We are building GOV.UK Verify to protect people’s privacy and security. To help us to do this, we have a Privacy and Consumer Advisory Group consisting of privacy and security experts. The group has developed a set of Identity Assurance Principles which we’ve embedded in to the way we’ve designed and built GOV.UK Verify.
One of the Identity Assurance Principles for GOV.UK Verify is “I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them.” This means that certified companies must get your consent before they can collect personal information from you, or provide services to you.
When you first use GOV.UK Verify, we may ask you some basic questions help you choose a certified company with which to complete the verification process, for example your age or citizenship status. We treat this as personal information, even though we do not ask for your name, address, date of birth or other identifying information. We delete this information as soon as you choose a certified company.
When a certified company collects personal information from you, or refers to information about you held in other sources such as credit reference files, they are obliged to explain the purpose and nature of their processing, and to obtain your consent through your acceptance of the terms, for example by ticking an opt-in box. They are contractually prevented from using your data for any purpose other than providing your GOV.UK Verify service unless we approve that use and you provide explicit consent to it.
Once you have provided consent to the certified company processing your information, it uses a subset of that information - your name, address, date of birth, gender, and (if relevant) previous name(s) and address(es) - to let the service you want to use know who you are. The other information you provided to verify your identity is not shared with us or with the government department with which you are dealing.
We’re often asked if we release personal information to certified companies. We do not. When you use GOV.UK Verify, your chosen certified company may verify your identity based upon government documents such as your passport or driving licence, and / or other evidence, using information that you provide to them. We enable certified companies to check the accuracy of driving licence and passport information given to them by users, but we do not release any information about you other than to confirm whether the details you provided are correct.
Keep up to date with the latest on the development of GOV.UK Verify by signing up for email updates.