Threads / Privacy notice: Making public services work for you with yo…
Other Published 10 Mar 2026 Cabinet Office Home Affairs Committee Home Office Science, Innovation and Technology Committee Secondary Legislation Scrutiny Committee ↗ View on GOV.UK

Privacy notice: Making public services work for you with your digital identity

The Cabinet Office privacy notice published alongside the March 2026 national Digital ID consultation, setting out how respondents' personal data is processed, retained (18 months) and used to inform development of the national digital ID system.

▤ Verbatim text from source document

Privacy Notice for Digital ID Consultation If possible, we ask respondents not to include any information that could
identify

them

or

other

individuals

within

this

consultation.

Where

this

is

not

possible

and

personal

data

is

included

in

relation

to

consultation

responses,

the

below

notice

will

apply.
This notice sets out how we will use your personal data, and your rights. It is
made

under

Articles

13

and/or

14

of

the

UK

General

Data

Protection

Regulation

(UK

GDPR).

The Cabinet Office (CO) and The Department for Science, Innovation, and
Technology

(DSIT)

are

Joint

Controllers

for

this

activity.

The

Cabinet

Office

is

acting

as

the

primary

contact

for

data

subjects.

YOUR DATA Purpose We are running a public consultation in respect of proposals for a national
digital

identity

system

so

that

government

can

gather

views

from

individuals,

organisations,

and

stakeholders

on

the

proposals

including,

how

digital

ID

should

be

used

in

the

UK,

what

information

it

should

contain,

the

methods

through

which

it

can

be

used

and

how

it

can

be

designed

to

be

inclusive.

The

purpose

is

to

understand

public

attitudes,

identify

concerns,

and

collect

evidence

that

will

help

inform

future

policy

development

in

this

area.

To

do

this,

we

will

be

collecting

consultation

responses

through

three

routes:
● An online survey platform ● Email submissions to a dedicated consultation mailbox ● Postal responses Most questions in the consultation ask for opinions on the proposed national
digital

ID

system.

To

understand

how

views

may

differ

across

different

groups,

the

survey

also

includes

optional

demographic

questions,

such

as

age,

gender,

ethnicity,

region,

household

income,

digital

exclusion,

smartphone

ownership,

education

status,

employment

level

and

disability.

When

responding

as

an

organisation

or

an

individual

expert

(academics

and

researchers),

there

will

be

an

option

to

provide

a

name

and

contact

email

address.

This

contact

email

address

may

in

some

cases

constitute

personal

data

and

it

may

be

used

to

contact

you/your

organisation

about

your

survey

responses.
Otherwise, we are not requesting or requiring names, email addresses, postal
addresses,

phone

numbers,

or

any

directly

identifying

information

in

the

survey

itself.

However,

respondents

may

choose

to

include

personal

information

in

their

free

text

answers,

even

though

we

do

not

ask

for

it.

Email

and

postal

addresses

may

also

be

provided

when

using

an

email

or

postal

response route.

As

part

of

this

project,

we

will

collect,

store,

and

analyse

the

consultation

responses.

This

will

include

using

generative

AI

capabilities

to

analyse

and

summarise

responses

and

help

us

to

handle

consultation

responses

efficiently

and

accurately.

This

will

also

include

generating

statistical

information

based

on

themes,

for

example

the

proportion

of

responses

referring

to

a

specific

topic.

We

may

also

use

responses

to

ensure

that

we

improve

how

we

process

consultation

responses

as

we

develop

DSIT’s

products.

A

redaction

tool

will

be

used

to

anonymise

consultation

responses

before

they

are

used

to

develop

DSIT’s

products.

Any

personal

data

that

is

incidentally

included

in

consultation

responses

will

not

be

used

to

identify

individuals

or

make

decisions

about

them.

We

may

contact

individuals

who

respond

in

an

organisational

or

academic

capacity

who

have

indicated

in

their

consultation

response

that

they

are

open

to

being

contacted.

The data Where individuals identify themselves in their responses, we may process the
following

personal

data

where

it

has

been

provided:

● Opinions on digital identity (which may include political opinions) ● Age ● Disability related information ● Ethnicity ● Information on sex and gender ● Geographic region ● Internet accessibility and whether internet is used ● Device ownership ● General employment details ● Organisation (when responding on behalf of an organisation) ● Email addresses (where provided in an email response or through the
survey

platform

when

responding

as

an

organisation

or

individual

expert

-

academic/researcher)
● Name (where provided by an individual expert - academic/researcher) ● Physical address (where provided in a postal response) ● IP addresses and cookies are processed on the survey platform We will also process any other personal data that is incidentally provided in
consultation

responses.
Where your personal data has not been provided directly by you, it has been
provided

by

another

party

responding

to

this

consultation.
Legal basis of processing The legal basis for processing your personal data is it is necessary for
performance

of

a

task

in

the

public

interest

under

Article

6(1)(e)

UK

GDPR,

in

this case that is the development of the proposals for a national digital ID
system.
Sensitive personal data is personal data revealing racial or ethnic origin,
political

opinions,

religious

or

philosophical

beliefs,

or

trade

union

membership,

and

the

processing

of

genetic

data,

biometric

data

for

the

purpose

of

uniquely

identifying

a

natural

person,

data

concerning

health

or

data

concerning

a

natural

person's

sex

life

or

sexual

orientation

(see

Article

9

UK

GDPR).

The

legal

basis

for

processing

your

sensitive

personal

data,

or

data

about

criminal

convictions

(where

it

is

volunteered),

is

that

it

is

necessary

for

reasons

of

substantial

public

interest

for

the

exercise

of

a

function

of

the

Crown,

a

Minister

of

the

Crown,

or

a

government

department

(paragraph

6,

schedule

1,

Data

Protection

Act

2018).

The

function

is

consulting

on

policies

or

proposals,

or

obtaining

opinion

data,

in

order

to

develop

good

effective

policies.
Recipients Where an online response is submitted, your personal data will be shared by
us

with

our

survey

platform

supplier

(SmartSurvey)

who

acts

as

a

data

processor

acting

under

CO

and

DSIT

instructions.
In all cases, your personal data will be stored on CO and DSIT IT
infrastructure

and

will

be

shared

with

our

data

processors

who

provide

email

and

document

management

and

storage

services.

This

will

also

include

data

processors

providing

AI

capabilities

for

the

purposes

of

analysing

consultation

responses.

Our

suppliers

act

as

data

processors

and

are

subject

to

contracts

with

us

which

restrict

them

to

only

processing

your

personal

data

for

the

sole

purpose

of

providing

their

services

in

accordance

with

our

instructions.
We will not sell your personal data. Your data will also be shared between the Joint Controllers. The data may be shared with other public bodies or organisations for example
Crown

bodies

or

government

departments

where

necessary

for

performance

of

their

functions

in

order

to

support

digital

ID-related

policy

development

such

as

the

Home

Office.
We may share your personal data where required by law, for example in
relation

to

a

request

made

under

the

Freedom

of

Information

Act

2000.

But

we

will

only

do

this

where

it

would

not

breach

your

rights

under

data

protection

law.
Retention

Your personal data will be reviewed for deletion after 18 months. We will
retain

the

responses

in

identifiable

format

for

18

months

for

the

purposes

of

informing

the

development

of

the

national

digital

ID

system.

After

that

they

will

be

deleted

unless

they

are

of

sufficient

historic

value

that

they

should

be

preserved

as

part

of

the

public

record

(e.g.

responses

from

some

organisations

or

parliamentarians). YOUR RIGHTS You have the right to request information about how your personal data are
processed,

and

to

request

a

copy

of

that

personal

data.

You have the right to request that any inaccuracies in your personal data are
rectified

without

delay.

You have the right to request that any incomplete personal data are
completed,

including

by

means

of

a

supplementary

statement.

You have the right in certain circumstances (for example, where accuracy is
contested)

to

request

that

the

processing

of

your

personal

data

is

restricted.

You have the right to object to the processing of your personal data. INTERNATIONAL TRANSFERS As your personal data is stored on CO and DSIT Corporate IT infrastructure,
and

shared

with

our

data

processors,

it

may

be

transferred

and

stored

securely

outside

the

UK.

This

will

only

be

the

case

where

it

is

lawful

to

do

so,

for

example

where

it

will

be

subject

to

equivalent

legal

protection

through

an

adequacy

decision,

reliance

on

Standard

Contractual

Clauses,

or

reliance

on

a

UK

International

Data

Transfer

Agreement.
COMPLAINTS If you consider that your personal data has been misused or mishandled, you
may

make

a

complaint

to

the

Information

Commissioner,

who

is

an

independent

regulator.

The

Information

Commissioner

can

be

contacted

at:

Information

Commissioner's

Office,

Wycliffe

House,

Water

Lane,

Wilmslow,
Cheshire, SK9 5AF, or 0303 123 1113, or icocasework@ico.org.uk. Any complaint to the Information Commissioner is without prejudice to your right to
seek

redress

through

the

courts.

CONTACT DETAILS The lead data controller for your personal data and primary contact for data
subject

rights

requests

is

the

Cabinet

Office.

The

contact

details

for

the

Cabinet Office areCabinet Office, 70 Whitehall, London, SW1A 2AS, or 0207 276 1234, or you can use this webform. The contact details for the Cabinet Office’s Data Protection Officer are: dpo@cabinetoffice.gov.uk. The Data Protection Officer provides independent advice and monitoring of
Cabinet

Office’s

use

of

personal

information.
The DSIT Data Protection Officer (DPO) contact details are: DSIT Data Protection Officer Department for Science, Innovation and Technology 22-26 Whitehall London SW1A 2EG Email dataprotection@dsit.gov.uk CHANGES TO THIS NOTICE We may modify or amend this privacy notice at our discretion at any time, for
example,

if

there

is

further

lawful

processing

that

is

required.

When

we

make

changes

to

this

notice,

the

last

modified

date

at

the

top

of

this

page

will

be

updated.

Any

modification

or

amendment

to

this

privacy

notice

will

be

applied

to

you

and

your

data

as

of

that

revision

date.

If

these

changes

affect

how

or

why

your

personal

data

is

processed,

the

Joint

Controllers

will

take

reasonable

steps

to

make

sure

you

know.