A national facial recognition scheme could be misused for social surveillance and cracking down on traffic infringements unless tightly controlled, the Law Council has warned.

Home Affairs Minister Peter Dutton has introduced legislation that would allow his department to store Australian's biometric data in a central hub, and then share it with other government agencies when appropriate.

Government officials said the idea was to improve data sharing across different levels of government, primarily to strengthen counter-terrorism and policing operations.

But according to draft laws, the information — which can help identify people in large crowds — could also be used for road safety and general law enforcement purposes.

That sparked concern from Law Council president Morry Bailes, who told a parliamentary committee there was a chance the powerful scheme could be abused.

"Clearly the provision of such capability has been determined by Government as desirable to facilitate the detection of would-be terrorists, by scoping a site for potential terrorist attacks," Mr Bailes said.

"But that very same identity-matching capability might also be used for a range of activities that Australian citizens regard as unacceptable.

"Examples include accessing CCTV footage to detect, investigate or prosecute young people who may allegedly be engaged in certain low-level unlawful conduct."

He said the Federal Government had not been clear about what the scheme could and could not be used for.

He raised concerns that without adequate oversight, it could be used to identify jay-walkers or even spiral into "a full social credit style system of government surveillance".

"Identity-matching services are legitimised through citizen trust of what governments are doing and that trust is hard gained and in today's world, easily eroded and hard to regain," Mr Bailes said.

Home Affairs: There are many misconceptions

Home Affairs deputy secretary Maria Fernandez refuted Mr Bailes' claims and said the proposed scheme was misunderstood.

Ms Fernandez said only a small number of agencies would have access to the pooled data, and it could only be supplied by the Home Affairs Department.

"The bill does not authorise the department to use new data sets of images from individuals that are not already lawfully collected and held by Government," she said.

Private companies, she said, would only be able to access the data for verification purposes and with that person's consent.

The information is valuable for businesses like banks or telecommunication companies to prevent identity fraud.

Other companies may also want to check someone working with sensitive information is who they say they are.

Officials said the scheme would be closely monitored by the Home Affairs Department and anyone found to be misusing it would be dealt with.

"The department will be able to suspend or terminate access to the service for agencies that fail to comply with privacy or security requirements," Ms Fernandez said.

"These agencies will also be subject to sanctions under existing legislation."

Department officials also revealed they had already published a facial recognition algorithm — although they would not reveal the vendor — saying that could expose the system to attack.

Home Affairs has been criticised for not detailing oversight provisions in the draft legislation, but Ms Fernandez said some of those details were contained in existing laws.