Last updated August 2021
The myGovID Privacy Notice explains how we manage the personal information we collect.
These terms and conditions relate to how we use the myGovID system. myGovID is the Australian Government’s Identity Service Provider.
The Australian Taxation Office (ATO) provides the myGovID system as a secure digital environment for individuals to establish and verify their identity for authenticated access to participating online services.
Your use of the myGovID system must be consistent with the Trusted Digital Identity Framework (TDIF). Further information on the TDIF is available via the Digital Transformation Agency.
You are responsible for the security and use of your myGovID account and the device on which it is stored. You must comply with all security requirements and instructions provided by the ATO about your use of the myGovID system.
- not use your myGovID credential for any unlawful or improper purpose
- not disclose your myGovID passwords to any other person
- provide information that is true, accurate, current and complete to create your myGovID account and verify your identity
- always close your myGovID browser sessions and lock your device when not in use
- notify the ATO myGovID Help Desk if you believe the security of your myGovID account or myGovID credential has been compromised.
- Subscriber Agreement for the myGovID Public Key Infrastructure (PKI)
- myGovID Certification Practice Statement (CPS)
- myGovID Certificate Policy – User (CP).
The Glossary has more information about some terms used in this document.
The myGovID system includes each of the myGovID service, the myGovID credential and the myGovID software.
To use the myGovID system, you must:
- provide information that is true, accurate, current and complete to create your myGovID account and verify your identity – this includes personal information contained in a federal or state issued identity document
- not use the myGovID system to use or create a false identity, impersonate any person or otherwise misrepresent your identity.
To the extent permitted by law, the ATO:
- provides each of those elements of the myGovID system ‘as is’ and without charge.
- gives no express or implied warranties or makes any representation (and to the full extent permitted by law excludes all statutory warranties) for each of those elements (including its availability, security, performance or fitness for a particular purpose).
- will not be liable for any loss or damage (including special, indirect or consequential) arising from or in connection with any of those elements of the myGovID system or its or their availability, use or performance either directly or through a third-party provider.
To the extent that the ATO's liability for the myGovID system (or any part of it) cannot be excluded, it is limited to the resupply of the relevant goods or services, or the cost of such resupply, at the ATO's option, or otherwise limited to the minimum amount permitted by law.
The ATO makes the myGovID app and software (Software) available to you to use, in unaltered form, solely for use with the myGovID system.
You may not:
- decompile, reverse engineer, disassemble or attempt to derive the source code for the Software
- create derivative works based the Software or modify it in any way
- distribute copies of the Software or versions of it.
You must not access the myGovID software other than through:
- the Apple App Store
- Google Play Store or
- other means approved by the ATO.
The ATO makes no guarantee that the myGovID software will function outside supported platforms.
You should ensure that the software does not interfere with your systems or devices.
You must ensure your use of the software complies with all applicable conditions of use, including third party software licensing conditions of use, relevant laws, including local laws in any relevant foreign country if you use the software outside Australia. Those laws may impact your eligibility to get or use a copy of the software.
myGovID software uses third party software under licence. Annexure A – Third Party Licences and Software contains a full listing of myGovID third party licences and software.
You can email us for information about our Software at DigitalIdentity@ato.gov.au
You can access and use your myGovID account through the myGovID service. While the ATO will use reasonable efforts to rectify any issues with the myGovID service that it is aware of:
- the ATO makes no guarantees that the myGovID service, and your access to it (and your myGovID account), will be continuously available, uninterrupted, and fault or error free.
- your access to the myGovID service (and your myGovID account) is also contingent on telecommunication services and other factors beyond the ATO’s control.
- the ATO may suspend or terminate access to the myGovID service through some or all products or to some or all users at any time.
You should take appropriate and adequate precautions to ensure that the information obtained from the myGovID service is free of viruses or other contamination that may interfere with or damage your systems, devices or data.
Your myGovID credential is a digital Certificate associated with your myGovID account and is returned by the myGovID service to the application storage on the device you use for your myGovID account.
You are responsible for all transactions and communications carried out using your myGovID credential, and for the security and use of your myGovID account, your myGovID credential and the device on which it is stored.
- not use your myGovID credential for any unlawful or improper purpose other than to establish, verify or authenticate your identity when accessing online services of participating agencies.
- not disclose the passwords for your myGovID account or myGovID credential to any other person.
- not store your myGovID credential in a certificate store to which any other person has access, or otherwise allow, grant, permit or enable any other person to use your myGovID credential.
- close your myGovID browser sessions and lock or secure your computer or device when not in use or unattended.
- not undertake any screen capture, sharing or like activities that might compromise the security of your myGovID account or myGovID credential.
- notify the ATO myGovID Help Desk on 1300 287 539 (option 2) as soon as you suspect or become aware that the security of your myGovID account or myGovID credential has been compromised.
myGovID will collect, use, store and share your personal and sensitive information as detailed in the myGovID Privacy Notice. The ATO will disclose your personal information or credentials to third parties if you have provided your consent to do so, or if authorised or required to do so by law. We may use or disclose your information to detect, manage and investigate fraudulent activity or for another purpose allowable under the TDIF.
You acknowledge that the ATO may suspend, cancel or revoke your myGovID credential when it is permitted or required as described in the CPS. If you no longer wish to use the myGovID system, you may uninstall the app from all devices. If you choose to uninstall myGovID, we will keep and dispose of your personal information following the Archives Act 1983.
Any disputes between you and any third-party provider, including another Accredited Participant of the Digital Identity System, must be resolved between you and that party.
The ATO is not responsible for any fees charged by other Accredited Participants or third-party providers. You are responsible for ensuring the installation and use of the myGovID system does not cause you to exceed any data usage quotas or other limitations which may apply to your internet service or other third-party provider.
|Accredited Participant||Organisations that have achieved accreditation under the Trusted Digital Identity Framework.|
An electronic document, signed by the Certification Authority which:
|Certificate Policy (CP)||A named set of rules applying to, and providing policy and operational guidance on the deployment and use of a Certificate issued by a Certification Authority (CA).|
|Certificate Store||Storage location for certificates on a computer or device.|
|Certification Authority (CA)||An entity that issues and digitally signs certificates using the entities private key.|
|Certification Practice Statement (CPS)||A statement of the practices that a Certification Authority (CA) employs in managing the digital Certificates it issues (this includes the practices that a Registration Authority employs in conducting registration activities on behalf of that Certification Authority). These statements will describe the PKI certification framework, mechanisms supporting the application, insurance, acceptance, usage, suspension/revocation and expiration of digital Certificates signed by the CA, and the CA’s legal obligations, limitations and miscellaneous provisions.|
|Public Key Infrastructure (PKI)||The combination of hardware, software, people, policies and procedures needed to create, manage, store and distribute Keys and digital Certificates based on public Key cryptography.|