Question to the Department for Science, Innovation & Technology:

To ask the Secretary of State for Science, Innovation and Technology, what steps she is taking to ensure that the proposed digital verification process for the Government’s One Login system is compliant with Article 9 of the UK General Data Protection Regulation in the context of the processing of biometric data.

GOV.UK One Login is fully compliant with all aspects of data protection law, including in relation to the processing of biometric data under the UK GDPR. DSIT relies on Article 9(2)(g) UK GDPR (substantial public interest) for the processing of biometric data. The appropriate safeguards and data minimisation procedures are applied throughout GOV.UK One Login’s biometric checks and special category data is processed only where lawful, necessary and proportionate. GOV.UK One Login provides an alternative route for individuals who do not wish to, or cannot, prove their identity using biometrics.