Australia's New Digital ID Explained: Here's What You Need To Know

Ever feel like you're constantly digging for documents to prove who you are? Driver's licence, passport, birth certificate – the list goes on! With the new Digital ID Act 2024, the Australian government is aiming to make that a thing of the past.

Here's a breakdown of what this Act means for you and how it will change the way you verify your identity online:

Digitalising the 100-Point ID System

Australians have traditionally verified their identity for government and private services using a point-based system, or the "100-point ID system."  This involves providing a combination of identity verification documents, that when combined, add up to 100 points. Each document type is assigned a different point value, with ‘stronger’ documents like a passport worth more points than a ‘weaker’ document like a library card. This system has long been a hassle and a security concern for both individuals and service providers for several reasons:

• Time-consuming and frustrating: Gathering and submitting physical documents can mean standing in long queues or having to take time out of your schedule.

• Risk of missing documents: Missing a crucial document with enough points can stall the entire verification process.

• Inefficient for service providers: Manually reviewing and validating numerous documents can be slow and resource-intensive.

• Security concerns: Physical documents could be lost or stolen, and the risk of forgery is always a concern with multiple copies of your documents out in the world.

• Limited data control: Individuals have little control over how their personal information is shared when using physical documents.

In 2015, the Australian Government Digital ID System (AGDIS) launched a government-issued Digital ID called “myGovID”. It was a digital identity solution designed to address some of these challenges.  myGovID allowed users to link their government-issued IDs to a secure online account, enabling access to over 130 government services without the need for physical documents. This was a significant improvement, offering a more convenient and streamlined way to interact with government agencies.

While myGovID was a positive step in the right direction, the Digital ID Act of 2024 builds on this foundation to offer a more comprehensive digital identity system. 

MyGovID vs. Digital ID: What's the Difference?

While myGovID has been a valuable tool for accessing government services online, the new Digital ID system established by the Digital ID Act 2024 offers a broader and more future-proof vision. Here's a breakdown of the key differences that set the Digital ID apart:

Clearer Rules for Service Providers: The Digital ID system operates under a legislated accreditation scheme (which replaces the unlegislated Trust Digital Identity Framework of myGovID). This means all service providers, public and private, must meet stricter security and privacy standards set by law. 

More Roles, More Security: The Act introduces different types of accredited service providers, each with specific tasks. This creates a clearer division of responsibility and helps ensure data is handled securely. It’s like having specialised security teams working together to keep your information safe.

Your Privacy Comes First: The Act places stricter limits on what information digital ID providers can collect and how they use it. You'll have more control over your data and what gets shared.

Independent Regulatory Oversight: The Australian Competition and Consumer Commission has been appointed as the independent Digital ID Regulator, responsible for monitoring the entire system to make sure everyone plays by the rules and protects your privacy.

How would the Digital ID system work?

To get started, users will download an app from an accredited Identity Service Provider (ISP). Currently the only accredited ISP is the Australian Governments myGovID, but this will soon be expanded to include other ISP’s like Verifime. 

Within the app, users will be guided through a secure process to link their government-issued ID documents like a driver’s licence, Medicare card, passport or birth certificate, to their new digital ID.

This linking process involves securely uploading digital copies or scans of the relevant ID documents. The accredited ISP will then verify the authenticity and accuracy of these documents, creating a secure digital credential that represents the user's identity.

Once the digital ID is set up, users will be able to use it to access up to 150 government and commonwealth services initially, with a wide range of private sector services phased in as the system continues to roll out. 

So instead of having to repeatedly provide physical documents, users can simply use the app to share their verified digital credentials with service providers. It’s a convenient and mobile-friendly approach that offers several benefits:

Faster Transactions: By eliminating the need to gather and submit physical documents, users can complete identity verification and access services much more quickly. Imagine renewing your driver's licence or applying for a Centrelink benefit in minutes, all from your smartphone!

Enhanced Security: Digital IDs are less vulnerable to loss, theft, or forgery compared to physical documents. The accredited ISPs also implement robust security measures to protect user data.

Greater Control: Users have the ability to selectively share only the necessary information with service providers, rather than exposing their full set of personal details.

Inclusive Design: The Digital ID system is being designed with accessibility in mind, ensuring it can be used by all Australians, including those with disabilities or limited digital literacy.

Overall, the convenience and ease-of-use of the Digital ID system are significant improvements over the current paper-based system. With a digital ID at your fingertips, you can spend less time managing paperwork and more time enjoying the benefits of a streamlined online experience.

Will your information be safe?

Given the sensitive nature of personal identification information, some Australians may have apprehensions about the security and privacy of the new digital ID system. The Digital ID Act recognises these valid concerns and has established a strong framework to safeguard your data. Let’s take a closer look at what these measures include:

Encryption: Your digital ID credentials are encrypted using the latest security standards, making them unreadable to anyone unauthorised.

Access Controls: Strict access controls limit who can see your information. Only accredited service providers you choose to interact with will have access to specific details needed for the transaction.

Data Minimisation: The system is designed to collect and share only the minimum amount of information necessary. You control what data is released for each transaction, giving you more control over your privacy. Public consultation on data standards is also underway to ensure this principle is strictly enforced.

Restricted Biometric Data Use: The Act limits the use and retention of biometric data collected during the initial verification process (e.g., facial recognition scans). This protects your privacy and ensures this data is not misused. Additionally, companies cannot use this data to discriminate against customers based on their characteristics.

Audit Trails and Logging: All access and use of your digital ID is logged, creating a clear record for accountability and ensuring any misuse can be identified.

Penalties for Breaches: Civil penalties are in place to deter security breaches and misuse of personal information.

Apart from safety and security measures, the Act also emphasises putting users in control of their digital identity.  This means:

Voluntary Participation: Using a digital ID is completely voluntary. You can continue to use traditional paper-based methods if you prefer.

Choice of Accredited Providers: You can choose the accredited provider whose app you want to use for your digital ID.

Data Sharing Control: You decide what information is released for each interaction with a service provider.

The Road Ahead and Key Features

While it’s currently in the implementation phase, the Digital ID system is expected to commence in December 2024. It will be rolled out in four phases, starting with strengthening the foundations and increasing the adoption of myGovID in Commonwealth, state, and territory government services.

Importantly, the Act states that creating and using a Digital ID must be voluntary, ensuring that individuals have the choice to participate. The system is also designed to be more inclusive, with the Digital ID Regulator responsible for overseeing and enforcing compliance with accessibility requirements.

Here’s a quick overview of the key features of the new Digital ID system:

• Expanded Scope: Gradually enabling the use of digital IDs across both government and private sector services.

• Legislated Accreditation: Providing a stronger regulatory framework for digital ID service providers.

• Enhanced Privacy Safeguards: Strict obligations on accredited providers to protect sensitive personal information.

• Focus on data privacy: The Act emphasises strong privacy safeguards. Collection and disclosure of personal information is strictly controlled. You can set time limits on your consent to share information and easily withdraw consent at any time.

• Security measures in place: There are civil penalties for breaches of the system's safeguards, and biometric data is only stored for a short period.

• Voluntary and inclusive: Using a digital ID is completely voluntary. You can continue to use traditional paper-based methods if you prefer. There will also be alternative channels for those who cannot access the digital system.

• Not a replacement, but an alternative: Your digital ID won't replace your physical documents like passports or birth certificates. It's simply another way to verify your identity securely.

• Phased rollout: The initial rollout focuses on government services by December 2024. The private sector can join the system by December 2026.

Frequently Asked Questions about the New Digital ID System

Is creating and using a Digital ID mandatory?

No, the Act specifically states that a business must not, as a condition of providing a service, require an individual to create or use a Digital ID. Creating and using a Digital ID must be voluntary.

What happens to my physical documents?

Your Digital ID won't replace your physical documents. It simply provides another secure way to verify your identity online.  You'll still need physical documents for certain situations, like international travel.

How will the new system protect my personal information?

The Act introduces strict privacy obligations for accredited digital ID service providers, including restrictions on collecting sensitive personal information and requirements for express consent before disclosing certain data. These safeguards operate in addition to the existing Australian Privacy Principles.

Will I be able to use my Digital ID across different government and private sector services?

Yes, the Act's phased expansion of the AGDIS aims to enable the use of both public and private sector digital IDs across government and private sector services, improving interoperability and user convenience.

What if I don't have a smartphone or reliable internet access?
The Digital ID system is being designed with accessibility in mind. While the app is the primary method, alternative channels are being explored for those who cannot access the digital system. You can contact the Digital ID Regulator for more information on these alternatives.

Who are the accredited service providers for the Digital ID system?
Currently, the only accredited service provider is the Australian Government's myGovID. However, the system is designed to be open to other accredited providers in the future. Companies like VerifiMe are expected to become accredited service providers as the system expands, offering users more services and a wider choice of options for managing their Digital ID.