13 Jan 2022

How AI is being used to verify real identities online

Guest blog: Matthew Peake, Onfido's Global Director of Public Policy looks at the role of personal data in helping Onfido improve the algorithms used to verify real identities online.

About Onfido

Onfido is a global  identity verification provider, headquartered in the UK that uses AI and biometric technology to confirm real identities online. This allows its customers to remotely verify and authenticate their users in a safe, secure way that fully respects  their privacy.



Use of personal data

Onfido processes personal data in order to provide its services, and further uses this data to test and improve its technology, in particular the algorithms it uses. This use of data is fundamental to driving improvements and innovation that improve outcomes for both our customers and wider society. It is therefore very important that such activities linked to important public interests are explicitly recognised as lawful in the legal framework.

Public benefits associated with our services

There is a clear public interest associated with our services, not least because they are a vital tool in the fight against fraud. Our service identifies fraudsters and bad actors, and confirms whether identity documents are valid across the world. In doing so the Onfido solution demonstrably boosts consumer protection, trust and inclusion. Many financial services customers use Onfido services to help comply with their regulatory obligations associated with fraud prevention, in particular anti-money laundering and know-your-customer rules.



Barriers to data use

For companies that do not have a direct relationship with end users there is a great reliance on customers to give notice to and collect consent from end users. This creates barriers under existing laws where, in Onfido’s case, our clients may have to describe in detail how Onfido may use data for testing and research purposes. We need to see a greater level of flexibility in the legislative framework to alleviate some of this friction whilst maintaining adequate safeguards. Any reform should make it clear that consent is not the only basis on which organisations should rely and that, subject to suitable safeguards, there may be other appropriate bases. 

Further clarity would also assist businesses to be able to explain with more certainty and security to data subjects how data has been further processed, without re-seeking consent in the event of a subject data access request. 

This blog is part of a series exploring the UK's upcoming reform to its data protection regime. Learn more here.


Matthew Peake

Matthew Peake

Global Director of Public Policy, Onfido

Matt is Onfido's Global Director of Public Policy. He has nearly 20 years experience in public policy roles in telecoms and technology. Prior to Onfido, he spent over 10 years as Head of Policy for UK and Ireland at Verizon, the US tech giant, overseeing policy across a range of areas including digital competition, cyber security and privacy. Matt holds a law degree (UEA), MBA (Henley Business School), post-graduate diploma in Competition Law (Kings College) and diploma in business international relations and the political economy (London School of Economics).


Related topics