Cth Releases Draft Trusted Digital Identity Bill for Public Consult
Friday 15 October 2021 @ 4.14 p.m. | Legal Research
On 1 October 2021, Federal Minister for Employment, Workforce, Skills, Small and Family Business Stuart Robert released the Draft Trusted Digital Identity Bill 2021 (Cth) (‘the Draft Bill’) for public consultation.
The Draft Bill belongs to a package of legislative reforms that aim to outline the technical integration requirements or technical features for entities to onboard to the Australian Government Digital Identity System.
OBJECTS OF THE BILL
The Draft Bill states under clause 3(1) that its objectives are:
"(a) to provide individuals with a simple and convenient method for verifying their identity in online transactions with government and businesses, while protecting their privacy and the security of their personal information;
(b) to promote economic advancement by building trust in digital identity services;
(c) to facilitate economic benefits for, and reduce burdens on, the Australian economy by encouraging the use of digital identities, online services and the interoperability of systems using digital identities;
{d) to provide a digital identity system that will enable innovative digital sectors of the Australian economy to flourish."
TWO SCHEMES
Central to the Draft Bill are two proposed schemes:
- the Trusted Digital Identity Framework ('TDIF') accreditation scheme; and
- the Trusted Digital Identity system.
The accreditation scheme is for providers of identity services and is based on the Australian Government’s existing TDIF. The system, on the other hand, will be run by the Australian Government and is intended to become the primary source of digital identity services for Australian Government entities.
THE TRUSTED DIGITAL IDENTITY FRAMEWORK ACCREDITATION SCHEME
According to the Guide released alongside the Draft Bill:
“Under the Bill, Australian Government, state and territory governments, Australian companies and foreign companies registered with the Australian Securities and Investments Commission (ASIC) can apply for accreditation.”
The Draft Bill proposes the creation of a new independent statutory office holder called the Oversight Authority. As part of its responsibilities, the Oversight Authority would be required to assess and determine accreditation applications. The Oversight Authority would have the power to grant accreditation subject to certain conditions.
According to the guide, once an entity receives accreditation, they must adhere to:
- "the additional privacy safeguards in the Bill [if passed]
- consumer safeguards relating to children, deactivation of digital identities and accessibility of services
- requirements relating to coverage by the Privacy Act
- requirements relating to data breach reporting
- TDIF accreditation rules
- requirements relating to the use of trustmarks".
The Draft Bill also proposes provisions regarding notice requirements and processes for revocation and suspension of accreditation.
TRUSTED DIGITAL IDENTITY SYSTEM
An entity may be involved in the proposed Trusted Digital Identity system as either:
- An onboarded accredited entity; or
- A participating relying party.
Under the proposed system, an entity cannot provide identity services until it is first accredited and onboarded. The Draft Bill provides mandatory considerations, which the Oversight Authority must take into account when making an onboarding application and the types of conditions the Oversight Authority can impose on an onboarded accredited entity.
The guide explains that conditions may include:
-
"relevant consumer safeguards for the trusted digital identity system, including interoperability
-
contacting people using their service if there is a digital identity fraud incident or cyber security incident affecting them and offer other support to users
-
adhering to the proposed charging framework
-
adhering to any further rules in the TDI rules."
A participating relying party is defined as a consumer of identity services and may also apply to be onboarded to the trusted digital identity system. As consumers rather than providers, participating relying parties would be subject to less onerous obligations compared to onboarded, accredited entities.
Further details for submissions for the Draft Bill and its explanatory materials can be found on the Commonwealth Government website.
TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products. Nothing on this website should be construed as legal advice and does not substitute for the advice of competent legal counsel.
Sources:
[Draft] Trusted Digital Identity Bill 2021 (Cth) and additional explanatory materials available from TimeBase's LawOne service