A GOV.UK Account is a way of making online interactions with government easier, simpler and more efficient, as we recently blogged about. Part of this work will involve the collection and use of our users’ personal data, which leads to valid concerns and questions about our approach to data use and privacy. We want to be open in our thinking about this. This blog post explains our work on privacy and GOV.UK accounts so far.
Privacy by design
We want to use privacy principles to make sure that data privacy is an integral part of the design process. This is commonly referred to as a “privacy by design” approach and essentially means that we are thinking about data privacy problems and solutions from the earliest stages of the design process. We are also examining and addressing various ethical considerations throughout the process using the Data Ethics Framework. This enables us to build privacy-friendly features in the most efficient way.
Our guiding privacy principles
UK law provides a baseline of things we must do and must not do, and we go into more detail below on that, but we’ve also been looking beyond our legal obligations. We’ve been thinking about how we want the GOV.UK Account to operate from an ethical point of view - doing the right thing for individuals. So at an early stage, we developed a set of data privacy principles which we use to guide and inform the design of a GOV.UK account.
1. Put users first
When developing the GOV.UK Account, we make sure that the data privacy expectations of our users are front and centre. So when we design the product’s features we consider the potential privacy impact they could cause for our users. We then identify the steps we need to take to minimise that impact.
2. Give users control over how their data is processed
This is key to a privacy-friendly approach and to enabling us to cater for the full spectrum of user needs and preferences - from those users that want to share as little information as possible to those that want to share more to get that personalised experience. We give users the choice of saving information to their account, to opt in or out of cookies and email notifications, and we also enable users to access, update and delete their data.
3. Keep users informed
We aim to be as transparent as possible about how a GOV.UK account uses personal data. That’s why we’re writing blog posts on our work and why at the start of the sign-up process we have included a clear summary on the use of personal data. This page provides an overview of the key points we think users should know but also links to the full GOV.UK accounts privacy notice should users want to know more.
4. Limit what data is used
We only collect and process personal data where there is a genuine need and a clear purpose, and when we do, we strive to use as little personal data as possible. We carefully consider what data is actually needed for a GOV.UK account to function, which then determines what data we ask our users for. For example, for the trial account we’re running on the Brexit Transition Checker, we only need an email address, which becomes your username, and a telephone number for additional security, so that's all we asked for.
We use reports based on a version of GOV.UK accounts data which has had all personal identifiers removed to help us improve the account. These reports do not directly identify any GOV.UK account holders, but instead can show trends in use such as how many account users are students.
5. Keep information secure
We take security seriously and any information a user submits is securely held. We have put in place security measures that defend against the kinds of threats that GOV.UK accounts could face. For example, all data is encrypted between us and a user’s web browser using HTTPS, a secondary security code is required to log into an account, and accounts lock out after a set number of failed login attempts. Access to user data is strictly restricted to the service team, when there is a clear business need. There are rigorous data security controls in place where this need arises. These measures will be continuously re-assessed as the GOV.UK account develops.
6. Seek oversight and consultation
We ensure that the development of the GOV.UK Account is subject to internal oversight and governance. For example, we engage accountable risk owners and the Cabinet Office Data Protection Officer (DPO) via our Data Protection Impact Assessment (DPIA) processes. We also value external views of the work we’re doing and we speak to users through our user research work and to organisations like the National Cybersecurity Centre and the Privacy and Consumer Advisory Group.
All our work is compliant with data protection law. We conduct DPIAs to gauge our compliance and to help us identify potential issues or problem areas where we may have further work to do.
It's important to emphasise that when browsing GOV.UK information will never be locked behind a login. An account will give users who want a more personalised experience the opportunity to do so.
While this is an overview of our work on privacy and the GOV.UK Account, you can read more details of what data we collect and how it is actually used in the full GOV.UK Accounts Privacy Notice.
As discussed in principle 6, we are keen to hear from our users. If you want to get in touch about privacy and GOV.UK accounts, please email the team on firstname.lastname@example.org.