We’ve blogged a lot about how user security and privacy is at the heart of GOV.UK Verify. We’ve also talked about the Privacy and Consumer Advisory Group (PCAG) and one of their key outputs: the Identity Assurance Principles. These exist to inform and guide the privacy-related aspects of identity assurance, especially in GOV.UK Verify.
The Identity Assurance Principles are intended to ensure that identity systems - like GOV.UK Verify - are fair, balanced and operate for the user's benefit.
But what do the principles really mean, and how do we implement them within the GOV.UK Verify journey? This blog post is the first in a series of 3 where we’ll be taking a look at each of the 9 principles and explaining what they mean for our users. Today we cover the principles of user control, transparency and multiplicity.
Principle 1: User Control
I can exercise control over identity assurance activities affecting me and these can only take place if I consent or approve them.
This principle relates to user control. The idea being that users control how and when their identity is used. If consent has not been provided then a certified company cannot carry out identity verification or provide information about the user to the government service they are trying to access. Users are also in control of when their information is passed to a government service.
This is embodied in the GOV.UK Verify user journey. Users only start setting up an identity account after visiting the start page of the service they wish to use on GOV.UK. Users choose a certified company that is most likely to be able to verify their identity, consent to the use of their data for identity verification purposes, and for their data to be released to the government service. If the user exits the journey at any point, their data is not released.
If a user can’t be verified by GOV.UK Verify, no one is excluded from using a government service. Other channels are available for people who are not able to use digital services, including if they are not able to verify their identity entirely digitally.
Principle 2: Transparency
Identity assurance can only take place in ways I understand and when I am fully informed.
The underlying relationships in GOV.UK Verify are built on trust, and users need to be able to trust their selected certified companies to collect and process data in the ways they expect and understand.
GOV.UK Verify has been designed to be clear and transparent, and inform users of what is happening with their data during the different parts of the user journey. In addition to the GOV.UK Verify privacy notice, the GOV.UK Verify team has worked with the certified companies to ensure that they have privacy notices and terms and conditions, written in simple terms, which meet the requirements set out in our Framework Agreement. We have also evaluated their user journeys as part of the certified company approval process to ensure that users are kept informed of what is happening with their data when they use GOV.UK Verify.
If a user ever gets stuck in the journey and needs support, certified companies provide user support specific to their services, which we assess for quality and clarity. There’s also a prominent link taking users to a feedback form where they can ask a question or report a problem to the GOV.UK Verify user support team. This team ensures that users who contact them understand how GOV.UK Verify works and provides them with all of the information they need to complete their task.
Principle 3: Multiplicity
I can use and choose as many different identifiers or identity providers as I want to.
Users can choose from a range of certified companies to provide identity assurance services, and can have identities with as many of those certified companies as they wish.
GOV.UK Verify offers a range of certified companies to choose from, and users may register, close or change relationships with these companies at any time.
This approach is essential to ensure that users have a choice: they can choose which certified company is most appropriate for their needs, and if their needs change they can also change their certified company. For example, if a user loses their account details or forgets which company they used to register for an identity then they have the option of simply re-registering with another certified company. If the user wishes to close their account with a certified company then they can do so too.
What do you think?
So that’s how we apply principles of user control, transparency and multiplicity. What’s your view? Are we applying them in the right way? Let us know in the comments below.
We’ll be publishing the next post in this series soon. Subscribe to the blog so you don’t miss the next installment.