FB pixel

UK lays out privacy policy for One Login identity verification

Veriff revealed as iProov subcontractor for ID Check, One Login apps
UK lays out privacy policy for One Login identity verification
 

Data collected for Gov.uk One Login will not be used to target advertisements or profile users, and selfie biometrics for remote ID verification will be deleted after 30 days, the UK’s Government Digital Service has announced.

A privacy notice from GDS describes how and why biometric data is collected for liveness and “likeness” checks, and sets out the data storage and sharing policy. The notice outlines Experian’s role in identifying signs of identity theft, knowledge-based verification (KBV) and providing a fraud score.

The process for in-person identity verification at a Post Office with help from its subcontractor Yoti is explained. Data collected for in-person identity checks is deleted after 11 days.

Online identity verification through the Gov.uk ID Check app or Gov.uk One Login app with ID document authenticity, biometric matching and liveness detection checks is handled by iProov and its subcontractors Veriff and Inverid. The selfie video taken during the process is not stored, but the still photo and biometric data generated from it and the driver’s license image are deleted by iProov after 30 days.

GDS says system logs will store extensive information about how One Login is used for a year, accounts will remain active for up to five years after their last use, and audit logs will be kept for seven years for fraud monitoring purposes. The notice also states that information from ID documents shared with One Login can be passed on to HM Revenue and Customs, the Passport Office and Driver and Vehicle Licensing Agencies for Britain and Ireland. Anti-fraud data could also be shared with law enforcement agencies and the Home Office.

One Login is projected to cost 329 million pounds (approximately US$ million) to deliver, PublicTechnology reports. The project has found itself repeatedly under fire, following an assessment by the National Cyber Security Centre earlier this year that found it was compliant with only 21 of 39 cybersecurity recommendations, and when it temporarily dropped off of the DIATF register. Multiple contracts intended to improve One Login’s security resilience have since been awarded.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Biometrics providers and systems evolve or get left behind

Biometrics are allowing people to prove who they are, speeding journeys through airports, and enabling anonymous online proof of age,…

 

Findynet funding development of six digital wallet solutions

Finnish public-private cooperative Findynet has announced it will award 60,000 euros (US$69,200) to six digital wallet vendors to help translate…

 

Patchwork of age check, online safety legislation grows across US

As the U.S. waits for the Supreme Court’s opinion on the Texas case of Paxton v. Free Speech Coalition, which…

 

AVPA laud findings from age assurance tech trial

The Age Verification Providers Association (AVPA), and several of its members, have welcomed the publication of preliminary findings from the…

 

Sri Lanka to launch govt API policies and guidelines

Sri Lanka’s government, in the wake of its digital economy drive, is gearing up to release application programming interface (API)…

 

Netherlands’ asylum seeker ID cards from Idemia use vertical ICAO format

The Netherlands will introduce new identity documents for asylum seekers Idemia Smart Identity, compliant with the ICAO specification for vertical…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Biometric Market Analysis

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events