Australian Biometric IDs To Be Stored Offshore After Changes To AGDIS Requirements.
Australian Biometric IDs To Be Stored Offshore – Australians’ digital identification and biometric data will be stored offshore after changes to the $A300 million Australian Government Digital Identity System (AGDIS).
Requirements for local storage of personal information were part of the Draft Digital ID Rules supported by The Greens and independents as they passed parliament earlier in the year. The state government departments can join AGDIS from November 2024, while private industry must wait until 2026.
The Draft Digital ID Rules insisted accredited identity or credential providers must hold, store and handle information that is “generated, collected, held or stored” by the AGDIS system inside Australia. And the same information could not be transferred out of Australia without an exemption.
The Tech Council of Australia (TCA) and the Australian Banking Association (ABA) lobbied the Senate committee probing the Digital ID Bill earlier this year to have the requirement removed. Now a new version of the draft rules issued by Department of Finance in June has removed the requirement, opening the door to the offshore hosting of personal and biometric information.
Australian Biometric IDs To Be Stored Offshore
TCA and ABA argued that networked solutions are borderless, so cybersecurity technology application is more important than geographical location and suggested organisations that were unable to access offshore-based services might be less secure – an argument that was accepted, even though dependable governance outside Australia is clearly the key issue.
“Data localisation is based on the misconception that cybersecurity risk is dependent on physical location,” TCA told the Senate Economics Legislation Committee Inquiry in January.
“However, the main determinants of cyber-resilience are technical, such as strong encryption measures and infrastructure protection, and governance related.”
The ABA also dangled the prospect of “unintended consequences for data security” and pointed out that many “large cloud service providers are offshore”, both points that apply equally well locally.
“The draft provision may unintentionally prohibit entities from accessing these more secure services, ultimately increasing the risk of identity information being compromised,” ABA said.
It’s likely the position of industry bodies around digital ID is predicated on the cloud-based business models appealing to their largest members – big finance – being hosted in data centres in locations where costs are much lower.
You can learn more about AGDIS here, read about the Digital ID Bill here and find more SEN news here.
“Australian Biometric IDs To Be Stored Offshore After Changes To AGDIS Requirements”.