On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate. Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain businesses. This acts as an alternative to repeatedly providing details or copies of personal and sensitive identification documents with third parties that may be vulnerable to cyber-attacks.
What are the stated objectives of the Digital ID Bill?
While the Australian Government has an existing digital identification system, the Australian Digital ID System (which has been the subject of significant criticism due to its lack of user friendliness and poor information architecture), the Digital ID Bills are designed to:
- “legislate and strengthen a voluntary Accreditation Scheme for digital ID service providers that wish to demonstrate compliance with best practice privacy, security, proofing and authentication standards;
- legislate and enable expansion of the Australian Government Digital ID System (AGDIS) for use by the Commonwealth, State and Territory governments and eventually private sector organisations;
- embed strong privacy and consumer safeguards, in addition to the Privacy Act 1988 (Cth) to ensure users are protected; and
- strengthen governance arrangements for the Accreditation Scheme and the AGDIS, including by establishing the Australian Competition and Consumer Commission (ACCC) as the Digital ID Regulator, and expanding the role of the Information Commissioner to regulate privacy protections for digital IDs. Both these regulators will have a broad range of powers under the Bill, including to issue civil penalties.”[1]
Ultimately, the Digital ID Bills purported aim is to assist online transactions with government and businesses by providing individuals with secure, voluntary and convenient ways to verify their identity.
What is a Digital ID service provider?
As stated in the Explanatory Memorandum, once the Bill is enacted, accreditation will be available for three (3) kinds of digital ID services:
- attribute service provider;
- identity exchange provider; and
- identity service provider.
These services are found in the federated digital ID system, which involves an identity exchange that facilitates data flows between service providers and the organisations that use their services, which are referred to as “relying parties”.
Relevant definitions contained in clause 9 of the Digital ID Bill
- Accredited Service means “the services provided, or proposed to be provided, by the entity in the entity’s capacity as a particular kind of accredited entity”.[2]
- Digital ID means “a distinct electronic representation of the individual that enables the individual to be sufficiently distinguished when interacting online with services”.[3]
- Digital ID System means “a federation of entities that facilitates or manages the verification of an individual’s identity and/or, after verifying the identity, the authentication of that digital ID or information about the individual”.[4]
- Digital ID Regulator means “the Australian Competition and Consumer Commission”.[5]
- Participate means “an entity participates in the Australian Government Digital ID System at a particular time if, at that time: the entity holds an approval under section 62 to participate in the system and either the entity is directly connected to an accredited entity that is participating in the Australian Government Digital ID System or the entity is an accredited entity that is directly connected to a participating relying party”.[6]
- Personal Information means “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and includes an attribute of an individual”.[7]
- Relying Party means “an entity that relies, or seeks to rely, on an attribute of an individual that is provided by an accredited entity to provide a service to the individual or enable the individual to access a service”.[8]
What are the expected benefits of the legislation?
It has been stated by the Australian Digital ID System that the accreditation scheme and the AGDIS is predicted to be significantly beneficial to consumers, businesses, the government, and broader economy.
- For consumers, the introduction of this legislation will ensure that Digital ID providers will be governed by legislation to ensure the privacy and security of Australian users information.
- For businesses, the introduction of this legislation will result in a simpler way for customers to verify their identity when transacting. In addition, businesses will have access to a market of accredited Digital ID providers that will ease the minds of customers.
- For the government, the introduction of this legislation will streamline processes across agencies and improve security. This will ultimately make it easier for individuals to access government services and decrease the risk of identity fraud.
How will Digital ID service providers be regulated?
According to the Australian Digital ID System, the ACCC will be appointed as the initial regulator of the Digital ID and will be responsible for:
- “accrediting Digital ID services against the Digital ID Bill and Accreditation Rules;
- approving which services can participate in the AGDIS; and
- using its investigative and compliance powers in the legislation to ensure Digital ID providers and services comply with the legislation to keep people’s information safe.”
Privacy-related aspects of the Digital ID accreditation scheme will be regulated by the Information Commissioner to ensure the protection of individuals choosing to use an accredited Digital ID provider.
Links and further references
Legislation
Explanatory Memorandum to the Digital ID Bill 2023 (Cth)
Australian Government – Digital ID Act 2024
Further information about digital ID confirmation
If your business needs advice on implementing digital ID confirmation, contact us for a confidential and obligation-free discussion:
Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au
Disclaimer
This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.
[1] Explanatory Memorandum, Digital ID Bill 2023 (Cth).
[2] Digital ID Bill 2023 (Cth) s 9.
[3] Digital ID Bill 2023 (Cth) s 9.
[4] Digital ID Bill 2023 (Cth) s 9.
[5] Digital ID Bill 2023 (Cth) s 90.
[6] Digital ID Bill 2023 (Cth) s 9.
[7] Digital ID Bill 2023 (Cth) s 9.
[8] Digital ID Bill 2023 (Cth) s 9.
Related insights about digital ID confirmation
-
Federal parliament passes cyber security laws
On 25 November 2024, the Australian Parliament passed a suite of legislation, collectively referred to by the Australian Government as the Cyber Security Legislative Package 2024. The purported impetus for this legislation was a series of high-profile data breaches in 2022 and 2023.
-
The Digital ID Bill 2023 (Cth)
On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate. Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain…
-
Misinformation and Disinformation Bill 2023 – exposure draft
The Communications Legislation Amendment (Combatting Misinformation and Disinformation) Bill 2023 (Cth) (Misinformation Bill) was announced by the Department of Infrastructure, Transport, Regional Development, Communication and the Arts (DITRDCA) in January 2023. The Misinformation Bill is aimed at restricting the flow of misinformation and disinformation by providing the Australian Communications and Media Authority (ACMA) with increased…
-
National Classification Scheme – proposed federal reforms
Albanese Government announces intention to reform National Classification Scheme, proposing R18+ for games simulating gambling and M for computer games with paid loot boxes/in-game purchases linked to chance. Learn more about proposed reforms and if simulated gambling needs to be addressed.
-
Australian legislation addresses loot boxes in video games
The Classification (Publications, Films and Computer Games) Amendment (Loot Boxes) Bill 2022 (Bill) has been tabled in the House of Representatives on the 28 November 2022. The private member’s Bill acts in response to growing support for the regulation of features and elements within video games which appear to simulate gambling.
-
Digital Games Tax Offset proposed by Albanese
The Albanese Labor Government has proposed a Digital Games Tax Offset (DGTO) of 30%, encouraging the growth of the digital games industry in Australia. Learn more about the DGTO and how it will create more jobs and international competitiveness.
-
Influencers finally regulated when promoting therapeutic goods
The Therapeutic Goods Advertising Code 2021 (Cth) (2021 TGA Code) brings regulations for social media endorsements of therapeutic goods. Learn more about the changes and how to ensure compliance before they take effect on 1 January 2022.
-
Registration of .au domain names – what does this mean for businesses?
There is only seven (7) days left to make your priority application for your .au domain name. From 21 September 2022, anyone can apply to have your .au domain, and you don’t want that! Any person with a verified connection to Australia will be able to apply for a domain name ending in .au, also…
-
Cryptocurrency and hacking offences introduced to Parliament
The Crimes Legislation Amendment (Ransomware Action Plan) Bill 2022 is set to revolutionize the way cybercrime is prosecuted. Learn more about the changes it brings and the implications they have.
