Digital ID Bill 2024

Currently listed as a Bill (after “enacted” becomes an Act) [bold underline emphasis added] https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd2324a/24bd058

As passed (after third reading) (no Royal Assent yet): https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22legislation%2Fbills%2Fs1404_third-senate%2F0000%22;rec=0

Digital ID Bill 2024, as passed 15.5.2024 (no Royal Assent yet):

29 Digital IDs must be deactivated on request as passed 15.5.2024 (no change from earlier versions)

Division 6—Other matters relating to accreditation
29 Digital IDs must be deactivated on request
(1) This section applies if an accredited identity service provider generates a digital ID of an individual.
(2)  The accredited identity service provider must, if requested to do so by the individual, deactivate the digital ID of the individual as soon as practicable after receiving the request.
(3)  If a digital ID of an individual is deactivated under subsection (2), the digital ID of the individual:
(a)  must not be used by the accredited identity service provider for verifying the identity of the individual or authenticating a digital ID of the individual; and
(b)  if it can be reactivated, must not be reactivated by the accredited identity service provider without the express consent of the individual.

74 Creating and using a digital ID is voluntary prior to final reading:

Division 5—Other matters relating to the Australian Government Digital ID System
74 Creating and using a digital ID is voluntary
Creating and using a digital ID is voluntary
(1) A participating relying party must not, as a condition of providing a service or access to a service, require an individual to create or use a digital ID.
Note: The effect of this subsection is that a participating relying party that provides a service, or access to a service, must provide another means of accessing that service that does not involve the creation or use of a digital ID through the Australian Government Digital ID System.
(1A) A participating relying party is taken to contravene subsection (1) if:
(a) the participating relying party provides the service, or access to the service, by means other than the creation or use of a digital ID through the Australian Government Digital ID System; and
(b) either of the following apply:
(i) the other means is not reasonably accessible;
(ii) using the other means results in the service being provided on substantially less favourable terms.
Exceptions
(2) Subsection (1) does not apply to a service of a participating relying party if:
(a) the service provides access to another service; and
(b) the individual can access the other service by means other than the creation or use of a digital ID through the Australian Government Digital ID System; and
(c) the other means is reasonably accessible; and
(d) using the other means does not result in the other service being provided on substantially less favourable terms.

74 Creating and using a digital ID is voluntary (as passed, significant additions)

74   Creating and using a digital ID is voluntary

Creating and using a digital ID is voluntary

 (1)  A participating relying party must not, as a condition of providing a service or access to a service, require an individual to create or use a digital ID.

Note:  The effect of this subsection is that a participating relying party that provides a service, or access to a service, must provide another means of accessing that service that does not involve the creation or use of a digital ID through the Australian Government Digital ID System.

(1A)  A participating relying party is taken to contravene subsection (1) if:

                     (a)  the participating relying party provides the service, or access to the service, by means other than the creation or use of a digital ID through the Australian Government Digital ID System; and

                     (b)  either of the following apply:

                              (i)  the other means is not reasonably accessible;

                             (ii)  using the other means results in the service being provided on substantially less favourable terms.

Exceptions

             (2)  Subsection (1) does not apply to a service of a participating relying party if:

                     (a)  the service provides access to another service; and

                     (b)  the individual can access the other service by means other than the creation or use of a digital ID through the Australian Government Digital ID System; and

                     (c)  the other means is reasonably accessible; and

                     (d)  using the other means does not result in the other service being provided on substantially less favourable terms.

Example:    To open a bank account, ABC Bank requires new customers to verify their identity. ABC Bank allows customers to do this in person at each branch of ABC Bank or alternatively by using the bank’s online application service, which requires the use of a digital ID. Jacob wants to open a bank account with ABC Bank but he does not wish to use his digital ID to do so. Because Jacob can verify his identity by going to his nearest branch instead, ABC Bank does not contravene subsection (1).

             (3)  Subsection (1) does not apply if:

                     (a)  the participating relying party is providing a service, or access to a service, to an individual who is acting on behalf of another entity in a professional or business capacity; or

                     (b)  the participating relying party holds an exemption under subsection (4).

Exemptions

             (4)  Subject to subsection (6), the Digital ID Regulator may, on application by a participating relying party, grant an exemption under this subsection to the participating relying party if the Digital ID Regulator is satisfied that it is appropriate to do so.

Note:          See Part 5 of Chapter 9 for matters relating to applications.

          (4A)  In deciding whether to grant an exemption under subsection (4), the Digital ID Regulator must have regard to whether granting the exemption in relation to the participating relying party’s service would unduly undermine access to services of that kind.

             (5)  Without limiting subsection (4), the Digital ID Regulator may be satisfied that it is appropriate to grant an exemption if:

                     (a)  the participating relying party is a small business (within the meaning of the Privacy Act 1988 ); or

                     (b)  the participating relying party provides services, or access to services, solely online; or

                     (c)  the participating relying party is providing services, or access to services, in exceptional circumstances.

             (6)  However, the Digital ID Regulator must not grant an exemption under subsection (4) to a participating relying party that is:

                     (a)  a Commonwealth entity, or a Commonwealth company, within the meaning of the Public Governance, Performance and Accountability Act 2013 ; or

                     (b)  a person or body that is an agency within the meaning of the Freedom of Information Act 1982 ; or

                     (c)  a body specified, or the person holding an office specified, in Part I of Schedule 2 to the Freedom of Information Act 1982 .

             (7)  An exemption under subsection (4):

                     (a)  must be in writing; and

                     (b)  may be revoked by the Digital ID Regulator if the Digital ID Regulator considers it appropriate to do so.

             (8)  The Digital ID Regulator must:

                     (a)  give written notice of a decision to grant, or to refuse to grant, the exemption to the participating relying party; and

                     (b)  if the decision is to refuse to grant the exemption—give reasons for the decision to the participating relying party.

Posted by PMA admin