The recent referendum in Switzerland on digital ID (50.4% in favour) revealed a nation divided. In the UK, the debate is only just beginning, but public sentiment is wary. A petition against digital ID has attracted nearly 3 million signatures.
Keir Starmer has shown interest in India’s Aadhaar system, one of the largest digital ID projects in the world. But Aadhaar is not without its problems & has been subject to significant breaches, with hackers claiming to have stolen 815 million peoples’ personal information in the past.
Given the rise in cyberattacks across European airports, critics rightly question whether placing the data of millions of UK citizens in one centralised database could become a single point of failure, and a target too attractive for bad actors to ignore.
Trust in the government to safeguard such a system is lukewarm. The UK government has faced multiple data breaches in recent years. For instance, the MoD breach that exposed the personal data of hundreds of Afghan nationals. The ICO fined the MoD £350,000, but doubts were raised about whether enforcement should have been more severe. It raises the question of conflicts, when one public body regulates another.
It’s worth remembering that the UK Government admitted they deployed the COVID-19 Test and Trace programme unlawfully without a Data Protection Impact Assessment. It’s vital that no such corners are cut in implementing a national digital ID.
A DPIA is not just a checkbox exercise; it asks whether a less intrusive method can achieve the same aim. If the aim is to tackle illegal employment or manage immigration, then it’s fair to ask: are there not already tools in place that address these challenges without necessitating a sweeping digital identity framework?
A digital ID system also raises issues of digital exclusion. What about those in data poverty, or who don’t own smartphones due to personal choice?
Another concern is function creep – where the purpose of a system gradually expands beyond its original scope. Even if digital ID starts off with limited use cases, history shows it can morph over time. Consider the UK’s DNA database, where DNA of acquitted individuals was retained for several years after the ECHR ruling that it was unlawful. The demonstrates the reluctance to scale back once a system is in place.
Digital ID offers clear benefits, but without robust safeguards, risk could outweigh rewards.