GOV.UK One Login privacy notice

About GOV.UK One Login

The GOV.UK One Login system provides a single way to sign in and prove your identity when accessing government services online.

GOV.UK One Login is provided by the Government Digital Service (GDS), part of the Cabinet Office.

Mentions of ‘us‘ and ‘we‘ in this privacy notice refer to GDS.

The Cabinet Office, as GDS’s parent organisation, is the data controller of the personal data you provide when you use GOV.UK One Login. This means that the Cabinet Office is ultimately responsible for the personal data we collect and process on GOV.UK One Login. This includes determining things like what personal data should be collected, from whom and what it will be used for.

Other government departments are responsible for any personal data you provide when you use their online services. For example they may collect data from you either before they redirect you to GOV.UK One Login or after GOV.UK One Login returns you to their service after you’ve completed your authentication or identity checks. This means that they are data controllers for that information and will decide what data to collect from you, why they need that data and how long they keep that data for. Details of this will be in their own privacy notices.

What information we collect

When you authenticate your GOV.UK One Login or prove your identity

When you are referred to GOV.UK One Login by an online government service to sign in or prove your identity we will know what service you have come from.

The information we then collect from you will depend on:

• whether the online government service is using GOV.UK One Login solely to log you in to their system or to prove your identity as well
• the evidence and documents you have available to prove your identity
• the type of device you use, for example a laptop, tablet or smartphone

In all cases, we will create a GOV.UK One Login using your email address. Where you choose to receive authentication codes using text message, we will also collect your phone number. If the online government service is only using GOV.UK One Login to sign you in to their service, we will not collect any further data from you.

Where online government services use GOV.UK One Login to prove your identity, we need to conduct identity checks and therefore process additional personal data.

Using the GOV.UK ID Check app to prove your identity

This route uses the GOV.UK ID Check app which is available to smartphone users through the Google and Apple App Stores. It consists of a sequence of checks that are conducted by specialist identity checking service providers on our behalf.

Genuine document, liveness and likeness checks

We need to check that:

• your documents are real
• you are a real person (also known as a ‘liveness’ check)
• you are the same person as in the document photos (also known as a ‘likeness’ check)

We use an identity checking service provider called Iproov and their subcontractors Veriff and Innovalor to conduct these checks. Iproov acts as a data processor with Veriff and Innovalor as sub-processors, which means that they may only process your personal data for the sole purpose of fulfilling our instructions.

We need to check your identity document security features to prove that they are genuine documents.

For driving licences, you will need to take a photo of the front and back of your licence with your phone camera. The app will require permission to access your camera and photos for this.

For e-passports, biometric residence permits and cards, and frontier worker permits the app will read your document information from its near field communication (NFC) chip.

We collect the following information:

• name
• date of birth
• address (driving licences only)
• document number
• expiry date
• issuing country
• nationality (except driving licences)
• photo image

When Iproov has completed the check, they send us the outcome of the check and your identity document information.

We do a “liveness” check to prove whether a user is a real person and not anything that might impersonate an individual such as a mannequin, wax figure, 3D mask, picture or deepfake.

You will need to take a selfie video using your phone camera. The App will require permission to access your camera and videos for this. This check is conducted in real-time which means that neither we nor Iproov store the video.

When Iproov has completed the check, they send us the outcome of the check.

We do a likeness check to prove that you are the same person as in your identity document photo.

This check uses a still image generated from your selfie video and your identity document photo to measure the unique patterns of your face. This is called facial biometric data. The biometric data from both images is compared to establish whether the user is the actual owner of the identity document.

When Iproov has completed the check, they send us the outcome of the check.

Fraud check

We use an identity checking service provider called Experian to conduct a fraud check to:

• look for any signs that your identity has been stolen or misused
• check whether there is a record of you existing over time

They do so as an independent data controller in accordance with their privacy notice.

When you have completed the checks above using the App, you will be returned to the GOV.UK One Login website where we will collect your name, date of birth and address. We send these to Experian so they can conduct a counter fraud check.

When Experian has completed the check, they send us a fraud score, plus details of any associated fraudulent activity.

This fraud check will not affect your credit score, as it is a ‘soft search’. An entry about it will be added to your credit record, but it will only be visible to you. Other organisations that use Experian to run their own credit checks will not be able to see it.

Using your web browser to prove your identity

This route consists of 3 separate identity checks.

An identity document check

We check your passport or driving licence details are genuine using the authoritative datasets held, respectively, by HM Passport Office (HMPO) or the Driver and Vehicle Licensing Agency (DVLA) in Great Britain or the Driver and Vehicle Agency in Northern Ireland (DVA (NI)). You will need to provide your driving licence or passport details which we then send to HMPO, DVLA or DVA (NI) to validate against their records.

When HMPO, DVLA or DVA (NI) have completed their checks, they send us confirmation as to whether the data matches or not and if not, the reason why it didn’t match.

HMPO, DVLA and DVA (NI) do so as independent data controllers in accordance with their privacy notices.

Knowledge Based Verification check (security questions)

We conduct a Knowledge Based Verification (KBV) check, or security questions, using questions about your credit or financial history that only you should know the answer to. This check is conducted by Experian as an independent data controller in accordance with their privacy notice.

For this check we use your name, date of birth and address to retrieve relevant questions from Experian. We collect your answers and send them to Experian to check that they match the information they already have about you.

When Experian has completed the check they respond to us with a Pass / Fail outcome.

GDS does not store or retain the questions or your answers.

This fraud check will not affect your credit score, as it is a ‘soft search’. An entry about it will be added to your credit record, but it will only be visible to you. Other organisations that use Experian to run their own credit checks will not be able to see it.

Fraud check

We use an identity checking service provider called Experian to conduct a fraud check to:

• look for any signs that your identity has been stolen or misused
• check whether there is a record of you existing over time

They do so as an independent data controller in accordance with their privacy notice.

When you have completed the checks above, we will collect your name, date of birth and address. We send these to Experian so they can conduct the check.

When Experian has completed the check, they send us a fraud score, plus details of any associated fraudulent activity.

This fraud check will not affect your credit score, as it is a ‘soft search’. An entry about it will be added to your credit record, but it will only be visible to you. Other organisations that use Experian to run their own credit checks will not be able to see it.

Proving your identity at a Post Office

GOV.UK One Login gives you the option to prove your identity at a Post Office. This route consists of 3 separate identity checks.

Fraud check

We use an identity checking service provider called Experian to conduct on online fraud check to:

• look for any signs that your identity has been stolen or misused
• check whether there is a record of you existing over time

They do so as an independent data controller in accordance with their privacy notice.

We collect your name, date of birth and address and send them to Experian so they can conduct the check.

When Experian has completed the check, they send us a fraud score, plus details of any associated fraudulent activity.

This fraud check will not affect your credit score, as it is a ‘soft search’. An entry about it will be added to your credit record, but it will only be visible to you. Other organisations that use Experian to run their own credit checks will not be able to see it.

Genuine document check and likeness check

We need to check that:

• your identity documents are real
• you are the same person as in the identity document photos (also known as a ‘likeness’ check)

These checks are conducted by the Post Office and their subcontractor Yoti on our behalf. The Post Office acts as a data processor with Yoti as a sub-processor, which means that they may only process your personal data for the sole purpose of fulfilling our instructions.

We ask you what identity document you would like to use to prove your identity. You can use any of the following identity documents:

• UK passport
• non-UK passport
• UK photocard driving licence
• UK biometric residence permits
• European Union (EU) photocard driving licence
• National identity card from a European Economic Area (EEA) country

We ask you:

• for your identity document’s expiry date and issuing country
• to confirm that the address you provided previously matches the address shown on your identity document, for documents that have an address on them.
• to choose which Post Office branch you would like to attend

We send this information plus your name, address and date of birth to the Post Office before you go to a branch. We also send you an email with a link to download a Post Office In Branch Verification customer letter. This will contain a QR code and instructions about what you will need to do next. You will need to open the link, enter your email address, and download and print the letter and take it with you when you attend the Post Office, or show it on your device.

When you attend the Post Office, a member of staff will scan the QR code on your letter and check the identity document you have with you against the details you provided.

The Post Office and Yoti will then check your identity document security features to make sure it is a genuine document.

• For all identity documents, the Post Office will take a photo of the front and back of the document to check the document’s security features, such as holograms, and to read the document information.
• For UK e-passports, the Post Office will also use a tablet to check your document’s security features and to read your document information from the NFC chip.

The Post Office will also take a photo of your face,from which they will measure the unique patterns of your face. This is called facial biometric data. The biometric data from your photo will be compared against the biometric data from the photo on your identity document to check whether you are the actual owner of the identity document.

When the Post Office and Yoti have completed the checks, they send us the result of the check and your identity document information.

We then use your email address to tell you that the results of your check are available. To see your result and share it with the service you needed to prove your identity for, you will need to sign in to GOV.UK One Login and be redirected to the government service you were using.

Technical information

We collect technical information as an integral part of providing GOV.UK One Login to you. This includes:

• online identifiers, like your Internet Protocol (IP) addresses
• technical information about the device you use such as the model, web browser operating system and unique device ID

This data is stored in system audit and security logs for system and security monitoring and technical troubleshooting purposes.

When you contact us for help or to provide feedback

There are a number of ways to contact us if you need help with GOV.UK One Login. They are on the Contact GOV.UK One Login page.

If you contact us for help, we will collect:

• information about you such as your name, telephone number and email address, and use this information to contact you about your enquiry and to identify your GOV.UK One Login if necessary
• the details of your help request
• your preferred language (English or Welsh) so we can contact you in that language

When you contact us do not include any sensitive or financial information about yourself. If you choose to share details about yourself to give extra context for your enquiry, we will store that information in our systems.

We store recordings of all telephone conversations. We use these for monitoring and detecting fraud, resolving complaints, quality monitoring and training, and improving our service.

If you contact us through our web form, we collect technical information about your device as outlined in the ‘Technical information‘ section of this notice.

If you agree to take part in our survey about the help you received, we collect your answers to the questions. These are linked to the record of when you contacted us, which includes information such as your name, email address or telephone number.

If you agree to web / app analytics

If you give your consent, we use Google Analytics to collect information about how you use GOV.UK One Login. For example:

• information about the pages you use
• how long you spend on each page
• how you got to GOV.UK One Login
• what you click on while you use the service
• technical information including IP addresses, the type of device and web browser you use
• an indication of your location (such as your city and country) using your anonymised IP address

The information collected is classed as personal data because Google Analytics assigns a unique identifier to each visitor. This does not however enable us or Google to determine your real world identity. We will also not combine analytics information with the data you provide when authenticating your GOV.UK One Login or proving your identity or any other data that we may hold in order to determine your real world identity.

We also use Firebase Crashlytics to collect information about problems you may experience when you use the GOV.UK ID Check app, such as the app crashing.

In both cases, Google acts as our data processor and we do not permit Google to use or share this data for their own purposes.

Why we need your information

We collect your personal information on GOV.UK One Login to:

• provide you with a GOV.UK One Login to access online government services
• prove your identity

We also use your information to:

• keep your GOV.UK One Login secure (using your email address, phone number, password and system logs)
• store your proven identity information within GOV.UK One Login to enable you to reuse it
• monitor, detect and investigate fraud
• provide the government service(s) that you access through GOV.UK One Login with information about the outcome of your identity check
• provide you with a record of how your GOV.UK One Login has been used, for example, when it was last signed in to and what services it has been used with
• contact you about any planned interruptions, problems or changes that may affect your GOV.UK One Login (using your email address)
• improve the service by understanding how you use it and any problems you experience, for example using Google Analytics, Firebase Crashlytics and the contact centre feedback survey
• monitor the rates of successful and unsuccessful identity checking submissions and produce anonymised reports about GOV.UK One Login to help us understand where we can make improvements
• help diagnose and fix technical or debugging issues
• assist in billing and reconciliation for the third party identity checking services we use
• monitor the system for security threats and system issues, for example outages.

Our legal basis for processing your information

Legitimate interests (UK GDPR Article (6)(1)(f))

When we process your personal data for security monitoring purposes, the legal basis we rely on is that the processing is necessary for GDS’s legitimate interests. GDS interests in this regard are protecting GOV.UK One Login and its users against security threats.

Consent (UK GDPR Article (6)(1)(a))

We obtain your consent to process your personal data for the following purposes:

• collecting and analysing information about how you use your GOV.UK One Login using Google Analytics cookies
• collecting and processing your responses to our survey about the help you received

Where we rely on consent we will explain as clearly and concisely as possible how your data will be processed so you understand what you are consenting to. If you later change your mind, you can withdraw your consent at any time. How you can do this will depend on what we are processing your data for. For example, you can:

• withdraw your consent from our use of cookies using the GOV.UK One Login cookie preferences page
• click the unsubscribe link on emails you receive from us, or you can contact [email protected]

Public Task (UK GDPR Article (6)(1)(e))

For all other purposes including the administration of your GOV.UK One Login, proving your identity and enabling you to reuse that proven identity, and fraud monitoring, the legal basis is that it is necessary for the performance of a task carried out in the public interest or the exercise of our functions as a government department.

Special category data

If you prove your identity using the GOV.UK Identity Check app, you will do a likeness check which will involve processing your facial biometric data. Under UK Law, biometric data is classed as special category data and the Cabinet Office is required to have an additional legal basis to process it. The Cabinet Office processes biometric data on the legal basis that the processing is necessary for reasons of substantial public interest. UK Law also requires the Cabinet Office to meet a specific substantial public interest condition from the UK Data Protection Act 2018. The Cabinet Office relies on the following 2 conditions:

• statutory and government purposes for identity checking (paragraph 6, schedule 1, Data Protection Act 2018)
• preventing or detecting unlawful acts for fraud detection and prevention (paragraph 10, schedule 1, Data Protection Act 2018)

We ask that you do not share any sensitive information about yourself when you contact us for help or to give feedback. If you choose to provide such information we process it on the legal basis that the processing is necessary for reasons of substantial public interest. In addition we rely on the statutory and government purposes condition in the Data Protection Act 2018.

Who we share your information with

Sharing your information with online government services and the departments that run them

When you sign in or prove your identity with GOV.UK One Login, we send the online government service that you are trying to access the following information:

• the result of your identity check
• reasons for failure, if applicable
• information that enables the other government service to match you against their records, which typically includes your name, date of birth and address

Other government services process the data we share with them as independent data controllers under a Memorandum of Understanding (MoU) we have with them. Each online government service will have its own terms and conditions and privacy notice. You should read these as well as the GOV.UK One Login terms and conditions and this privacy notice, so that you understand how your personal information is managed.

Government Gateway

Government Gateway is HMRC’s own authentication and identity checking service that enables users to access tax and other services. The GOV.UK ID Check app is integrated into the Government Gateway service, as well as into GOV.UK One Login, and therefore the personal data processing outlined in the relevant sections of this privacy notice applies to Government Gateway users of the app.

Additionally, HMRC conducts their own identity document checks against authoritative government data sources. We therefore share your driving licence and passport information with HMRC to enable them to conduct these checks.

We share the following information from your driving licence with Government Gateway:

• first name
• last name
• date of birth
• driving licence number
• issued by (issuing authority)
• issue number
• issue date
• expiry date

We share the following information from your passport with Government Gateway:

• first name
• last name
• date of birth
• document number
• expiry date
• International Civil Aviation Organisation (ICAO) Issuer code

HMRC processes this data as an independent data controller under a Memorandum of Understanding (MoU) we have with them under and in accordance with their own privacy policies.

Sharing your information to prove your identity

We engage specialist third party identity service providers to conduct individual identity checks on our behalf. We share your personal information with these service providers to enable them to conduct the checks.

These service providers are:

• His Majesty’s Passport Office (HMPO), as an independent data controller under an MoU, to conduct passport genuine document checks. You can read HMPO’s privacy notice
• the Driver and Vehicle Licensing Agency (DVLA), as an independent data controller under an MoU, for GB driving licence genuine document checks. You can read DVLA’s privacy notice
• the Driver and Vehicle Agency Northern Ireland (DVA NI), as an independent data controller under an MoU, for Northern Irish driving licence genuine document checks. You can read DVA NI’s privacy notice
• Experian, as an independent data controller subject to a contract with us, for Knowledge-Base Verification (KBV) and fraud checks. You can read Experian’s consumer privacy notice
• iProov, as a data processor with Veriff and Innovalor as its sub-processors, subject to a contract with us, for biometric likeness checks, genuine document checks and liveness checks
• Post Office, as a data processor with Yoti as its sub-processor, subject to a contract with us, for in-person identity checks

In all cases we only provide the minimum information needed to perform the checks.

Sharing your information to protect against fraud

To protect against crime and fraud, we might sometimes need to share information with:

• government departments that run the services you access though your GOV.UK One Login
• other public sector organisations, such as the Home Office
• law enforcement agencies
• credit reference agencies
• data processors who provide relevant monitoring services

The information we might share includes:

• phone numbers
• email addresses
• IP addresses and geolocations
• unique account identifiers
• information about the devices being used
• identity document details, including name and date of birth
• address history

Sharing your information with our suppliers

We work with technology suppliers, for example we use an external hosting provider and a contact centre provider. We only give our suppliers access to your information if they need it to provide their service. Our suppliers act as data processors and are subject to contracts with us which restrict them to only processing your personal data for the sole purpose of providing their services in accordance with our instructions.

How long we keep your information

We store your personal information for no longer than is reasonably necessary and legally justifiable.

We will keep your GOV.UK One Login for as long as you wish to use it although we will delete it if you do not use it for 3 years.

If you choose to delete your GOV.UK One Login, we’ll delete your account and your proven identity information.

We delete your still photo generated from your selfie video, driving licence images and biometric facial data from Iproov’s systems after 30 days.

The in-person identity check stores your data for 11 days to give you enough time to go to the Post Office to complete your identity check.

We will store the information we collect when you contact us for help for one year. This includes call recordings.

We will keep your feedback data for 2 years.

We will store information about the actions you take when you use your GOV.UK One Login in system logs for 1 year.

We also maintain a secure audit trail of all GOV.UK One Login audit events and activity which we retain for 7 years for fraud monitoring purposes.

GDS does not store or retain the:

• KBV questions we source from credit reference agencies or your answers to those questions
• selfie video you take as part of proving your identity using the GOV.UK Identity Check app

Children’s privacy protection

GOV.UK One Login is not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain information about anyone under the age of 13.

Where your information is processed and stored

All personal data processed directly for the administration of your GOV.UK One Login and for identity checking is stored in the UK or in the European Economic Area (EEA). The EEA has been assessed by the UK Government as having adequate legal protections for data privacy in line with those in the UK.

Data collected by Google Analytics may be transferred outside the European Economic Area (EEA) for processing and some of our suppliers may provide technical support from outside of the EEA. In both cases, we ensure your information is just as well protected, for example by including extra clauses in our contracts with suppliers.

How we protect your personal information and keep it secure

We are committed to doing all that we can to keep your information secure. We have set up systems and processes to prevent unauthorised access or disclosure of your information - for example, we use varying levels of encryption. We also make sure that any third parties that we deal with keep all personal information they process on our behalf secure.

As the owner of your GOV.UK One Login, you also have some responsibility for its security. For example, you should:

• choose a strong password for your GOV.UK One Login and ensure you keep it secure - the UK’s National Cyber Security Centre (NCSC) provides advice on keeping your online accounts secure
• contact us immediately if you suspect that your account has been compromised

Automated decision-making

GOV.UK’s identity checking process is fully automated and therefore the majority of identity checking decisions are based solely on automated processing.

GOV.UK One Login determines what identity checks need to be conducted to prove your identity taking into account the:

• level of confidence services need in your identity
• evidence and documents you have available to prove your identity
• type of device you use, for example a laptop, tablet or smartphone

GOV.UK One Login then directs specialist third party identity service providers to conduct the necessary identity checking. Most of these checks are fully automated without any manual involvement. For the driving licence check conducted using the GOV.UK Identity Check app, if an automated decision cannot be made successfully, a manual checking process is then used.

GOV.UK One Login receives a response from each identity service provider which contains the outcomes of their identity checks and decides whether the outcomes of the completed checks provide the required level of confidence in your identity.

This process is fully automated and may result in users not having their identity proven to the level required by the online government service you are trying to access. If we are not able to confirm your identity we will show you a screen that notifies you of this, provides you with instructions on what you can do next and provides you with a way to contact us.

Individuals or services can ask us to prove that the automated decision has been made correctly and we will generally prove that GOV.UK One Login is functioning as anticipated without error or bias. We may not be able to provide full information about individual identity checking attempts particularly where providing information would interfere with the prevention or detection of fraud or other crime.

Your rights

UK Data Protection Law provides you with a number of rights which you can exercise by contacting the GDS Privacy Office.

You have the right to:

• request a copy of your personal information that we hold
• ask us to change your information if it is wrong or inaccurate
• ask us to delete your information, although we may not be able to delete your information if there is a legal reason for us to retain it
• request a restriction on our use of your information. For example where it is wrong or inaccurate and you would like it to be changed before being used again
• object about how we process your personal data where we process it under the public task or legitimate interests lawful bases
• withdraw your consent where we process your personal data with your consent

Contact us or make a complaint

Contact the GDS Privacy Office if you:

• have a question about anything in this privacy notice
• think that your personal information has been misused or mishandled
• want to make a ‘subject access request‘ to find out more about how your personal information is collected and used

You can also contact our Data Protection Officer (DPO) who provides independent advice and monitoring of our use of personal information:

Data Protection Officer
[email protected]

You can also make a complaint to the Information Commissioner, who is an independent regulator.

Information Commissioner‘s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Email: [email protected]
Telephone: 0303 123 1113
Textphone: 01625 545860
Monday to Friday, 9am to 4:30pm
Find out about call charges

Making a complaint to the Information Commissioner will not affect your rights.

Changes to this notice

We may change this privacy notice. In that case, the ‘last updated’ date of this document will also change. Any changes to this privacy notice will apply to you and your information immediately.

If these changes affect how your personal information is processed, GDS will let you know.

Last updated: 30 October 2023