In my previous blog, I discussed the subject of One Login, a landmark initiative from the Government Digital Service (GDS). Offering single sign-on and identity verification facilities for a range of government services, One Login is designed to replace the near-200 different account creation systems that exist within the public sector ecosystem today. A simpler and more cohesive user experience is anticipated as a result.
Within that article, I noted that – in addition to simplifying access – One Login offers the chance to “review… and even re-engineer existing applications and processes to enhance performance and embrace new capabilities”. One of the most obvious opportunities to do so is by taking the foundations of One Login and embedding the ability to share user data between different government departments.
With that in mind, I’d like to use this follow-up post to explore that idea further, from the controls needed to realise that opportunity to what a “successful” data sharing implementation could look like.
Control and security are essential to public trust
Naturally, one of the first issues that must be addressed is that of trust. To ensure that ordinary citizens truly embrace the service, any data sharing capabilities within One Login’s design will need to provide users with comprehensive control over how their data is shared.
To be clear, this is not to suggest that there is any fundamental hesitance amongst the UK population when it comes to data sharing as a concept – quite the opposite, in fact. One recent study suggests that the UK is tending towards the status of data pragmatism; in 2022, a quarter (24%) of consumers said that they are happy sharing their personal information in return for an improved service, up from 18% in 2015[1].
Instead, I believe that the priority here is providing citizens with the ability to set their own parameters on how One Login shares data across different departments. Much like the permissions that exist in platforms such as Facebook and Google, where users can dictate what information is shared and with which applications, One Login will need to reassure people that they retain ultimate control over their data footprint.
That thought ultimately brings us to the subject of security. As well as giving them ownership of their information, One Login must also prove to users that said data can be accessed by them and them alone. With the service capable of bringing together everything from financial records to a citizen’s healthcare history, flawless standards of user authentication will be essential if One Login is to win long term trust.
Planned two-factor authentication (2FA) capabilities – already in progress according to One Login’s public roadmap – will go some way to meeting that requirement, but the fact remains that even 2FA can be undermined by a determined cybercriminal.
Social engineering attacks, man-in-the-middle exploits, and more have been shown to be effective in overcoming 2FA, and the quantity of information available through One Login would make it a particularly enticing target. Because of this, GDS (and any departments connected through the service), will need to stay at the absolute forefront of developments in the verification and authentication space.
[1] UK Data Privacy: What the Consumer Really Thinks 2022 – The Data and Marketing Association, 25th December 2022
The promise of data sharing
To my mind, One Login points to a few key opportunities. Amongst them are a reduction in user effort, a more cohesive approach to citizen interactions, and the chance to shift towards a more proactive approach to service provision. Let’s address each of those in turn.
User effort
The major incentive here is to use data sharing as a way to reduce the duplication of effort across different services. Imagine that a citizen grants HMRC access to their DWP information, for instance, and can then quickly and easily import that data into their self-assessment tax return. The same concept would work for other departments, of course, between the DVLA and DVSA for instance.
Cohesion and incentivisation
Building on that theme, there is clear potential here to provide a centralised view of a citizen’s interactions with government, be those at central or local level. A “dashboard” of services – rather than the current “list” of services users see when using their GOV.UK One Login (figure 1) – could help users keep track of what information they are sharing with which departments, as well as providing direct access (via APIs) to additional services, presenting alerts such as when MOTs are due, prescriptions are ready for collection, passports expire, etc. We will explore this in more detail in our next blog.
Proactive provision
Today, many public services are reactive, relying on citizens to drive the process forwards. With better data sharing comes the chance to flip that dynamic, with departments able to anticipate and respond to the needs of citizens based on information held elsewhere. The addition of (carefully vetted and curated) third-parties could add further potential.
One final note of caution: with One Login and any interlinking services leaning inherently towards digitalisation, steps must be taken to ensure that less digitally literate citizens do not find themselves excluded or subject to a “second class” experience.
Building the technical backbone
As well as implementing the controls needed to win public trust around data sharing, One Login will also need a robust, API-based infrastructure – and not just to enable the development of dashboards
A list of existing departmental APIs already exists, but work remains to be done in order to tie these into the kind of federated data sharing model discussed above. And, challenging though it may be to create, that model remains infinitely preferable to a centralised repository.
In many ways, this challenge speaks to the future of One Login as a whole. While the service holds abundant potential, there is a long road to run before its true promise can be realised – particularly when departments are being asked to do more with less. At the same time, the latent potential of a smart and modernised approach to citizen data remains fundamentally irresistible.
If you’d like to know more about how 101 Ways can give you the technical support you need to focus on rethinking your own public service, why not get in touch?