The Information Commissioner's Office ('ICO') published, on 22 April 2021, a blog post by Steve Wood, Deputy Commissioner (Executive Director, Regulatory Strategy) on the role of data protection as an enabler of trust and confidence in the implementation of digital identity systems. In particular, the blog outlines, among other things, that such systems must recognise risks of fraud and security and that the ICO welcomes the opportunity to provide regulatory advice on how the UK Government's identity and attributes trust framework should address data protection. As a result, the ICO issued its position paper on the UK Government's proposal for a trusted digital identity system, noting that the framework is currently in an alpha working version that will be continually updated to include, for instance, feedback from the Department for Digital, Culture, Media and Sport ('DCMS'). More specifically, the position paper encourages the suggested decentralised approach of the framework which supports the embeddedness of Data Protection by Design. Furthermore, the position paper recommends, among other things:

• establishing robust governance and clear accountability;
• establishing that any system be user-centric, including boundaries around who controls personal data and how it is used and gathered;
• implementing effective measures to address data protection risks that relate to data minimisation and purpose limitation; and
• that organisations operating in the trust framework must have appropriate technical and organisational security measures in place to protect the contained personal data.

You can read the blog here and the position paper here.