, and suddenly the more traditional methods of accessing the service become less viable and therefore less available, which arguably excludes some individuals. It is important that individuals are able to decline to access services digitally, if they wish, for whatever reason, and are not coerced or nudged into accessing services, which goes against their preference over time. With this in mind, it is important that individuals are provided with the right amount of information, so that they can understand what data is being shared, with whom, and what the benefits to them are in consenting to the data sharing. Can the Minister tell us more about how exactly this will be done and how consent will be obtained?
Having in mind the NAO’s report on digital transformation of government services from earlier this year, there are a number of potential issues that the Minister might also wish to comment on. The NAO found that departments are finding that in current market conditions, they cannot acquire sufficient digital skills and expertise in their teams. Can the Minister tell us what the Cabinet Office are doing to make sure that departments have the skills needed to safely progress with this change and future digital transformation across Government?
Also, what oversight are the Government planning? This is vital in establishing public confidence. What will the complaints process be? How are the Government planning to monitor the departmental use of this new objective and assess any inequalities created or made worse by its introduction? Will the Government check whether, in time, the less well off, older people, or people with certain disabilities or certain language issues, for example, are being disadvantaged by the preference of service providers to move to digital access? I look forward to the Minister’s responses to those questions.
My Lords, I thank the Committee—thin though we are—for its time and excellent questions in scrutinising the draft regulations. I think it is right to say that we have learned from Verify. One of the key things is always to learn from errors and learn how to improve things. This is a very different proposition.
The regulations will enable us to harness data more effectively, ensuring that as many people as possible can access the government services that they need online. This is particularly important where citizens and residents lack access to a passport or a driving licence, compelling them to resort to slower and costlier offline alternatives; the noble Baroness, Lady Chapman of Darlington, made that point. Approving the new objective allows us to construct more inclusive and accessible identity verification systems, namely GOV.UK One Login, which will deliver substantial user benefits and savings by minimising duplication and fraud risks.
The noble Lord, Lord Clement-Jones, asked many questions, mostly on the GOV.UK One Login programme, of course. This legislation is relatively narrow and is not about the programme as a whole, but I will try to answer some of his questions. I am sure that we can talk about things on another occasion, because I detect a lot of support for the principle of making it easier for people, particularly more vulnerable people, to access government services.
On the PCAG principle, GOV.UK One Login is being delivered in line with existing privacy principles. GDS has been working closely with members of its advisory groups to ensure this. The principles are a framework that GDS works within; they have never been official government policy. However, the data protection regime certainly gives me quite a lot of reassurance about how this will work. I tried to bring that out in my opening remarks.
On the question of population data, the purpose of GOV.UK One Login is to allow citizens who choose to use the service to prove their identity safely and securely in order to access government services online. It is not new that users need to prove who they are to access certain government services, nor that departments have to store information as a result. Let me assure noble Lords that users can delete their accounts at any time. The service standard requires services to provide a joined-up experience across all channels, so doing so would not lock a user out of all government services.
In response to the questions about benefits to individuals, let me say that the objective on data sharing would enable public bodies to share a wider range of specified data than is currently possible. This will allow GOV.UK One Login to draw on a broader range of government-held data sources when users need to verify their identity. This will benefit individuals and households by improving digital inclusion as people without photographic documentation, such as a passport, will still be able to provide their identity online and access government services by answering questions based on additional datasets. They will not have to provide the same data again and again. This will underpin users’ ability to reuse their verified identity across all government services without needing repeatedly to re-enter the same information each and every time they interact with a new service. Of course, that also brings savings to individuals and to government.
While I am on the subject of benefits to the individual, there is an example that I would like to share with the committee; it reflects a question that I asked. Sometimes, married women have two different names. I am in that lucky, or unfortunate, position. We understand that some users will need or want to use multiple accounts, so users can already set up multiple accounts on One Login using different email addresses that can relate to different names. From next year, we plan to allow users to link accounts under the same verified identity. The noble Baroness, Lady Chapman, asked us to look through the eyes of the individual. This is one of the things we have been trying to do in this programme, learning from the past.
I am on my third surname as I have had two marriages, but that is not really where I was going. I was looking at it from the perspective of somebody trying to access a service. I cannot imagine that many people would be that interested in how you could link your different accounts, although I can see that it might be important at certain stages in someone’s life. In accessing a service, what will I be asked for or not asked for? It is about the practicality of it. If I am turning up at the benefits office, what is the difference?
The difference is that, at the moment, you tend to have to provide a passport. It is difficult to log in to some of these services without a passport or a driving licence. In future, as I made clear in my introductory remarks, it will be possible to use different sorts of identity data and to have a system within government that allows us to do that. That will have the effect of making it easier for more people who are finding establishing their identity difficult without encouraging a lot of identity fraud, which is obviously another concern that one has to take account of in putting these systems together.
As I said, it will be possible. You are not confined to one. It is very much coming at the problem from the user, not simply from the government department, which I think was one of the problems with Verify.
I am still not quite sure that I get this. Let us say that I am going to the benefits office; I do not have a passport or a driving licence, and I am asked for other information instead to verify who I am. How will this benefit me in the future, assuming I have never had a driving licence or a passport? What difference will I experience? I am not trying to pick at this; I just want to see the benefit.
One obvious benefit is that more and more government departments are using digital. The technology is transforming our lives, after all. Once you have this single digital identity, you will then be able to use it to access services and opportunities from other government departments as well. That is the point: the digital identity will be used across the board. That is helpful to individuals. I should add that a document is published on GOV.UK outlining what data is being used by One Login. I think it is worth noble Lords looking at that.
The noble Lord, Lord Clement-Jones, rightly asked a question about cost—something we always used to ask about in our previous debates. The One Login programme’s total budget for 2022-23 to 2024-25 is £305.4 million. Of this, the programme forecasts expenditure of £132.7 million on the development and rollout of the system by the end of the current financial year.
The noble Lord mentioned the Explanatory Memorandum. We did indeed make some changes, as he acknowledged, to the Explanatory Memorandum, which was made available to the SLSC, to provide a clearer explanation of which part of the law the instrument is changing and why. He mentioned that the revised Explanatory Memorandum was laid on 2 November, and provided more contextual information. In particular, it explained that the SI provides the statutory basis for specified public bodies to share data in order to verify an individual’s identity in a safe and secure way so that they can access public services online, and that duplicative systems are being replaced with a single account. This is an obvious benefit.
The SI will also enable the GOV.UK One Login to draw on a broader range of government-held data sources when users need to verify their identity. That is an important point, because it is difficult for people who do not have a passport or a driving licence under the current system.
We are committed to being open and transparent by making information about data shared under the Digital Economy Act easily available for all to find and understand in the public register of data-sharing agreements. That was one of the safeguards laid down in that Act, so we have obviously taken that on board. That is an important point of transparency.
This is also underpinned by a robust code of practice—I have read it—which was created by Section 43 of the DEA. That sets out how the power must be operated, and includes setting out how any data shared under this power must be processed lawfully, securely and proportionately, in line with data protection legislation. We therefore have the DEA and data protection legislation coming together to allow us to implement this, hopefully life-changing, bit of technology in a way that protects the citizen. Obviously, the Cabinet Office is responsible for maintaining that register, and the Public Service Delivery Review Board is overseeing strategic consistency.
We have not seen that many regulations made under this Act—I think there was one on social care before—but we can see the value of the Act and the safeguards that Parliament added to it coming through.
On voter registration, the noble Baroness, Lady Chapman, raised a very good point, to my mind. I will have to follow up in writing. Fundamentally, as she said, these regulations will enhance the user experience. Despite many improvements over the last few years, today’s experience of interacting with government is too fragmented. We have multiple logins, and we are repeatedly asked the same information, which sometimes one has recorded on the phone—and sometimes recorded wrongly, as I know from my own experience. This is the same for everyone trying to access government. One Login will replace this with one system; we are used to this on our phones and so on, and there is a lot to be said for this new arrangement. We will have better data sharing to help those people without traditional forms of ID to access the services online that they need.
I hope noble Lords, having heard the benefits of the regulation—