The federal government has attempted to soothe concerns stirred up by its proposed $18.5 million national facial recognition system, by promising to implement a series of recommendations made in a privacy impact assessment.
The introduction of the tool was first floated earlier this year by state and federal police ministers and attorneys-general, and later won $18.5 million in funding from the federal government.
It is aimed at tackling cross-border criminal activities and will allow law enforcement agencies to share citizens' facial images to identify unknown individuals and verify identities. The capability will run alongside the existing Document Verification Service.
The platform will match a facial photograph held by a participating agency to images on passports, visas and driver’s licences in an effort to reduce identity theft, fraudulent identity documents and other serious criminal activity.
But the plan has been criticised by privacy advocates and the ACT government over concerns the platform would allow police 'unprecedented and extraordinary' access to the personal information of citizens without proper safeguards.
The ACT government recently told its counterparts the biometric sharing tool raised "significant privacy and human rights concerns that have not been satisfactorily addressed".
ACT Attorney General Simon Corbell argued there were currently no restrictions on the federal government changing the laws so data could be accessed by commercial entities, or so police can use the information to identify perpetrators of petty crime.
The federal Attorney-General's Department undertook a preliminary privacy impact assessment for the capability earlier this year and today published the document.
It pledged [pdf] to adopt - in part or in whole - the 16 recommendations made by the assessment, which was undertaken by consulting firm Information Integrity Solutions.
"IIS considers that AGD’s approach to the hub design process has been generally consistent with the requirements of the Australian Privacy Principles (APPs) in the Privacy Act 1988," the PIA report stated [pdf].
"IIS has not identified any significant risks or privacy issues in the hub design. IIS has identified areas where it considers some extra steps are needed to maintain the focus on privacy and good privacy practice."
The AGD pledged to implement a privacy by design approach, ensure only the minimum amount of data needed for matching and sharing is collected, limit access to only appropriate individuals, and require participating agenices to publish audit details annually.
The department also said it would have the ability to suspend or terminate access to the capability should an agency breach its privacy obligations.
The capability will be based on a hub-and-spoke model which facilitates query and response requests from participating agencies.
When it goes live the capability will be available only to Commonwealth agencies, with states and territories to come on board over time, the department has previously said.
Initially, the Department of Foreign Affairs, Immigration, the AFP, the Australian Security Intelligence Organisation, Defence, and the Attorney-General's Department will be able to access the platform.
There are currently more than 100 million facial images held by agencies that issue identity documents, according to the AGD.
Agencies will need to have legislative authority to collect and use facial images to take part in the scheme.