AustLII Home | Databases | WorldLII | Search | Feedback

Australian Senate Standing Committee for the Scrutiny of Bills - Scrutiny Digests
You are here:  AustLII >> Databases >> Australian Senate Standing Committee for the Scrutiny of Bills - Scrutiny Digests >> 2024 >> [2024] AUSStaCSBSD 21

Database Search | Name Search | Recent Documents | Noteup | LawCite | Download | Help

Digital ID Bill 2023 - Initial Scrutiny [2024] AUSStaCSBSD 21 (7 February 2024)

Digital ID Bill 2023[59]

Purpose
The Digital ID Bill 2023 seeks to establish an accreditation scheme for entities providing digital ID services; provide additional privacy safeguards for the provision of accredited digital ID services; establish an Australian Government Digital ID System (the AGDIS); and strengthen the oversight and regulation of accredited digital ID providers and entities participating in the AGDIS, and the integrity and performance of the AGDIS.
Portfolio
Finance
Introduced
Senate on 30 November 2023
Bill status
Before the Senate

Immunity from civil and criminal liability[60]

1.112 Clause 84 of the Digital ID Bill 2023 (the bill) seeks to provide that accredited entities participating in the Australian Government Digital ID System (AGDIS) are protected from civil and criminal liability in certain circumstances. Subclause 84(1) provides that an accredited entity[61] is not liable to an action or other proceeding in relation to the provision or non-provision of an accredited service[62] to another accredited entity participating in the AGDIS, or to a participating relying party.[63] The immunity from civil and criminal liability is applicable where:

• the accredited entity provides or does not provide the accredited service in good faith in compliance with the bill;[64] or

• the accredited entity does not comply with the bill in relation to the accredited service and the non-compliance is not the ground or the cause for the action or the other proceeding.[65]

1.113 This therefore removes any common law right to bring an action to enforce legal rights (for example, a claim of defamation), unless it can be demonstrated that lack of good faith is shown. The committee notes that in the context of judicial review, bad faith is said to imply the lack of an honest or genuine attempt to undertake a task. Proving that a person has not engaged in good faith will therefore involve personal attack on the honesty of a decision-maker. As such the courts have taken the position that bad faith can only be shown in very limited circumstances.

1.114 The committee expects that if a bill seeks to provide immunity from civil and criminal liability, particularly where such immunity could affect individual rights, this should be soundly justified. In this instance, the explanatory memorandum provides no explanation for this provision, merely restating the terms of the provision.[66]

1.115 In this instance, the committee notes that accredited entities provide services, that if not rendered to a party, can have significant consequences for that party. This may be the case even where the accredited entity has acted in good faith. The committee notes the example provided in the definition of ‘accredited service’ in clause 9 in relation to Acme Co, who provide the accredited service of managing, maintaining and verifying information relating to an individual’s identity. A failure to maintain identifying information, even if done in good faith, would have consequences for the individual whose identifying information has not been maintained, managed or verified. These parties will be left without an avenue for recourse until they are able to prove the accredited entity was acting in bad faith.

1.116 The committee requests the minister’s advice as to why it is considered necessary and appropriate to provide an accredited entity immunity from civil and criminal liability so that affected persons have their right to bring an action to enforce their legal rights limited to situations where lack of good faith is shown.

2024_2100.jpg

Tabling of documents in Parliament[67]

1.117 Subclause 145(1) provides that the Minister for Finance (the minister) must cause periodic reviews of provisions in the Digital ID Rules that relate to the charging of fees by the Digital ID Regulator[68] to be undertaken.[69] Subclause 145(4) provides that the minister must cause a written report about each review to be prepared and published on the Digital ID Regulator’s website.[70] The provision does not require any such report to be tabled in both Houses of the Parliament.

1.118 The explanatory memorandum does not provide any further information in relation to the absence of the requirement to table any report prepared and published under subclause 145(4) to be tabled in Parliament.

1.119 The committee’s consistent scrutiny view is that the tabling of documents in Parliament is important to parliamentary scrutiny, as it alerts parliamentarians to the existence of documents and provides opportunities for debate that are not available where documents are not made public or are only published online. Tabling reports on the operation of regulatory schemes promotes transparency and accountability. The committee’s concerns are heightened in this instance as the report would relate to a review of fees that may be charged by the Digital ID Regulator and transparency and accountability in this context are necessary.

1.120 Noting that there may be impacts on parliamentary scrutiny where reports associated with the operation of regulatory schemes are not tabled in the Parliament, the committee requests the minister’s advice as to whether the bill can be amended to provide that reports prepared under subclause 145(4) be tabled in Parliament in order to improve parliamentary scrutiny.

2024_2100.jpg

Significant matters in delegated legislation
Instruments not subject to an appropriate level of parliamentary oversight[71]

1.121 Subclause 150(1) of the bill seeks to provide that the minister may establish, in writing, advisory committees to provide advice to the minister, the Secretary, the System Administrator and the Digital ID Data Standards Chair.[72] This advice may relate to any matters within the bill, including but not limited to the performance of the Digital ID Regulator’s powers and functions under the bill.[73] The minister may determine the persons appointed to the advisory committee and must also determine various matters in relation to the operation and members of the committee, which are provided by subclause 150(3).[74]

1.122 The establishment of committees to provide advice about matters arising under the Act, including in relation to the Digital ID Regulator’s powers and functions, is a significant part of the overall legislative scheme.

1.123 Where a bill includes significant matters in delegated legislation, the committee expects the explanatory memorandum to the bill to address why it is appropriate to include the relevant matters in delegated legislation and whether there is sufficient guidance on the face of the primary legislation to appropriately limit the matters that are being left to delegated legislation. A legislative instrument made by the executive is not subject to the full range of parliamentary scrutiny inherent in bringing forward proposed legislation in the form of a bill.

1.124 The committee queries why such committees are to be established by instrument, rather than in the primary legislation, which would afford the best opportunity for parliamentary scrutiny in relation to the establishment of any advisory committee. The committee further queries why advisory committees could not, at a minimum, be established by legislative instrument. Subclause 150(4) seeks to provide that instruments made under subclauses 150(1) and 150(3) are not legislative instruments.[75] A determination that is not a legislative instrument is not subject to the tabling, disallowance or sunsetting requirements that apply to legislative instruments. Noting the importance of parliamentary scrutiny, the committee expects the explanatory materials to include a justification as to why the establishment of the advisory committees has been left to written instruments, rather than being included in the primary legislation, and why the instruments are not legislative in character. In this instance, the explanatory memorandum does not provide such a justification and merely restates the provisions.[76]

1.125 In light of the above, the committee requests the minister’s detailed advice as to:

why it is considered necessary and appropriate to leave the matter of establishing an advisory committee under subclause 150(1), and determining matters relating to the operation and members of such committees under subclause 150(3), to written instruments, rather than these matters being included in the primary legislation; and

why it is considered necessary and appropriate to specify that instruments made under subclauses 150(1) and 150(3) are not legislative instruments (including why it is considered that the instruments are not legislative in character); and

whether the bill could, at a minimum, be amended to provide that these instruments are legislative instruments, to ensure that they are subject to appropriate parliamentary oversight.

2024_2100.jpg

Reversal of the evidential burden of proof[77]

1.126 Subclause 151(1) of the bill seeks to provide that a person commits an offence if the person is or has been an entrusted person,[78] obtains protected information in the course of or for the purposes of performing functions or exercising powers under the bill, and discloses the protected information.[79] Paragraph 151(1)(d) provides a further stipulation that the protected information that is disclosed must be personal information about an individual or that there must be a risk that the use or disclosure might substantially prejudice the commercial interests of another person. The offence carries a penalty of imprisonment for up to two years or 120 penalty units, or both.

1.127 Subclause 151(3) provides that the offence does not apply if the use or disclosure is authorised by clause 152. Clause 152 provides a list of circumstances in which an entrusted person may use or disclose protected information. A note to subclause 151(3) clarifies that a defendant bears an evidential burden of proof in relation to the offence-specific defence in subclause 151(3).

1.128 The committee expects any such reversal of the evidential burden of proof to be justified and for the explanatory memorandum to address whether the approach taken is consistent with the Attorney-General’s Department’s Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers (Guide to Framing Commonwealth Offences), which states that a matter should only be included in an offence-specific defence (rather than being specified as an element of the offence) where:

• it is peculiarly within the knowledge of the defendant; and

• it would be significantly more difficult and costly for the prosecution to disprove than for the defendant to establish the matter.[80]

1.129 In relation to subclause 151(3), the explanatory memorandum merely restates the provision and does not provide a justification for the reversal of the evidential burden of proof in relation to the offence in subclause 151(1).[81] It is not apparent to the committee that the circumstances listed under clause 152 are matters that are peculiarly within the defendant’s knowledge.

1.130 For instance, some examples of authorised disclosures of protected information include assisting in the administration or enforcement of a Commonwealth or Territory or a law of a state that is prescribed by the Digital ID Rules.[82] It is unclear to the committee how complying with the requirement of a written law is peculiarly within any person’s knowledge. Another example of an authorised disclosure is where the disclosure is required or authorised by law.[83] It is not clear to the committee how a disclosure that is required or authorised by law can be peculiarly within a person’s knowledge. Further, it is not clear to the committee that obtaining or disproving a matter relating to the administration or enforcement of a law or compliance with a law would be significantly more costly or difficult for the prosecution.

1.131 As the explanatory materials do not adequately address this issue, the committee requests the minister’s explanation as to why it is proposed to use an offence-specific defence in subclause 151(3) (which reverses the evidential burden of proof) in relation to the offence under subclause 151(1).

1.132 The committee’s consideration of the appropriateness of a provision which reverses the burden of proof is assisted if it explicitly addresses relevant principles as set out in the Attorney-General’s Department’s Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers.[84]

2024_2100.jpg

Incorporation of external materials as existing from time to time[85]

1.133 Subclause 167(2) of the bill provides that the Accreditation Rules, the Digital ID Data Standards and the Digital ID Rules, which are core instruments that will be made pursuant to the bill, may apply, adopt or incorporate any matter contained in other material as in force or existing from time to time. The explanatory memorandum provides examples of material that may be incorporated, which includes Commonwealth documents relating to protective security and cyber security, international standards and digital identity standards set by internationally recognised organisations.[86]

1.134 At a general level, the committee is concerned where provisions in a bill allow the incorporation of legislative provisions by reference to other documents as such an approach:

• raises the prospect of changes being made to the law in the absence of parliamentary scrutiny, (for example, where an external document is incorporated as in force ‘from time to time’ this would mean that any future changes to that document would operate to change the law without any involvement from Parliament);

• can create uncertainty in the law; and

• means that those obliged to obey the law may have inadequate access to its terms (in particular, the committee will be concerned where relevant information, including standards, accounting principles or industry databases, is not publicly available or is available only if a fee is paid).

1.135 As a matter of general principle, any member of the public should be able to freely and readily access the terms of the law. The committee reiterates its consistent scrutiny view that where material is incorporated by reference into the law, it should be freely and readily available to all those who may be interested in the law.

1.136 Noting the above comments and in the absence of a sufficient explanation in the explanatory memorandum, the committee requests the minister’s advice as to whether documents applied, adopted or incorporated by reference under clause 167 will be made freely available to all persons interested in the law and why it is necessary to apply the documents as in force or existing from time to time, rather than when the instrument is first made.

2024_2100.jpg

[59] This entry can be cited as: Senate Standing Committee for the Scrutiny of Bills, Digital ID Bill 2023, Scrutiny Digest 2 of 2024; [2023] AUSStaCSBSD 21.

[60] Clause 84. The committee draws senators’ attention to this provision pursuant to Senate standing order 24(1)(a)(i).

[61] Clause 9, an accredited entity includes an accredited attribute, identity exchange or identity service provider or an entity that is accredited to provide services of a kind prescribed by the Accreditation Rules.

[62] Clause 9, an accredited service is the service provided or proposed to be provided by an accredited entity in the entity’s capacity as a particular kind of accredited entity.

[63] Subclause 84(1).

[64] Paragraph 84(1)(a).

[65] Paragraph 84(1)(b).

[66] Explanatory memorandum, p. 83.

[67] Subclause 145(1). The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(v).

[68] Subclause 144(1).

[69] Subclause 145(1).

[70] Subclause 145(4).

[71] Subclauses 151(1) and 151(3). The committee draws senators’ attention to these provisions pursuant to Senate Standing Order 24(1)(a)(v).

[72] Subclause 150(1).

[73] Subclause 150(1).

[74] Subclause 150(3).

[75] Subclause 150(4).

[76] Explanatory memorandum, pp. 113–114.

[77] Subclause 151(3). The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(i).

[78] Under subclause 151(2) of the bill, an ‘entrusted person’ includes: the Digital ID Regulator, the System Administrator, a member, associated member or member of staff of, or consultant for, the Australian Competition and Consumer Commission, and departmental employees assisting the Chief Executive Centrelink.

[79] Subclause 151(1).

[80] Attorney-General’s Department, A Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers, September 2011, p. 50.

[81] Explanatory memorandum, p. 114.

[82] Subparagraphs 152(1)(a)(iii) and 152(1)(a)(iv).

[83] Paragraph 152(1)(b).

[84] Attorney-General’s Department, A Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers, September 2011, p. 50.

[85] Clause 167. The committee draws senators’ attention to this provision pursuant to Senate Standing Order 24(1)(a)(v).

[86] Explanatory memorandum, pp. 120–121.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/other/AUSStaCSBSD/2024/21.html