Legal Identity

There is no single document that establishes the legal identity of an individual in Australia.^[1] While legal identity begins with birth registration, several documents (known as Commencement of Identity documents) may be used as proof of legal identity.^[2] These include a birth certificate, Australian passport, Australian Citizenship Certificate, ImmiCard issued by the Department of Home Affairs, and the Australian visa used upon entry into Australia with the foreign passport as supporting documentation.^[3] While birth certificates in Australia do not prove citizenship or by themselves constitute legal identity, a birth certificate is a mandatory document to apply for citizenship.^[4]

Digital ID Overview

Digital ID in Australia has been developed with an aim to securely verify one’s identity to access services online.citation_5 The Australia Digital ID System (AGDIS) uses ‘MyID’ as its digital ID app.citation_6 MyID evolved from myGov and is designed to be a functional ID system.citation_7 MyID is delivered by a number of agencies that work together to verify one’s identity to access government services online.citation_8 From December 2024, government bodies at federal, state, and territory levels can participate in AGDIS.citation_9 By 2026, the system aims to be open to private sector participants, with a hope to give individuals greater options when choosing a provider to create their digital ID for accessing certain government services.citation_10 The Government claims that by gradually expanding AGDIS, it can maintain its safety and security while new types of entities begin participating.citation_11

The digital ID in Australia is completely voluntary citation_12 and currently no business can mandate a digital ID requirement to access their services.citation_13 AGDIS is also not a marker of citizenship in Australia and non-citizens can get access to digital ID, as long as they have a valid visa for the country.citation_14 However, considering that there is no special visa category for the stateless population in Australia, possessing a valid visa would be difficult.citation_15 It also remains to be determined if stateless individuals can get access to digital ID systems, considering they often lack foundational identity documents such as birth certificates, passports, drivers’ licenses, etc.citation_16 Currently, there are approximately 130 services attached to AGDIS citation_17, where depending on the strength of the digital ID, various services such as postal services, applying for a rental property, medicare, etc. can be accessed.citation_18 There are three levels of strength (level of authentication) of digital ID, where the basic strength (lowest) only requires a name, date of birth, as well as an email ID.citation_19 Strong, the highest level of authentication requires verification of the Australian passport, a face verification check, along with any one of the following: citizenship certificate, drivers’ license, Medicare card.citation_20 The basic strength digital ID can be accessed by individuals who do not have the requisite documentation, but the services linked to the basic digital ID in Australia are limited. They do albeit include access to services such as finding temporary employment through elections as well as accessing the Health Data Portal and Electronic Child Abuse Report Line (to report non-urgent child abuse).citation_21

However, social care services, which include disability support pensions, job seeker payments, child support provided by Centrelink, as well as the Employment Services System, Humanitarian Settlement Programme, among others, are only accessible through either a Strong identity strength digital ID system or a Standard identity strength digital ID system.citation_22 A Strong identification system provides access to all participating government online services, upon verification of an individual’s passport along with either one’s citizenship certificate or driver’s license/learning permit, or a Medicare card.citation_23

The Australian government has actively sought public input during the formulation of the digital ID framework, where between 2023 and 2024, the drafts of the Digital ID Bill and associated rules were released for public consultation.citation_24 The Department of Finance conducted over 30 public consultation sessions on the draft law, including webinars, roundtables, and bilateral meetings engaging more than 250 stakeholders. They received 42 detailed submissions and 27 web-form comments from various parties, including digital ID service providers, industry associations, consumer groups, privacy advocates, and individuals.citation_25 The requirement of undertaking consultations is also mandated in the Digital ID Act, which mandates the Minister to consult organizations representing individuals who may experience barriers when creating or using a digital ID, ensuring that their perspectives are considered.citation_26

Law

Domestic law and policy

The cornerstone of Australia’s digital ID system is the Digital ID Act (2024), which, along with the Digital ID (Transitional and Consequential Provisions) Act (2024), establishes the legislative basis for the Australian Government Digital ID System (AGDIS).^[27] The Digital ID Act is a legislation to ensure the safe use of digital ID systems from accredited digital ID providers. The operation of the Digital ID Act is supported by “Accreditation Rules, Accreditation Data Standards, Digital ID Rules and AGDIS Data Standards (the rules and standards)”.^[28] Digital ID of an individual in the law is defined as, “a distinct electronic representation of the individual that enables the individual to be sufficiently distinguished when interacting online with services.”^[29]The legislative framework does not establish a linkage between digital ID and citizenship, as proving citizenship is not a prerequisite for obtaining a digital ID.^[30]

Data Protection

Data privacy in Australia is governed through multiple legislations at federal, state, and territory levels. These include federal Privacy Act (1988) as well as the Australian Privacy Principles (APP) contained in the Privacy Act.OAIC, ^[31] The Act was amended in 2024 through the Privacy and Other Legislation Amendment Act (Privacy Amendment Act), which will primarily come into effect in 2025.^[32] There are also other reforms in the Privacy Amendment Act scheduled for this year.^[33] Strong safeguards, in particular on privacy and security, are established in both the Digital ID Act as well as the Privacy Act which provides for penalties for accredited providers, in case they do not comply with government set standards of accessibility, usability, privacy, etc.^[34]

The Privacy Act also outlines the Australia Privacy Principles (‘APP’), which set standards for the collection, use, and disclosure of personal information by government agencies and certain private sector organizations as well as creates obligations around an organisation’s “governance and accountability, integrity and correction of personal information, and the rights of individuals to access their personal information”.^[35] Australia initially leaned toward a centralised approach.^[36] However, there were significant concerns raised by civil society on centralisation, considering all of the collected data was meant to be stored on a central system, making it more vulnerable to data breaches.^[37] A centralised model beyond breaches would also have been exposed to ‘function creep’, which creates conditions for an agency to use data for purposes not aligned with what the data was collected for, resulting in potential grounds for surveillance, profiling, etc.^[38] This led to Australia creating a federated identity ecosystem of digital ID, which allows for decentralisation of data, securing it further and creating fair competition.^[39]

Further, unlike Europe’s General Data Protection Regulation, the Privacy Act doesn’t give people strong personal rights over their data. For example, an individual does not have the right to erase their data.^[40] They also do not have the right to object if their data is being used in a way they disagree with and cannot easily move their data to another service (no “data portability”).^[41] There is also further flexibility and risk of abuse in digital ID systems as the Privacy Act only states that data should be collected by “fair and lawful means” and for a purpose related to the organisation’s work, unlike the GDPR which requires a clear legal basis for each use of data (like consent or public interest).^[42] Positively, the Digital ID Act mentions that law enforcement agencies cannot access information without a warrant or unless they have explicit consent from the individual to do so.^[43] The Privacy Act also provides for strict obligations against handling and collecting certain sensitive information (such as a person’s sexual orientation or political opinions) and also requires explicit consent of the digital ID holder to share that information with external AGDIS entities.^[44] In case there are concerns related to privacy, a complaint can be filed against the digital ID company.^[45] If the issue continues to persist, one can contact the Australian Information Commissioner and lodge a complaint by filling out the privacy complaint form, in accordance with the Privacy Act, 1988.^[46]

International Commitments

Australia is also a signatory to several key international human rights treaties, such as the ICCPR, CERD, CRC, CEDAW, CRPD, among others. These treaties place binding responsibilities on Australia that are relevant to the right to nationality and the protection of stateless individuals. Notably, these obligations “apply to all individuals within Australian territory”, including non-citizens and stateless persons.^[47] Australia has not ratified any other specific treaty or legislation in relation to digital ID, aside from committing to the Sustainable Development Goals, more particularly SDG 16.9 which have come to be synonymous with ensuring legal identity for persons in a digital format.^[48] Furthermore, as an OECD member, Australia claims to be committed to aligning its digital services (including digital identity) with OECD’s Recommendation of the Council on Digital Government Strategies (2014) and later guidelines.^[49] They prioritise inclusion, minimising barriers to access digital identity, interoperability and openness, data minimisation and privacy. OECD,^[50]

Designed to Include?

The Impact of Digital ID and Legal Identity on Citizenship and Nationality Rights

As per the Digital ID Act (2024) and its accompanying regulations, digital ID is voluntary and can be issued to individuals who meet identity verification requirements, regardless of their citizenship status, as previously mentioned.^[51] Eligibility for a digital ID depends on the ability to provide acceptable identity documents, which may include visas, passports, and other government-issued As per the Digital ID Act (2024) and its accompanying regulations, digital ID is voluntary and can be issued to individuals who meet identity verification requirements, regardless of their citizenship status, as previously mentioned. Eligibility for a digital ID depends on the ability to provide acceptable identity documents, which may include visas, passports, and other government-issued documents—not necessarily proof of citizenship.^[52] However, in practice, stateless persons often lack foundational identity documents that are required for acquiring a digital ID within AGDIS.^[53] Without them, stateless individuals may find it difficult to create a digital ID. However, having or not having a digital identity has no impact on an individual’s citizenship or access to services and currently all individuals have alternate ways of accessing services linked with AGDIS (as long as they are legally eligible for it).^[54]. Furthermore, currently there are alternative pathways to access all services that can be accessed through AGDIS in Australia.^[55] In terms of privacy standards, the Digital ID Act provides a federated system which prohibits data aggregation, and asks for identity attributes limited to the services being provided for.^[56] This also reduces the chances of profiling, identity theft, as well as cross-service tracking.^[57] Considering this is a pilot phase of digital ID in Australia and has been in implementation only since December 2024, potential implications on exclusion remain to be seen.

References

1.^

NSW Government, ‘Understanding Identity | NSW Government’ (17 December 2020) https://www.nsw.gov.au/nsw-government/nsw-government-identity-strategy/understanding-identity accessed 7 May 2025.

2.^

NSW Government, ‘Understanding Identity | NSW Government’ (17 December 2020) https://www.nsw.gov.au/nsw-government/nsw-government-identity-strategy/understanding-identity accessed 7 May 2025.

3.^

NSW Government, ‘Understanding Identity | NSW Government’ (17 December 2020) https://www.nsw.gov.au/nsw-government/nsw-government-identity-strategy/understanding-identity accessed 7 May 2025.

4.^

Department of Home Affairs, ‘Form 1300t: Application for Australian Citizenship’ 3 https://immi.homeaffairs.gov.au/form-listing/forms/1300t.pdf accessed 14 May 2025.

27.^

‘Australia’s Digital ID System’ (Government of Australia) https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf.

28.^

Australian Government, ‘What Is the Digital ID Act 2024 | Digital ID System’ https://www.digitalidsystem.gov.au/what-is-digital-id/digital-id-act-2024 accessed 13 May 2025.

29.^

Section 9, Digital ID Act 2024.

30.^

‘Australia’s Digital ID System’ (Government of Australia) https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf.

31.^

‘Australian Privacy Principles’ (OAIC, 10 March 2023) https://www.oaic.gov.au/privacy/australian-privacy-principles accessed 14 May 2025.

32.^

Parliament of Australia, ‘Privacy and Other Legislation Amendment Bill 2024’ (ParlInfo) https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Fbillhome%2Fr7249%22;rec=0 accessed 19 May 2025.

33.^

DLA Piper, ‘Data Protection Laws in Australia’ (20 January 2025) https://www.dlapiperdataprotection.com/index.html?t=law&c=AU accessed 13 May 2025.

34.^

‘Australia’s Digital ID System’ (Government of Australia) https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf.

35.^

OAIC, ‘Australian Privacy Principles’ (OAIC, 10 March 2023) https://www.oaic.gov.au/privacy/australian-privacy-principles accessed 14 May 2025.

36.^

Ashish Nanda, Jongkil Jay Jeong and Robin Doss, ‘Australia’s New Digital ID Scheme Falls Short of Global Privacy Standards. Here’s How It Can Be Fixed’ (The Conversation, 29 October 2024) http://theconversation.com/australias-new-digital-id-scheme-falls-short-of-global-privacy-standards-heres-how-it-can-be-fixed-241797 accessed 7 May 2025.

37.^

38.^

Michelle Falstein, NSW Council for Civil Liberties, ‘Digital ID Bill and Digital ID Rules’ (10 October 2023).

39.^

‘Australia’s Digital ID System | Department of Finance’ https://www.finance.gov.au/government/australias-digital-id-system accessed 15 May 2025.

40.^

OneTrust DataGuidance and Mills Oakley, ‘Comparing Privacy Laws: GDPR v. Australian Privacy Act’.

41.^

OneTrust DataGuidance and Mills Oakley, ‘Comparing Privacy Laws: GDPR v. Australian Privacy Act’.

42.^

OneTrust DataGuidance and Mills Oakley, ‘Comparing Privacy Laws: GDPR v. Australian Privacy Act’.

43.^

Section 49, Digital ID Act 2024.; Nikhil Dutta and Shabnam Mojtahedi, ‘Navigating the Risks and Rewards of Digital ID Systems’ (Open Government Partnership, 26 March 2024) https://www.opengovpartnership.org/stories/navigating-the-risks-and-rewards-of-digital-id-systems/ accessed 7 May 2025.

44.^

Emma Croft, ‘Australia to Implement Landmark National Digital ID System’ (Bird & Bird, 6 July 2024) https://www.twobirds.com/en/insights/2024/australia/australia-to-implement-landmark-national-digital-id-system accessed 15 May 2025.

45.^

46.^

OAIC, ‘Lodge a Privacy Complaint with Us’ (OAIC, 10 March 2023) https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us accessed 14 May 2025.

47.^

AnnMaree Murray, ‘Statelessness in Australia’ (Melbourne Law School, 24 January 2025) https://law.unimelb.edu.au/centres/statelessness/education/factsheet/statelessness-in-australia accessed 14 May 2025.

48.^

‘Australia: Sustainable Development Knowledge Platform’ https://sustainabledevelopment.un.org/memberstates/australia accessed 15 May 2025.

49.^

OECD, ‘OECD/LEGAL/0491 Recommendation of the Council on the Governance of Digital Identity’ (OECD Legal Instruments, 2023) https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0491 accessed 15 May 2025; OECD, ‘OECD/LEGAL/0406 Recommendation of the Council on Digital Government Strategies’ https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0406 accessed 15 May 2025.

50.^

‘OECD/LEGAL/0491 Recommendation of the Council on the Governance of Digital Identity’ (OECD Legal Instruments, 2023) https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0491 accessed 15 May 2025; OECD, ‘OECD/LEGAL/0406 Recommendation of the Council on Digital Government Strategies’ https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0406 accessed 15 May 2025.

51.^

‘Australia’s Digital ID System’ (Government of Australia) https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf.

52.^

‘Australia’s Digital ID System’ (Government of Australia) https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf.

53.^

‘Stateless People’ (UNHCR) https://www.unhcr.org/about-unhcr/who-we-protect/stateless-people accessed 16 May 2025.

54.^

‘Australia’s Digital ID System’ (Government of Australia) 10, https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf

55.^

‘Australia’s Digital ID System’ (Government of Australia) https://www.digitalidsystem.gov.au/sites/default/files/2025-01/Dept%20of%20Finance_Easy%20Read_web%20accessible.pdf.

56.^

Australian Government, ‘Using Digital ID for Your Business or Organisation | Digital ID System’ https://www.digitalidsystem.gov.au/using-digital-id-for-your-business-or-organisation#data-minimisation-principle accessed 15 May 2025.