Digital Identity Legislation Synthesis Report

A summary of the feedback provided in response to the Digital Identity Legislation Consultation Paper – Phase 1

Summary

Digital Identity helps more Australians gain faster and more convenient access to a wider range of online services, with the assurance their personal information is safeguarded.

As Digital Identity expands, it will save time and money for people starting a new business or those who need access to government payments and services. Digital Identity removes the need to produce important documents each time you access a government service, and in the future it may expand to whole of economy to more online services.

The Digital Transformation Agency (DTA) has been seeking community views on proposed legislation that will support and strengthen an expanded Digital Identity system in Australia. This has included a consultation paper on the proposed legislation, which has resulted in 44 submissions from Australians and Australian businesses.

This is the first step in a comprehensive consultation process to make sure Digital Identity continues to meet the needs and expectations of all Australians. Additional consultation phases will occur throughout 2021 as the DTA continues to develop the legislation.

The response to this initial phase of consultation has been overwhelmingly positive – with strong support for the expansion of Digital Identity, and for parts of the system to be enshrined in legislation.

Key themes which have emerged through the consultation include:

  • Governance of the system
  • Liability framework
  • Administration of charges for Digital Identity
  • Scope of the legislation and interoperability with other systems
  • Privacy and other safeguards
  • Consistency of laws.

More detail on stakeholder views in relation to these issues is outlined below. These stakeholder views will be used by the DTA as we continue to develop the Digital Identity legislation.

Background

The need for legislation

There have been 3 primary reasons for exploring legislation:

  • ensuring Digital Identity continues to meet the needs and expectations of the community
  • enshrining strict privacy and consumer safeguards into law
  • creating permanent governance arrangements that protect you should you choose to create and use your Digital Identity.

It’s important that all parts of the Digital Identity system are bound by privacy, consumer, governance standards and protections that meet the expectations of Australians.

As the Digital Identity system expands to the whole-of-economy to include more online services, it’s important that legislation is in place to ensure a high standard of security and care. For example, legislation will ensure that identity providers used to verify and create a Digital Identity are accredited by the Commonwealth Government. Equally, it is critical that the services and businesses that consume Digital Identity comply with laws such as the Privacy Act or equivalent state and territory legislation.

Why your feedback matters

Since 2015 the DTA has been engaging with the Australian public to build a Digital Identity system that is aligned with community expectations. Between 16 November and 18 December 2020, the DTA commenced public consultation with the release of the Digital Identity Background Paper and Consultation Paper. This report summarises all the submissions that have been received and highlights the key themes and topics that have emerged during the consultation process.

Overview

The response to this initial phase of consultation has shown strong support for the expansion of Digital Identity, and for the system to have protections enshrined in legislation. Throughout the consultation process we have engaged with approximately 300 stakeholders across Australia. Stakeholders have included:

  • Australian, state and territory governments
  • the private sector
  • industry associations
  • individuals and consumer groups.

The DTA hosted 5 webinars which were attended by 110 stakeholders. We received 44 submissions to the Digital Identity Legislation Consultation Paper, 16 from Australian, state and territory governments, 20 from the private sector, including industry associations, and 8 from individuals and consumer groups.

The Digital Identity legislation consultation highlights near uniform agreement on the immense value of the Digital Identity system, and the need for legislation to govern the system.

Image title: Digital Identity legislation consultation highlights. Throughout the Digital Identity legislation consultation process we engaged with about 300 stakeholders.  The DTA hosted 5 webinars where 110 stakeholders attended.  44 submissions to the Consultation Paper were received, including 16 from Australian, state and territory governments, 20 from the private sector, including industry associations, and 8 from individuals and consumer groups.  Seven submissions were received from the ACT, 17 from New South Wales, 1 from Northern Territory, 1 from Queensland, 1 from South Australia, 1 from Tasmania, 6 from Victoria and 2 from Western Australia.  Seven submissions received from unknown locations and one was from an other location.

The Digital Identity legislation consultation highlights near uniform agreement on the immense value of the Digital Identity system, and the need for legislation to govern the system.

Key themes

Governance of the system

Effective governance of the Digital Identity system is essential to developing and maintaining operational efficiency and giving Australians full confidence in the system and its capabilities. The legislation will provide for a permanent, independent Oversight Authority body or bodies with responsibility for the governance of the system.

The submissions suggested a strong interest in the topic of governance, in particular the proposed Oversight Authority and its functions. Submissions often emphasised the need for the Oversight Authority to report regularly and be independent. Many submissions also put forward ideas in relation to the composition of the Oversight Authority, which ranged from utilising existing bodies to establishing new independent entities.

Liability framework

Extending the system to provide for state and territory government and private sector participation requires the development of an appropriate liability framework. This framework needs to clearly articulate when a participant is liable for losses suffered by another and must compensate them (known as a ‘liability framework’). Appropriate mechanisms for non-financial redress should also be incorporated into the Digital Identity legislation.

There was consensus that a clear and fair liability framework would be important. We received different views on the extent to which participants should be liable for losses suffered by others under the Digital Identity system. Private sector entities tended to support a limited or no liability approach, particularly in circumstances where an entity has complied with the legislation. Several submissions from private sector stakeholders suggested the issue should be left to existing law. In contrast, individuals supported a more thorough liability regime. In addition, some submissions highlighted that the Digital Identity legislation could leverage existing liability arrangements, and only introduce rules to address gaps in current liability regimes.

Administration of charges for Digital Identity

The Digital Identity system is free to use for individuals and businesses who need to prove their identity – all of the costs to date to build the system have been borne by the Commonwealth Government. Through the consultation process, the DTA has been interested in hearing views on whether public and private sector organisations should be charged for wanting to join or access services through the Digital Identity system.

The submissions indicate that most stakeholders are seeking more information on a charging approach and model. Private sector entities had an interest in understanding how they may be charged under such a framework, together with a strong emphasis on the need for market-based pricing that promotes competition. Government and consumer advocates emphasised the need for the Digital Identity system to be free or low-cost for users and to promote inclusion. There was also support for a standard set of principles for charging. The feedback from the consultation proved that there was not enough information in the Consultation Paper to form an approach or model that could inform a charging framework and that further consultation on this is needed.

Scope of the legislation and interoperability with other systems

Digital identity is a key component of the broader digital economy. As more transactions move from physical, face-to-face interactions to online, and with the digital economy emerging as a key driver of economic growth in the COVID-19 recovery, interoperability becomes increasingly important.

The submissions highlighted a significant interest in how the Commonwealth Government’s Digital Identity system, including its participants, would interact with other systems. Some stakeholders emphasised the need to be clear about the scope of the Digital Identity system. This included whether individuals are allowed to have multiple digital identities and whether the Digital Identity system would be interoperable with other domestic and international systems.

Many submissions agreed that the framework needed to be flexible and forward-looking given the rapidly evolving nature of technology, with differing views on how this could be achieved through legislation.

Private sector entities emphasised the need for maintaining the rules in policy. Others suggested that the provisions in the primary legislation needed to be flexible enough to allow for new rules to be created as needed. Private sector and industry groups also emphasised the need for legislation with a narrower scope – specifically, that the legislation should not cover all digital identity systems nor create a single Digital Identity system.

State and territory governments and information/privacy commissioners generally advocated for the legislation to be wider in scope, and to cover matters such as consumer and privacy safeguards, security, accessibility, and usability matters. Choice and voluntary adoption of the Digital Identity system were highlighted as issues to be legislatively protected.

Privacy and other safeguards

A key rationale for the Digital Identity legislation is the opportunity to enshrine key privacy and consumer safeguards in law, to ensure those standards cannot change without public scrutiny.

Submissions reinforced this point with strong support for privacy and consumer safeguards, specifically the additional privacy safeguards proposed in the Consultation Paper and enshrining these safeguards within the legislation. Particular areas of interest related to consumer protections include single identifiers, consent requirements, opt-out functionality and the use of biometric information.

Submissions confirmed widespread support for the idea that the Commonwealth’s Digital Identity system should be voluntary. Many submissions called out that, by extension, providers must offer alternative channels to access their services apart from Digital Identity.

Consistency of laws

While support for consumer protections was strong, a majority of respondents indicated that such protections should not conflict with or create a system parallel to existing laws, in particular the Commonwealth Privacy Act 1988. Reasons provided ranged from consumer understanding and rights, to business efficiency and reducing red tape. State government submissions were particularly interested in how the legislation would harmonise with their local legislation.

Next steps

The feedback will help us ensure we get the Digital Identity legislation right. This is the first step in a comprehensive consultation process to make sure Digital Identity continues to meet the needs and expectations of all Australians. Following this consultation period we will:

Synthesis report next steps timeline: Consider feedback from the consultation process and develop position paper. Engage in targeted consultation on key issues through a position paper. Commence the development of draft legislation.

Set it up once, and then reuse it whenever you are asked to prove who you are.

How to create your Digital Identity
Hands holding a smartphone that is displaying a key on the screen
Back to top