Protecting privacy in GOV.UK Verify

GOV.UK Verify will provide users with a simple, trustworthy and secure means of accessing public services. Privacy is an essential component of that trust relationship. I’m an independent privacy specialist working alongside the GOV.UK Verify team to ensure that the system meets privacy expectations.

The GOV.UK Verify approach is a good starting point for a ‘privacy-positive’ authentication system, since concepts of anonymity, data minimisation and user control are baked into the underlying technical and commercial models. There will always be areas where we are obliged to retain or share data - for example where providers might need to hold audit records for the prevention and investigation of crime - but controls will ensure that these controls are transparent to the user, and cannot be abused by government or providers.

The privacy approach is guided by the Privacy and Consumer Advisory Group, an independent voluntary body comprising experts on privacy, civil liberties and identity management. They have developed nine Identity Assurance Principles, which define specific privacy goals, and which form the cornerstone of the privacy approach (in addition to duties under the Data Protection Act). Every identity provider and service provider, including the Government Digital Service, will be expected to embed those principles into their identity assurance services, and to demonstrate that they have done so.

As GOV.UK Verify enters public beta, we’re reviewing every aspect of the service to assure the users - and ourselves - that the service meets those privacy expectations. A comprehensive assessment will test how well it lives up to the requirements, and what more needs to be done. We are checking the procurement to ensure that it mandates good privacy practices, including the Identity Assurance Principles, and does not close the door on possible future privacy requirements.

Privacy is not a fixed deliverable, but a fundamental quality of the identity assurance programme, so this work is just the first step in ensuring that GOV.UK Verify builds and maintains users’ confidence that their privacy will be protected.

Follow @tobystevens on Twitter.


  1. Comment by Ian Litton posted on

    It's a shame that the press (see for example The Times don't seem to have picked up on the fact that privacy has been built into Verify by design. It's really important that the public understand why multiple private sector companies are acting as IdPs, and how this improves privacy rather than compromising it. Understanding the role of the private sector IdPs is likely to be the single biggest hurdle people need to jump on the way to getting an assured online identity.

  2. Comment by simonfj posted on

    Hi Ian,

    We seem to have a problem here, only because we aren't using language which explains (to a layman/citizen) why, by matching the attributes which various (credentialed) databases contain about them, their privacy is protected.

    At the same time, we are conflating the talk about local, and central, governments (databases). We're also thinking like technicians and not citizens, so considerations like this aren't in the "govspace".
    So we do need to start thinking like a user/citizen.

    E.g Adam writes very well about privacy. But the idea of a private company knowing a citizen's basic "matching data set" attributes, (Matching Data Set which is made up of your Name, Address, Date of Birth, and Gender) is always going to stick in a citizen's craw.

    We know, because it's a common human sense, that "local authorities (will) become attribute providers, as they know a lot about people, and know it to a pretty good level of confidence.” Better than any private company (i'd add). At least that's what we, as citizens, want to believe.

    And so far as ".. identity will become commoditised,” he says. “It will be driven down in value until a disruptive player forces that value to nil" (from the same page above). The "disruptive player" already exists, unless the ERO offices in local council are being rewarded by the central gov. for providing attributes for the IER service.

    The problem, is that started as a National publication that enables UK citizens (and visitors) to get orientated for 'how government works' and 'how to find and use a service'. But to think like an individual citizen, one has to focus locally - on "where one comes from". There's a good reason why unis, globally, and the ec, have adopted this network architecture approach. and

    There's an old Latin term = exeact. It literally means "let him go out", so a student or priest could go on formal leave. Private companies are important as one needs additional services, like taking on debt. But first step first. We need a local entity/community to prove where we come from.

  3. Comment by Karen Conroy posted on

    To add to my comments above they are not about Verify but HMRC Gateway access to my self assessment account. I was confusing the different ways of accessing my account. I've managed to register my identity via Verify today and will now be able to do my tax return. Should like to make it clear my first comment belongs elsewhere and I would like to retract it.

    • Replies to Karen Conroy>

      Comment by Emily Ch'ng posted on

      Dear Karen

      Many thanks for your comment and I'm glad to hear you managed to verify your identity with GOV.UK Verify. As you'd like to retract your previous comment please rest assured I won't publish it. However, I will ensure that I pass on your feedback to my colleagues at HMRC.

      Best wishes,