This article is more than 10 months old

This article is more than 10 months old

Parliament’s intelligence and security committee has ordered the government back to the drawing board for laws to establish a national facial recognition database, saying the legislation needs to be redrafted to ensure citizens’ rights are protected.

Amid fears the proposed new laws could allow the mass surveillance of citizens, the government-controlled committee has taken the unusual step of recommending the laws be completely overhauled, with the new regime built around “privacy, transparency and subject to robust safeguards.”

It is the first time since 2002 that parliament’s joint committee on intelligence and security has recommended legislation be withdrawn and redrafted and then resubmitted to the committee for scrutiny.

A government spokeswoman said: “the Committee has made recommendations and we will work with the PJCIS to legislate these laws.”

Tabling the report of the PJCIS in parliament on Thursday, the Liberal MP and chair, Andrew Hastie, outlined the shortcomings of the legislation, saying that while its objectives were supported, it lacked detail.

Witness K lawyer warns many whistleblowers have 'nowhere to go' Read more

He also said the committee had agreed with critics who submitted that the legislation lacked safeguards to ensure appropriate governance, accountability and protection of the individual’s right to privacy.

“The committee acknowledges these concerns and believes that while the bill’s explanatory memorandum sets out governance arrangements such as existing and contemplated agreements and access policy, they are not adequately set out in the current bill,” Hastie said.

“In the committee’s view, robust safeguards and appropriate oversight mechanisms should be explained clearly in the legislation.”

Sign up to receive the top stories from Guardian Australia every morning

Hastie said that while the committee fully supported the objectives of the legislation – which was designed as a way to protect against the problem of identity theft – substantial changes to the legislation were still needed.

“Wanting to ensure the safety and security of all Australians is something we have in common but we also need to protect citizens’ rights whilst doing so,” Hastie said.

Labor’s shadow attorney general, Mark Dreyfus, said Labor and Liberal members of the committee were united in recommending the bill be “completely redrafted” and then referred back to the intelligence and security committee for further inquiry when reintroduced.

Plan for massive facial recognition database sparks privacy concerns Read more

He said that while the bill provided for six different identity-matching services, the service that elicited the most concern from submitters to the committee’s inquiry was the facial identification service.

“That service would enable authorities across Australia to use huge databases of facial images to determine the identity of an unknown person,” Dreyfus said.

“The potential for such a service to be used for mass or blanket surveillance, such as CCTV being used to identify Australians going about their business in real time, was raised by numerous submitters to the inquiry.”

Dreyfus referred to evidence provided by the Australian Human Rights Commission, which submitted that the bill contemplated “intrusive surveillance” of the community at large before any crime had been committed, and in cases where there was no reason to believe a crime would be committed.

“I do not believe that the government is proposing to engage in or to facilitate the mass surveillance of Australians. But I do accept that, given the near complete absence of legislated safeguards in the identity matching services bill 2019, those concerns cannot simply be ignored,” Dreyfus said.

The bill, which was first introduced in 2018, would establish a range of services to identify, recognise or verify a facial image.

It would also allow the Department of Home Affairs to create and maintain facilities for the sharing of facial images and other identity information between government agencies, and in some cases, non-government entities.

This would also allow access to driver’s licence databases and photographs held by the states and territories.

A system for the collation, access, use, sharing and disclosure of this type of data is also outlined in the legislation, sparking concerns about privacy and data security.

Four recommendations have been made by the PJCIS committee, chiefly that the regime be rebuilt subject to “parliamentary oversight and reasonable, proportionate and transparent functionality”.

It also calls for the regime to be subject to annual reporting, and for the new laws to outline requirements of a participation agreement that sets out the obligations of all parties participating in the identity-matching services in detail.

The committee also concurrently examined changes to the Australian Passports Act which would authorise the minister for foreign affairs to disclose personal Australian travel document data for the purpose of participating in the identity-matching services.

The committee concluded that the legislation should only be amended to ensure that automated decision making can only be used for favourable or neutral outcomes for the subject, and that such decisions would not negatively affect a person’s legal rights or obligations.