The Government Digital Service (GDS) is using technology from a startup created by web inventor Tim Berners-Lee to offer citizens greater control over their personal data when accessing online public services.
GDS is developing a new digital identity system that is intended to become the standard way to sign in to the Gov.uk website. As part of this programme, users will need to give permission for the system, known as One Login, to access and share data held by different government departments, such as passports and driving licences.
Recognising the potential privacy and data protection issues in such an approach, GDS has created a simple proof of concept using technology called Solid, developed by Inrupt, a startup founded in 2018 by Berners-Lee, who serves as the company’s chief technology officer. Renowned cyber security and cryptography expert Bruce Schneier is the firm’s chief of security architecture.
Solid is based on the concept of personal data stores, called Pods, which hold personal data in a way that allows users to give specific permissions as to how, when and who is allowed access to their information. It was originally developed as an open source platform by Berners-Lee along with his colleagues at the Massachusetts Institute of Technology.
As part of GDS’s One Login system, citizens wishing to access online government services will set up an account – in a similar manner to setting up an account on a commercial website – to allow the government to personalise the way people use Gov.uk. GDS is testing whether Solid could be used to overcome users’ concerns about how their personal data might be used.
Last year, Salford Royal NHS Foundation Trust, in a joint project with the Greater Manchester Combined Authority, announced it was trialling Solid so that patients could hold and control their own health and social care records. Other early adopters in the UK include NatWest Bank and the BBC.
Scott Watson, technical director at Salford Royal Hospital, said at the time that Solid was a way of “storing all your data in one place, that is associated with you as an individual, and then all the different services that you interact with come to you – so you tell your story only once”.
One Login, which will replace the troubled Gov.uk Verify digital identity system, may yet face controversy over its approach to personal data because it will allow the creation of a central record of its users’ identity verification data combined with information about their activity across the Gov.uk estate.
In February this year, a letter from then Cabinet Office minister Michael Gove to Whitehall departments acknowledged that there would be “challenging technical, legal, ethical and operational issues to resolve” in implementing One Login.
GDS has estimated the cost of developing One Login at between £300m and £400m, but will need to bid for that budget to be allocated as part of the forthcoming spending review with HM Treasury, which will determine the funding available to all departments for the remaining three years of the current Parliament.
A spokesperson for GDS said Solid is one of several systems they are looking at and no final decision has been made.