“Part 1 - Definitions

Data Protection and Digital Information Bill – in the House of Commons am 1:20 pm ar 29 Tachwedd 2023.

Danfonwch hysbysiad imi am ddadleuon fel hyn

1 These Principles are limited to the processing of Identity Assurance Data (IdA Data) in an Identity Assurance Service (e.g. establishing and verifying identity of a Service User; conducting a transaction that uses a user identity; maintaining audit requirements in relation a transaction associated with the use of a service that needs identity verification etc.). They do not cover, for example, any data used to deliver a service, or to measure its quality.

2 In the context of the application of the Identity Assurance Principles to an Identity Assurance Service, “Identity Assurance Data” (“IdA Data”) means any recorded information that is connected with a “Service User” including—

“Audit Data.” This includes any recorded information that is connected with any log or audit associated with an Identity Assurance Service.

“General Data.” This means any other recorded information which is not personal data, audit data or relationship data, but is still connected with a “Service User”.

“Personal Data.” This takes its meaning from the Data Protection Act 2018 or subsequent legislation (e.g. any recorded information that relates to a “Service User” who is also an identified or identifiable living individual).

“Relationship Data.” This means any recorded information that describes (or infers) a relationship between a “Service User”, “Identity Provider” or “Service Provider” with another “Service User”, “Identity Provider” or “Service Provider” and includes any cookie or program whose purpose is to supply a means through which relationship data are collected.

3 Other terms used in relation to the Principles are defined as follows—

“save-line2Identity Assurance Service.” This includes relevant applications of the technology (e.g. hardware, software, database, documentation) in the possession or control of any “Service User”, “Identity Provider” or “Service Provider” that is used to facilitate identity assurance activities; it also includes any IdA Data processed by that technology or by an Identity Provider or by a Service Provider in the context of the Service; and any IdA Data processed by the underlying infrastructure for the purpose of delivering the IdA service or associated billing, management, audit and fraud prevention.

“Identity Provider.” This means the certified individual or certified organisation that provides an Identity Assurance Service (e.g. establishing an identity, verification of identity); it includes any agent of a certified Identity Provider that processes IdA data in connection with that Identity Assurance Service.

“Participant.” This means any “Identity Provider”, “Service Provider” or “Service User” in an Identity Assurance Service. A “Participant” includes any agent by definition.

“Processing.” In the context of IdA data means “collecting, using, disclosing, retaining, transmitting, copying, comparing, corroborating, correlating, aggregating, accessing” the data and includes any other operation performed on IdA data.

“Provider.” Includes both “Identity Provider” and/or “Service Provider”.

“Service Provider.” This means the certified individual or certified organisation that provides a service that uses an Identity Provider in order to verify identity of the Service User; it includes any agent of the Service Provider that processes IdA data from an Identity Assurance Service.

“Service User.” This means the person (i.e. an organisation (incorporated or not)) or an individual (dead or alive) who has established (or is establishing) an identity with an Identity Provider; it includes an agent (e.g. a solicitor, family member) who acts on behalf of a Service User with proper authority (e.g. a public guardian, or a Director of a company, or someone who possesses power of attorney). The person may be living or deceased (the identity may still need to be used once its owner is dead, for example by an executor).

“Third Party.” This means any person (i.e. any organisation or individual) who is not a “Participant” (e.g. the police or a Regulator).