Australians are being asked to share their views on laws concerning the safeguards and protections that will underpin a proposed national digital identity system.
Nearly 75 government services used by millions of Australians already utilise myGovID for online verification purposes, which the government says is ‘highly secure’. This proposed national system is a way of ‘rolling out a whole-of-economy’ version led by the Digital Transformation Agency (DTA) and supported by Services Australia.
Stuart Robert, employment, workforce, skills, small and family business minister, issued a statement on Thursday, indicating that this new scheme would streamline and formalise what was already common government practice.
“Over 2.56 million Australians and over 1.27 million businesses use Digital Identity to access over 75 government services,” Robert said.
“Establishing the right safeguards and protections will lay the foundations for the Digital Identity program and grow the digital economy by improving digital infrastructure.”
According to the federal government, the legislation that will govern the proposed national digital identity system will strengthen data and consumer protections, as well as create a permanent framework for governance and oversight.
It will also lean on existing privacy protections in the Privacy Act, which stipulate user protections including restrictions on data profiling, the collection and use of biometric data, and mandatory ‘express consent’ features before enabling authentication to a service.
Under current myGOVID arrangements, a citizen’s personal data is not shared without their permission. The government says this system puts the user ‘in total control’ while also providing a secure and convenient verification system.
“The legislation will ensure the expansion of the Digital Identity system meets the expectations of all Australians and that users can have confidence in the integrity as the system expands,” Robert added.
“We want a system that Australians can use and trust.”
Under the proposed laws, entities will also be allowed to apply for Trusted Digital Identity Framework (TDIF) accreditation to use the scheme. These entities include state and territory governments and also private companies, who will be subject to an enforceable set of rules based on current standards.
The federal government has released a white paper about the proposed digital identity legislation that outlines the central role of the TDIF standards and additional ministerial powers to issue ‘technical standards’ as to how the technology of the system will work.
“The TDIF makes sure all accredited participants and TDIF providers meet all rules and standards for usability, accessibility, privacy protection, security, risk management, fraud control and more,” the white paper reads.
“These standards are applied consistently across all accredited participants and TDIF providers to provide a fast, safe and seamless experience for users of digital identity.”
Some examples of the technical standards that the minister can issue under the proposed law include standards for security, interoperability and data specifications.
Submissions about the laws will be accepted until 14 July, 2021.