Commonwealth Bank proposes industry self-regulation for Australia-wide digital ID

Others, such as Telstra and Australia Post, think it would be best to have an independent oversight body instead.
Written by Asha Barbaschow, Contributor

The Digital Transformation Agency (DTA) has been working on Australia's digital identity system for a number of years, going live with the myGovID -- developed by the Australian Taxation Office -- and accrediting an equivalent identity service from Australia Post last year.

The myGovID and the Australia Post Digital ID are essentially forms of digital identification that allow a user to access certain online services, such as the government's online portal myGov.

There has been conversation around extending digital ID to allow the private sector and state government entities to develop their own platform, but legislation is required to allow such participation. The DTA has been consulting on how to best shape the legislation, proposing, among other things, an oversight body to provide "effective governance" of the digital identity system.

The legislation is aimed at providing a permanent, independent Oversight Authority body or bodies with responsibility for the governance of the system, but the Commonwealth Bank of Australia (CBA) has suggested that oversight is best left to existing, broad-based regulators and, where possible, industry self-regulation.

"For instance, the Office of the Australian Information Commissioner is best placed to review matters relating to privacy; the Australian Cyber Security Centre is best places to assist victims of cyber crime, and so on," the bank wrote in its submission [PDF] to the DTA.

CBA believes that because certain consumers will potentially interact with different providers -- both government and private sector, alongside existing regimes such as the Consumer Data Right -- the "proliferation of regulators in the data economy would likely create confusion in the minds of citizens and increase barriers to redress".

To the extent that an oversight committee is needed, CBA has recommended limiting its functions to interactions with participants, rather than to end users.

Telstra, meanwhile, used its submission [PDF] to focus on the idea that trust in the framework by users will be key to its success.

"It will be of vital importance for users to know that their personal information is safe, and can only be used in the way they authorise," the telco wrote.

In this respect, it supports a governance and oversight body "that is truly independent -- and, importantly, is also perceived to be independent".

Although already accredited under the system, Australia Post agreed that a new, independent oversight body is required.

"Australia Post agrees that a new independent Oversight Authority should be created to oversee the system at the appropriate time. We believe a new body is best suited to navigate future challenges and opportunities," it said in its submission [PDF].

"We believe an Oversight Authority should be made up of a representative group of participants, including non-government perspectives."


Editorial standards