Australia senators stress accreditation for digital ID service providers

Australia’s long, long walk toward implementation of a digital ID scheme has taken another step. A release from the Australian government says the publication of the Senate Standing Committee on Economics’ report on the Digital ID Bill 2023 marks “another big milestone” for national digital identity. The report includes an analysis of the legal impact of the Bill on biometrics use.

Per the report, “the Digital ID bill would establish new primary legislation to legislate and expand the Australian Government Digital ID System (AGDIS), which currently exists in an unlegislated form, and would provide a legislative basis for the accreditation of providers of digital ID services. The Digital ID bill would also establish privacy and consumer protections additional to those in the Privacy Act 1988 and would ensure these protections are implemented through establishing a Digital ID Regulator, a Systems Administrator and a Data Standards Chair.”

Getting accreditation of digital identity providers right is a key focus of the report. Provisions applied to verification, digital ID or identity exchange service providers “are intended to ensure providers meet privacy, security and accessibility requirements.” A Digital ID Regulator – named as the Australian Competition and Consumer Commission (ACCC) – will be responsible for ensuring that only trustworthy and reliable private and public entities are accredited, and for revoking or suspending accreditation in scenarios where the provider fails to meet the relevant standards.

Safeguards, of course, are in place to limit the ways in which certain personal information is used and retained in the digital ID system. On top of existing regulations enshrined in the Privacy Act, the Digital ID bill would put additional restrictions on the collection of biometric information. “One-to-many matching using biometric information would be prohibited under subclause 48(3),” says the report. “However, this does not limit subclause 48(1), which would allow the use or disclosure of biometric information if authorized under clause 49 or 50. For example, it appears that paragraph 49(3)(a) would allow disclosure of biometric information to a law enforcement agency for one-to-many matching where the disclosure is required or authorized by or under a warrant issued under a law of the Commonwealth, state or a territory.”

In other words, the situation is typical: biometric data collection and one-to-many facial recognition are not allowed – except when they are, usually as requested by law enforcement.

Laws around retention are clearer, specifying that any biometric information collected must be destroyed after its intended use, unless express consent for retention is provided. If consent is withdrawn, the biometric data must be erased. These safeguards are part of the effort to address concerns about misuse, bias, consent, and the potential inaccuracy of biometric technology raised by the bill’s opponents.

Critics say phased approach freezes out private sector

Another major concern is based less in regulation and more in the rollout of the digital ID program. A dissenting report from coalition senators recommends getting rid of the phased approach that would limit private sector participation until the final phase. “It’s unacceptable that businesses, particularly fintechs, have been left in the dark on when their participation in the AGDIS will occur,” says the report. “Without the involvement of the private sector, the main objectives of lower prices and innovation will be defeated.”

There is also lingering concern about consistency with the Privacy Act, and an emphasis on making sure the overhaul of the Act is completed before digital ID is formally launched. Another critique focuses on consent, and recommends that “the bill be amended to raise the consent from express to active consent on each occasion, or once for a repetitious action, such as credit card transaction provided provision is made for withdrawing that consent.”

Despite the dissenting opinions, however, Australia is well on its way to a national digital ID program, one step at a time.

Article Topics

Australia  |  Australian Competition and Consumer Commission (ACCC)  |  Australian Government Digital Identity System (AGDIS)  |  biometrics  |  digital ID  |  digital identity  |  identity verification  |  legislation  |  regulation