Something for the Weekend - Why We Should Build on Authentication Rather than ID. Pain Points From the UK, Learnings From Estonia

The UK’s current digital‑identity push is being judged against Estonia’s model, but the comparison often misses the crucial legal scaffolding that makes Estonia’s system work. In Estonia, every data exchange is anchored in a law debated in parliament, with two independent bodies—the Justice Chancellor and the national audit office—monitoring compliance. This creates a transparent "once‑only" principle: once the state collects a piece of information, citizens never have to re‑provide it, dramatically cutting administrative friction and building public trust.

For Britain, the focus on a physical BritCard and a single digital identifier has sparked a massive public backlash, evidenced by a petition that gathered nearly 3 million signatures. Critics argue the debate is mis‑directed; the real obstacle is the lack of a clear authorization regime that separates data‑access decisions from individual agencies. By establishing a statutory framework that defines who can request what data, and by empowering an independent ombudsman to enforce it, the UK could shift the narrative from surveillance to service, easing concerns over privacy while delivering tangible benefits such as faster tax filing and streamlined welfare claims.

Adopting Estonia’s approach does not require blockchain or exotic tech—just robust public‑key encryption, a nationwide cybersecurity baseline, and, most importantly, a cultural shift toward marketing the system as an authentication tool rather than an all‑encompassing identity. When citizens see immediate gains—like three‑minute online tax returns or instant benefit enrollment—they are more likely to trust the underlying infrastructure. For policymakers, the lesson is clear: prioritize authorization, embed legal safeguards, and let the technology serve the citizen, not the other way around.