Dear New Zealand Transport Agency,

This is a request for official information under the Official Information Act 1982 regarding the development of the New Zealand Digital Driver's Licence (DDL).

I am requesting documents that will allow the public to understand the project's privacy implications, data security framework, and any international interoperability considerations.

1. Privacy Impact Assessments (PIAs):
Please provide a copy of all Privacy Impact Assessments (PIAs), privacy-by-design documents, or similar risk analyses that have been completed for the DDL project.

2. International Standards and Interoperability:
Please provide any documents, briefing papers, or meeting minutes that discuss the adoption of international standards for the DDL.

Specifically, I am requesting information that addresses:

a) The adoption of ISO/IEC 18013-5 (the international standard for mobile driver's licences).
b) Any discussions, consultations, or agreements with international bodies or other nations (including, but not limited to, Australia, the United Kingdom, the United States, and Canada) regarding cross-border recognition or technical interoperability of digital identity credentials. If specifics cannot be given for any valid reason please confirm where such discussions have taken place with a given nation.

3. Data Sharing and Architecture:

Please provide any documents that describe the proposed data architecture of the DDL system.

Specifically:

a) A high-level diagram or description of how the DDL app will interact with the central Motor Vehicle Register.
b) The policy or technical specifications outlining what information is shared during a typical verification event (e.g., with Police, or a private entity like a bar or rental car agency).
c) Any documents detailing the potential for the DDL infrastructure to be linked with other government identity systems (e.g., RealMe) or private sector digital wallets.

4. Third-Party and Law Enforcement Access:
Please provide the policy or procedural documents that outline:

a) How law enforcement officers will access and verify the DDL.
b) The framework for allowing private sector businesses to verify age or identity using the DDL, and what data they will receive.
c) The circumstances under which law enforcement agencies can request access to the historical log of a person's DDL authentications.
d) Whether any third parties (commercial or otherwise) will be able to access any part of the transactional metadata, either in real-time or historically.

5. Security and Biometrics:
Please provide any documents discussing the security measures for the DDL, including the use of biometrics (e.g., facial recognition, fingerprint) for unlocking or authenticating the credential.

6. Privacy

a) Privacy Impact Assessments (PIAs):
Please provide a copy of all PIAs or similar risk analyses for the DDL project. I specifically request any sections that discuss the risks associated with the creation, storage, and use of transactional logs or metadata.

b) Will a central log be created by Waka Kotahi (or another government agency) each time a citizen uses their DDL to authenticate with a third party (e.g., a business or law enforcement)?

c) If so, what specific data fields will be recorded in this central log? For example, will it include the citizen's identifier, the verifier's identifier, the date/time stamp, the location, and the type of verification (e.g., "age check")?

d) What is the policy regarding the retention period for this transactional log data?

7. Data Aggregation

Please provide any policy or technical documents that discuss plans for the anonymisation or aggregation of DDL usage data. Specifically:

a) Are there plans to use the aggregated metadata for statistical analysis, policy research, or pattern analysis?
b) What measures will be in place to ensure that "anonymised" data cannot be re-identified?

This request is made in the public interest to ensure transparency and accountability for a foundational piece of New Zealand's digital identity infrastructure. Understanding the design choices, particularly regarding international standards and data sharing, is critical for public debate.

If any part of this request is to be refused, please provide the specific grounds for refusal and consider whether a summary or excerpt of the information can be provided.

Yours faithfully,

Charlie Drummond