I'm writing my (Canadian) MP to this effect.

There are a lot of issues with the UK approach. Privacy is a big one. But requiring this on every service is both a tax on the service and requires constantly authorizing stuff. That opens up the possibility for scams, data misuse, etc.

And no, saying we said to only use the data for verification clearly doesn't work. It didn't work for discord, or Persona, or Tea or AU10TIX or any others. Verification now means sharing that data with credit agencies and third party databases. Verification means keeping some data to resolve customer support disputes. There's data leakage for training and creating derived data products like biometric embeddings for future use.

Third party verification is a security nightmare.

I don't know why device based approvals abd controls aren't considered at all. Or really any privacy preserving technique.

And all this for ~54% efficacy?