The Guardian • Issue #1986

Digital identity exposure draft is too light on the details

The federal government has recently asked for public feedback on proposed new laws that would see sweeping changes to how digital identification records are kept and managed in Australia. Digital rights advocacy groups such as “Digital Rights Watch” have raised several concerns and recommendations to ensure Australian’s digital identities remain safe.

Currently, Australians can utilise a digital identity to access eighty different government services, such as Medicare, Centrelink or the Australian Tax Office, through the utilisation of a “myGovID.” The Digital Transformation Agency (DTA), responsible for drafting the new legislation, states that they are seeking to “enable more state and territory services, as well as the private sector, to participate in the System.” For those less concerned about their online digital presence, this could be seen creating greater convenience when it comes to identifying themselves online across a broader range of service providers, which could now include private companies that could receive accreditation.


Many commentators have highlighted the potential risks that the new legislation poses if they are not handled correctly. Kelsie Nabben from the Digital Ethnography Research Centre at RMIT University raises concerns such as being “opaque on details, particularly regarding the proposed use of new technologies such as biometric matching”, and that it “potentially creates a “honeypot” of personal data stored in a centralised database that would offer a tempting target for cyber criminals.”

Other concerns included not being “clear how the trustworthiness of third-party identity verification providers who store these data will be verified and guaranteed;” the “potential lack of accountability for third-party access, on selling, and monetisation of data;” and that perhaps most importantly it would lead to the “establishment of a centralised ‘oversight authority’ – an archaic approach that disempowers individuals from owning their personal information.”


Digital Rights Watch is an Australian-based charity organisation formed in the wake of the mandatory metadata retention scheme in 2016. They claim their role is to “ensure fairness, freedoms and fundamental rights for all people who engage in the digital world.” As part of the government’s recent call for public consultation to the Digital Identity Exposure Draft, they penned and publicised a response which made a few recommendations.

Some of these include the introduction of “robust data protection and handling rules for accredited entities”; ensuring accredited entities have a requirement on “not sharing the data with third parties (and data brokers); and not aggregating it or merging it with other datasets”. They also highlighted the need to “ensure that the digital identity framework remains truly voluntary” and that it would “maintain analogue pathways for individuals to interact with, and use, services”. However, their biggest concern seems to be the fear that digital identity data would be used for law enforcement purposes and how this may play out in the real world.


Governments around the world are charged with the implementation of systems and processes that enable society to function as effectively, efficiently, and equitably as possible. Recognising the need for updated privacy laws that better reflect the digital transformation already happening across our society would be an example of our government doing just that.

Concerns arise, however, when we consider the class character of the Australian government, that it is a government that works in the service of their largest donors – the multinational corporations – as well as following the diktats of the US government. So, whilst the need arises to make our daily lives more convenient, the devil is often in the detail, and digital rights advocacy groups, as well as unions and other working-class organisations, are charged with ensuring that any legislation that brings about said convenience doesn’t do so at the cost of our rights to privacy and other digital rights more broadly.

The Guardian can also be viewed/downloaded in PDF format. View More