Govt seeks input on digital ID expansion plans
Consultation moves forward with position paper release. The federal government has provided the most comprehensive look at planned legislation for the expansion of its federated digital identity scheme to state and territory governments and the private sector to date.
The Digital Transformation Agency on Thursday released a position paper [pdf] for consultation ahead of the planned introduction of the legislation, dubbed the ‘Trusted Digital Identity Bill’, to parliament in “late 2021”.
It follows a first round of public consultation last year on the development of bill, which will enshrine governance and privacy protections, including some those within the trusted digital identity framework (TDIF), in law.
The legislation is necessary for state and territory governments, as well as the private sector, to apply for accreditation. Only the Australian Taxation Office’s myGovID credential and Australia Post’s Digital iD credential are currently accredited under TDIF.
It is expected to “include subject matter that will not need to regularly change to keep pace with technical developments”, with other rules and other written guidelines and polices to “outline technical information and requirements detailing how the system operates”.
The paper reveals few changes to the scheme's planned whole-of-economy expansion since the first consultation, with privacy and consumer safeguards and plans for an independent Oversight Authority – which will assume the DTA’s interim role – the same.
While the DTA is still “considering which agency is best suited to provide staff to the Oversight Authority”, it has suggested either Treasury, the Australian Competition and Consumer Commission or the Department of Prime Minister and Cabinet.
The planned accreditation of government agencies and private sector firms also remains largely the same, through the DTA appears to have added a second tier for those wanting TDIF accreditation but not wanting – or ready – to participate in the system.
Those entities, dubbed ‘TDIF providers’, will need to meet the same privacy standards as ‘accredited providers’, though will not be subject to the liability and redress framework, charging and most civil penalties.
“This means government bodies or companies which choose to be TDIF-accredited for roles they perform in their own digital identity systems can rely on TDIF accreditation to build trust in their systems without being subject to the entirety of the legislation,” the paper states.
One key change to the proposed legislation is a planned ‘interoperability principle’ that will require “participants generating, transmitting, managing, using or re-using digital identities to provide a seamless user experience with the digital identity system”.
Under the principle, identity providers will be “expected to provide their services to any relying party”, while relying parties will need to “provide their customers with a choice of identity providers”.
The Oversight Authority is expected, however, to offer exemptions to identity providers and relying parties in “limited circumstances” such as when there are “legitimate security concerns warranting an identity provider not to be used by a relying party”.
The position paper also clarifies that participants will not be prohibited from “connecting to and participating in other digital identity systems” after some private sector stakeholders raised concerns during the first round of consultation.
But participants that choose to do so will need “put in place technical and business solutions” that “clearly delineate which digital identity activities are conducted through the digital identity system and through another digital identity system”, for instance.
On the privacy front, state and territory government agencies participating in the scheme “will now have greater ability to adhere to local privacy legislation instead of federal privacy law, where legislation exists in their jurisdiction”.
“This change is designed to provide greater flexibility and autonomy for state and territory agencies to align with other federal legislation and make it easier for state and territory government entities to participate,” the paper states.
Read Full Article: Govt seeks input on digital ID expansion plans