Technology and human rights: UK government’s digital ID proposal restarts privacy debate
In September, the UK government announced plans for a free digital ID for those living legally in the UK. Billed as a measure to prevent irregular migrants working in the UK, it’s also seen as a way of reducing complexity of identity checks. However, the proposal has reignited the debate about the implications of ID systems for an individual’s privacy and security.
It’s intended that the so-called ‘BritCard’ will be the primary method of proving the right to work, alongside a pathway to services. A national ID card, whether in physical form or as a phone app, has considerable logic as a friction-free solution to modern ‘life admin’. ID cards are the norm in the majority of EU Member States, although in many countries they aren’t compulsory. They perform a wide variety of functions, for example enabling European citizens to vote, obtain medical appointments or apply for courses. Estonia – a leader in technological efficiency – has successfully engaged its citizens with digital ID for over 20 years.
The full detail of the UK’s digital ID scheme hasn’t yet been confirmed. While the card will be mandatory for those who want to work in the country, it’ll be voluntary in all other respects. The scheme will use a ‘federated data model’, meaning there won’t be one, single database. This is the approach adopted by the likes of Norway and Finland as well as by Australia’s voluntary MyID app.
However, there are some concerns about ID cards. ‘It’s in part about your identity potentially cutting across different parts of the system in a way that wasn’t intended and isn’t known by citizens,’ says Tom Sulston, Head of Policy at Digital Rights Watch in Australia. ‘What if your driver’s licence gets linked up to a photograph of you by a security camera, and it falsely links you with a crime? Because the programme can also pull up your address, the police come and knock on your door.’
Although the federated data model guards against that to some extent, Sulston adds that ‘privacy is about you making informed decisions about what your personal information is being used for, and ID cards can really undermine that.’
If you find yourself at the wrong end of a breach, you can’t change your identity, you can’t change your biometrics
Tom Sulston
Head of Policy, Digital Rights Watch Australia
Critics can point to the experience in India where the Aadhaar programme – which stores over a billion people’s personal information and is considered the largest biometric database in the world – has had a difficult journey. Proponents of the scheme say its benefits include that it expands access to basic identification, while reducing corruption. However, there have been reports of significant Aadhaar data breaches, with each having the potential to affect thousands of families due to the substantial amount of information stored on the database.
Aadhaar has been repeatedly challenged in the Indian courts and in 2018, a landmark ruling by the Supreme Court placed limitations on the programme. It was decided, for instance, that it couldn’t be mandatory for the unique Aadhaar identification number to be required for access to services such as opening a bank account or to apply for a mobile phone SIM card.
At its best, the Indian example demonstrates the delicate balancing act between a government’s legitimate aims and the individual rights of citizens. The UK government is adamant that the risks of digital ID are outweighed by the benefits. A spokesperson told Global Insight that digital ID will ‘streamline interactions with the state, saving time and cutting frustrating paperwork.’
The last time the UK government attempted to introduce ID cards, a number of campaigns were launched in opposition at what some called ‘the database state’. The ID card project was adapted to meet some of the concerns but eventually abandoned in 2011. This time around, there have already been protests against the new plans and opposition may well build during the consultation process in 2026.
A recent court ruling may suggest the debate has shifted, however. Markus Beham is Co-Vice Chair of the IBA Human Rights Law Committee. He highlights a Court of Justice of the European Union (CJEU) case – Staatssecretaris van Justitie en Veiligheid – which explored identification and the rights of individuals. The CJEU looked into the requirement for Ukrainian workers posted from Slovakia to the Netherlands to reapply there for a residence permit. ‘The judgment found that, in effect, it is in the interest of both the state and the individual to be able to show clear documentation, since this also facilitated administrative checks,’ says Beham, who’s also the incoming Chair of Public International Law at the European University Viadrina.
It’s also notable that in the 2018 case, the Indian Supreme Court, though it ruled to limit the scope of the ID card, endorsed the Aadhaar programme more generally, concluding that it was ‘beneficial’ and ‘aimed at empowering millions of people’ in the country.
The current UK government has focused on digital ID as a tool to combat illegal immigration, while when the idea was mooted in the 2000s, the rationale was the threat of terrorism. However, concerns about civil liberties and the threat of a ‘surveillance’ state, around privacy and private company access to the personal data of citizens, remain. Sulston highlights that the real concern is that these systems are always imperfect – there will be breaches, which will have consequences. ‘If you find yourself at the wrong end of a breach, you can’t change your identity, you can’t change your biometrics,’ he says. ‘If you are wrongly identified, you may never be able to correct that.’
Header image: arneaw/Adobe Stock