Max Chandler-Mather (Griffith, Australian Greens) Share this | Hansard source

The Identity Verification Services Bill 2023 allows identity matching across databases and across jurisdictions. This kind of matching is essential for many practices, including in relation to real estate and mortgage transactions and banking. Too often under current laws, consent, if asked for, is in the form of bundled consent, where consent is required in order to obtain an essential service. For instance, you need to consent to having this information shared to get a driver's licence, or potentially an Opal card or a transport card. That's not really a form of consent, because obviously accessing, for instance, a driver's licence is essential, and when you're asked to then provide so-called consent for handing over all your data and allowing it to be shared, in effect you're being blackmailed to provide that consent, and the Greens don't agree with that.

Many in the sector have, rightly, questioned why this bill is being brought to parliament now, before the comprehensive privacy laws that were promised at the last election and are known to be a key priority. These comprehensive privacy laws will provide a crucial layer of protection for Australians against abuses of power and misuses of data and will provide key pillars of protection of privacy when it comes to things like sharing data across jurisdictions. It's a fundamental problem with this proposal, which is why we will be moving an amendment relating to this.

Much of the matching in this bill is already occurring with a questionable legal basis. We have asked the government for a briefing on the specific aspect of the change. Clearly a legislated scheme is preferable so that controls and protections can be implemented. But this must be done to create a scheme that truly protects privacy and the rights of people to know what happens with their data. The bill requires compliance with standards set by the Privacy Act 1998 or similar state or territory laws. This is crucial, because this poses a real risk that the weakest applicable privacy protections may be chosen by participating parties with overall negative impacts on privacy protection.

These are just some of the reasons the Greens have referred this bill to the Senate Legal and Constitutional Affairs Committee for inquiry. Key issues raised in submissions to date are inconsistency between the scheme proposed here and the significantly more robust privacy protections under the draft digital ID bill and the delay in overarching privacy laws. The OAIC, which is the government's own agency relevant to these laws, provides eight key recommendations for amendments to the bill, indicating significant issues with the consultation process that led to this bill being brought before parliament. This is why the Greens will be moving an amendment that defers the consideration of this bill until after the Privacy Act reforms are in place. We believe this is crucial for any legislative change that provides for the sharing of data across jurisdictions, in particular when this bill includes concepts of bundled consent, which, as we have said, aren't really forms of consent when, for instance, to get access to a driver's licence you need to provide consent that jurisdictions can share your face, ID and other digital and private information.

I move the second reading amendment as circulated in my name:

That all words after "That" be omitted with a view to substituting the following words:

"the House declines to give the bill a second reading until the Privacy Act reforms are in place in recognition of the significant privacy and data implications of this proposal".

See this speech in context