The Digital Transformation Agency says feedback on proposed new digital identity laws shows strong support for expanding the system in Australia.
Results of the survey are included in a report released by the DTA on feedback it received during consultation for the proposed legislation, which would more deeply entrench digital identity systems in government.
The DTA says expanding digital identity will increase the efficiency of government payments and services “and in the future it may expand to whole of economy to more online services”.
The DTA says it received 44 submissions after inviting feedback on the proposed legislation last November.
The response to this initial phase of consultation has been overwhelmingly positive – with strong support for the expansion of Digital Identity, and for parts of the system to be enshrined in legislation.
Digital Transformation Agency
The responses show strong support for the expansion of Digital Identity, it says.
“The response to this initial phase of consultation has been overwhelmingly positive – with strong support for the expansion of Digital Identity, and for parts of the system to be enshrined in legislation,” the agency says
Key themes being explored include governance and oversight of the system, liability for loss or damage under a digital identity system, whether users of the digital identity system should be charged, privacy and safeguards and interoperability with other systems across jurisdictions.
‘Security and privacy failings’
However not all submissions match the rosy picture painted by the DTA.
A submission by two academics who have investigated the current Trusted Digital Identity Framework (TDIF), which is designed to establish a national approach to operating digital identities, says the framework contains “a number of serious security and privacy failings”.
“Neither the TDIF’s high level design nor its implementation by the ATO (myGovID) meet their intended security goals,” Vanessa Teague, CEO of Thinking Cybersecurity at the ANU and University of Melbourne researcher Ben Frengley write.
The system should be “abandoned and redesigned from scratch,” they say.
Privacy protections
The NSW Information and Privacy Commission says in its submission that privacy and consumer protections are essential in building trust in the system.
The IPC says new legislation must ensure that digital identity is voluntary and must protect against commercialisation of information and individual profiling.
“A specific mechanism enabling an individual to opt-out of the system after they have created a Digital Identity should also be included in the legislation,” Privacy Commissioner Samantha Gavel writes.
The Office of the Australian Information Commissioner (OAIC) says it supports the “ongoing development and proposed codification of the system, with the aim of providing individuals with a safe, simple and secure
way to verify their identity online.”
However its submission notes decreasing levels of trust information handling by government.
It says its latest Australian Community Attitudes to Privacy Survey showed a 14 per cent drop in trust in federal government departments since 2007.
The commission submits that digital identity legislation should explicitly limit the collection, use and disclosure of personal information, and puts itself forward to become the system’s official watchdog.
“The OAIC recommends that it be empowered to oversee and enforce the privacy aspects of the system,” the submission says.
Additional consultation phases on the legislation, including on a model for charging framework, will occur throughout 2021 as the DTA continues to develop the legislation.
work together to arrive at a solution.
Given this is a very significant issue for everyone I agree with Raymonds comments. I notice that it appears that canvassing of local government does not appear to have been undertaken in the consultations unless it was done under the umbrella of State Governments.I would suggest that if this is not the case each municipality in the country should be offered the opportunity to make a submission via there peak associations to the DTA as the depth of there experience in IT/Privacy/ Information management is wide and valued greatly in the digital world.They deal with robust standards developed by their respective Public Records Agencies and have well qualified staff operating in the digital space