In February 2018, the Home Affairs Department introduced the Identity Matching Services Bill into parliament. This bill, if passed, will allow the Department of Home Affairs to collect, use and disclose information relating to the identity of individuals through biometric facial recognition software. Government departments and some private entities will be allowed to access and share images from the passports, visas and driver’s licences of individuals.
Human rights groups such as Digital Rights Watch and Australian Lawyers for Human Rights (ALHR) have opposed the Bill, saying it puts the right to privacy, enshrined in the International Covenant on Civil and Political Rights, at risk.
Where does the law on identity matching currently stand?
Data Matching Program (Assistance and Tax) Act
Under the Data Matching Program (Assistance and Tax) Act, the Australian Tax Office may match identification data (such as tax file numbers) between different government and private sector records. This is done to ensure that individuals are not receiving payments that they are not entitled to or paying too little tax.
Agencies that are considering taking action against someone based on information obtained through existing data-matching services are generally required to inform the person of the results of data-matching and give them the opportunity to respond.
Intergovernmental Agreement on Identity Matching Services
In October 2017, the Intergovernmental Agreement on Identity Matching Services was signed by the Prime Minister and state and territory leaders. The agreement was to share and match identity information to ‘prevent identity crime, support law enforcement, uphold national security, promote road safety, enhance community safety and improve service delivery, while maintaining robust privacy and security safeguards.’ The parties agreed to use a range of services to achieve these aims, including:
- The Document Verification Service, a national online system through which organisations compare a customer’s identification documents with information in government records;
- Face verification Service, a one to one image matching service that allows government and other agencies to compare images from individuals’ identification documents in order to obtain a ‘yes’ or ‘no’ response as to whether two images are of the same person;
- Face identification service, a one to many image identification service that can match a photo of an unknown person against government records of multiple persons to establish the individual’s identity
Some of these are services that are already being used by the police and security agencies. For example, to verify identification documents upon persons entering the country.
The Privacy Act
The Privacy Act defines personal information as ‘information or an opinion, whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable’ (Section 6). Information obtained through data-matching processes may fall within this definition. The Privacy Acts sets out a range of offences relating to the disclosure of personal information without authority.
Defenders of the Identity Matching Services Bill say that it will contain robust privacy safeguards and that consent will be obtained from individuals prior to using identity matching services.
Criticisms of the Identity Matching Services Bill
Critics of the Bill say that the proposed legislation has been developed without adequate consultation and that it does not contain sufficient privacy safeguards. There have been calls for a warrant to be required before a department or company can resort to utilising the identity-matching services. The Department of Home Affairs claims that this would defeat the purpose of the legislation, which is to provide speedy access to identifying pictures of potential suspects and victims. Furthermore, a warrant is usually not required to access information for the purposes of identifying someone.
Rights groups like Digital Rights Watch are concerned about who will be able to get the information, how they will use it, how they will keep it safe and how consent will be obtained. Whilst it has been stated that individuals will be asked to give their consent prior to the services being used, there is concern that this consent may be presented as a condition of their use of a service, meaning that withholding consent may not be a realistic option in many cases.
Australian Lawyers for Human Rights (ALHR) has raised concerns about the lack of safeguards around private entities accessing the data for commercial purposes and how the civil right to privacy of individuals will be upheld. This is of particular concern given Australia does not have a Bill of Rights and the Privacy Act is widely considered to be very limited.
The proposed legislation is currently under review as part of the Parliamentary Joint Committee on Intelligence and Security. The committee is due to report in May 2018.