My Lords, we now move on to Part 2 of the Bill, which concerns the provision of digital verification services. In moving Amendment 177, I will also speak to the amendments through to Amendment 195; apart from one, all of them are in my name and have the support of the noble Lord, Lord Clement-Jones, for which I am grateful.
5.30 pm
The relevant clauses of the Bill establish a regulatory framework for the provision of online digital verification services in the UK though the creation of a trust framework, a register of providers, an information-sharing gateway and a trust mark. This new system will encourage the wider adoption of “reusable” digital identities, which can be used again and again for different interactions across organisations. Clause 52 helpfully clarifies that these services should be provided at the request of an individual and so are separate from any attempt to introduce universal or compulsory digital identities. As such, we support the idea in principle and accept that, in this increasingly digital-focused society, it should be easier for people to prove their identity online, whether they are, for example, opening a bank account, moving house, applying for a job and so on.
It is vital, however, that this new system has the absolute trust of those using it and proper controls and regulation for the verification providers. So far, we are a long way from achieving these objectives. A number of amendments to these clauses were added on Report in the Commons but, even so, many of the details necessary to provide a robust system are not yet available. These concerns are reflected in the recommendations of the Delegated Powers and Regulatory Reform Committee’s report; our amendments seek to enforce those recommendations.
The committee identified a number of Henry VIII powers given to the Secretary of State in this part of the Bill. Clause 53 requires the Secretary of State to publish a document setting out the rules for the provision of these new digital verification services; this is to be known as the main code and will underpin the new regime. Clause 63 requires the Secretary of State to maintain a register of verification providers who have been certified as being in compliance with the main code; these certified verification providers can then access information from public bodies, so this is a powerful new approval system.
However, as the provisions stand, there is no authority for the main code to be subject to parliamentary scrutiny. The Government have provided two main reasons for this: first, the need to make changes rapidly; and, secondly, the need to ensure that governance of these services can be transferred to a private sector body. The Delegated Powers Committee rejected this reasoning and recommended that the powers in Clause 53 to produce the main code should be subject to parliamentary scrutiny using the affirmative procedure. We support this recommendation, which is reflected in our amendments.
This particularly matters as there is so little information available as to what will be in the main code. First, there are no principles in the Bill to ensure both that services are designed and implemented around user needs and that they reflect the important privacy and data protection guarantees we have been debating elsewhere in the Bill. These types of principles are essential for building trust in the scheme, particularly as it is proposed that private providers will be at the heart of the verification service.
Secondly, there appear to be no assurances that people can opt out of digital verification and use offline methods of identification instead. This is particularly important for vulnerable and marginalised groups who might be excluded from the technology. We need to ensure that this new system does not become compulsory by default.
Thirdly, it is still not clear how the new office for digital identities and attributes, which will oversee the scheme from an office in DSIT, will be regulated to ensure proper independence and accountability.
Fourthly, it is not clear what the international implications of the scheme will be, given that many of the companies seeking compliance with the digital verification schemes will be global brands with headquarters elsewhere. Just to add a further concern, could the digital verification schemes themselves be international companies? Is there then an issue of UK domestic security being put at stake, given that they will have so much access to, for example, government data? These are some of the reasons why the details of this scheme should not be left to the Secretary of State but instead given full parliamentary scrutiny via affirmative resolution.
Finally, our Amendment 195 picks up another recommendation of the Delegated Powers and Regulatory Reform Committee, which relates to setting fees for people seeking entry or modifying details on the register of providers of verification services. The powers are given to the Secretary of State to set these fees with no reference to Parliament. The Delegated Powers Committee recommends that there should be parliamentary scrutiny using the negative procedure. We agree with this point and this is reflected in our amendment. I therefore beg to move Amendment 177.