The Digital ID Bill 2023 (Cth)

On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate.  Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain businesses.  This acts as an alternative to repeatedly providing details or copies of personal and sensitive identification documents with third parties that may be vulnerable to cyber-attacks.

What are the stated objectives of the Digital ID Bill?

While the Australian Government has an existing digital identification system, the Australian Digital ID System (which has been the subject of significant criticism due to its lack of user friendless and poor information architecture), the Digital ID Bills are designed to:

  • “legislate and strengthen a voluntary Accreditation Scheme for digital ID service providers that wish to demonstrate compliance with best practice privacy, security, proofing and authentication standards;
  • legislate and enable expansion of the Australian Government Digital ID System (AGDIS) for use by the Commonwealth, State and Territory governments and eventually private sector organisations;
  • embed strong privacy and consumer safeguards, in addition to the Privacy Act 1988 (Cth) to ensure users are protected; and
  • strengthen governance arrangements for the Accreditation Scheme and the AGDIS, including by establishing the Australian Competition and Consumer Commission (ACCC) as the Digital ID Regulator, and expanding the role of the Information Commissioner to regulate privacy protections for digital IDs. Both these regulators will have a broad range of powers under the Bill, including to issue civil penalties.”[1]

 Ultimately, the Digital ID Bills purported aim is to assist online transactions with government and businesses by providing individuals with secure, voluntary and convenient ways to verify their identity.

What is a Digital ID service provider?

As stated in the Explanatory Memorandum, once the Bill is enacted, accreditation will be available for three (3) kinds of digital ID services:

  • attribute service provider;
  • identity exchange provider; and
  • identity service provider.

These services are found in the federated digital ID system, which involves an identity exchange that facilitates data flows between service providers and the organisations that use their services, which are referred to as “relying parties”.

Relevant definitions contained in clause 9 of the Digital ID Bill

  • Accredited Service means “the services provided, or proposed to be provided, by the entity in the entity’s capacity as a particular kind of accredited entity”.[2]
  • Digital ID means “a distinct electronic representation of the individual that enables the individual to be sufficiently distinguished when interacting online with services”.[3]
  • Digital ID System means “a federation of entities that facilitates or manages the verification of an individual’s identity and/or, after verifying the identity, the authentication of that digital ID or information about the individual”.[4]
  • Digital ID Regulator means “the Australian Competition and Consumer Commission”.[5]
  • Participate means “an entity participates in the Australian Government Digital ID System at a particular time if, at that time: the entity holds an approval under section 62 to participate in the system and either the entity is directly connected to an accredited entity that is participating in the Australian Government Digital ID System or the entity is an accredited entity that is directly connected to a participating relying party”.[6]
  • Personal Information means “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and includes an attribute of an individual”.[7]
  • Relying Party means “an entity that relies, or seeks to rely, on an attribute of an individual that is provided by an accredited entity to provide a service to the individual or enable the individual to access a service”.[8]

What are the expected benefits of the legislation?

It has been stated by the Australian Digital ID System that the accreditation scheme and the AGDIS is predicted to be significantly beneficial to consumers, businesses, the government, and broader economy.

  • For consumers, the introduction of this legislation will ensure that Digital ID providers will be governed by legislation to ensure the privacy and security of Australian users information.
  • For businesses, the introduction of this legislation will result in a simpler way for customers to verify their identity when transacting. In addition, businesses will have access to a market of accredited Digital ID providers that will ease the minds of customers.
  • For the government, the introduction of this legislation will streamline processes across agencies and improve security. This will ultimately make it easier for individuals to access government services and decrease the risk of identity fraud.

How will Digital ID service providers be regulated?

According to the Australian Digital ID System, the ACCC will be appointed as the initial regulator of the Digital ID and will be responsible for:

  • “accrediting Digital ID services against the Digital ID Bill and Accreditation Rules;
  • approving which services can participate in the AGDIS; and
  • using its investigative and compliance powers in the legislation to ensure Digital ID providers and services comply with the legislation to keep people’s information safe.”

Privacy-related aspects of the Digital ID accreditation scheme will be regulated by the Information Commissioner to ensure the protection of individuals choosing to use an accredited Digital ID provider.

Links and further references

Related articles

New privacy bill to be put before commonwealth parliament.

What are adequate cyber security measures?

Evidence in the digital era civil and ip litigation.

Legislation

Digital ID Bill 2023 (Cth).

Explanatory Memorandum to the Digital ID Bill 2023 (Cth).

Australian Government – Digital ID Legislation.

Further information

If your business needs advice on the implementing digital ID confirmation into your business, contact us for a confidential and obligation free and discussion:

Malcolm Burrows Lawyer

 

Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
Telephone: (07) 3221 0013 (Preferred)
Mobile: 0419 726 535
e: mburrows@dundaslawyers.com.au

 

 

Disclaimer

This article contains general commentary only.  You should not rely on the commentary as legal advice.  Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances

 

[1] Explanatory Memorandum, Digital ID Bill 2023 (Cth).

[2] Digital ID Bill 2023 (Cth) s 9.

[3] Digital ID Bill 2023 (Cth) s 9.

[4] Digital ID Bill 2023 (Cth) s 9.

[5] Digital ID Bill 2023 (Cth) s 90.

[6] Digital ID Bill 2023 (Cth) s 9.

[7] Digital ID Bill 2023 (Cth) s 9.

[8] Digital ID Bill 2023 (Cth) s 9.

Send this to a friend