Kia ora Charlie

 

This email acknowledges your below request for information made under the
Official Information Act 1982.

 

Your request has been forwarded to the appropriate section of NZ Transport
Agency Waka Kotahi for response. They will contact you if they require
clarification of your request, more time to respond, or if your request
has been transferred to another organisation to respond to. Unless more
time is required, NZ Transport Agency will send a response to you within
20 working days of receiving your request – in this instance on or before
19 December 2025.

 

If you would like to discuss your request with NZ Transport Agency, please
contact us by email at [1][NZTA request email].

 

Ngâ mihi

 

Ministerial Services
Te Waka Kôtuia | Engagement & Partnerships
NZ Transport Agency Waka Kotahi

[2]Connect with us on Social Media

 

[3][IMG]

 

 

 

-----Original Message-----
From: Charlie Drummond <[FOI #32965 email]>
Sent: Sunday, 23 November 2025 11:07 am
To: Official Correspondence <[email address]>
Subject: Official Information request - Request for Information on the
Digital Driver's Licence (DDL) Project

 

[You don't often get email from
[4][FOI #32965 email]. Learn why this is
important at [5]https://aka.ms/LearnAboutSenderIdentific... ]

 

Dear New Zealand Transport Agency,

 

This is a request for official information under the Official Information
Act 1982 regarding the development of the New Zealand Digital Driver's
Licence (DDL).

 

I am requesting documents that will allow the public to understand the
project's privacy implications, data security framework, and any
international interoperability considerations.

 

1. Privacy Impact Assessments (PIAs):

Please provide a copy of all Privacy Impact Assessments (PIAs),
privacy-by-design documents, or similar risk analyses that have been
completed for the DDL project.

 

2. International Standards and Interoperability:

Please provide any documents, briefing papers, or meeting minutes that
discuss the adoption of international standards for the DDL.

 

Specifically, I am requesting information that addresses:

 

a) The adoption of ISO/IEC 18013-5 (the international standard for mobile
driver's licences).

b) Any discussions, consultations, or agreements with international bodies
or other nations (including, but not limited to, Australia, the United
Kingdom, the United States, and Canada) regarding cross-border recognition
or technical interoperability of digital identity credentials. If
specifics cannot be given for any valid reason please confirm where such
discussions have taken place with a given nation.

 

3. Data Sharing and Architecture:

 

Please provide any documents that describe the proposed data architecture
of the DDL system.

 

Specifically:

 

a) A high-level diagram or description of how the DDL app will interact
with the central Motor Vehicle Register.

b) The policy or technical specifications outlining what information is
shared during a typical verification event (e.g., with Police, or a
private entity like a bar or rental car agency).

c) Any documents detailing the potential for the DDL infrastructure to be
linked with other government identity systems (e.g., RealMe) or private
sector digital wallets.

 

4. Third-Party and Law Enforcement Access:

Please provide the policy or procedural documents that outline:

 

a) How law enforcement officers will access and verify the DDL.

b) The framework for allowing private sector businesses to verify age or
identity using the DDL, and what data they will receive.

c) The circumstances under which law enforcement agencies can request
access to the historical log of a person's DDL authentications.

d) Whether any third parties (commercial or otherwise) will be able to
access any part of the transactional metadata, either in real-time or
historically.

 

5. Security and Biometrics:

Please provide any documents discussing the security measures for the DDL,
including the use of biometrics (e.g., facial recognition, fingerprint)
for unlocking or authenticating the credential.

 

6. Privacy

 

a) Privacy Impact Assessments (PIAs):

Please provide a copy of all PIAs or similar risk analyses for the DDL
project. I specifically request any sections that discuss the risks
associated with the creation, storage, and use of transactional logs or
metadata.

 

b) Will a central log be created by Waka Kotahi (or another government
agency) each time a citizen uses their DDL to authenticate with a third
party (e.g., a business or law enforcement)?

 

c) If so, what specific data fields will be recorded in this central log?
For example, will it include the citizen's identifier, the verifier's
identifier, the date/time stamp, the location, and the type of
verification (e.g., "age check")?

 

d) What is the policy regarding the retention period for this
transactional log data?

 

7. Data Aggregation

 

Please provide any policy or technical documents that discuss plans for
the anonymisation or aggregation of DDL usage data. Specifically:

 

a) Are there plans to use the aggregated metadata for statistical
analysis, policy research, or pattern analysis?

b) What measures will be in place to ensure that "anonymised" data cannot
be re-identified?

 

This request is made in the public interest to ensure transparency and
accountability for a foundational piece of New Zealand's digital identity
infrastructure. Understanding the design choices, particularly regarding
international standards and data sharing, is critical for public debate.

 

If any part of this request is to be refused, please provide the specific
grounds for refusal and consider whether a summary or excerpt of the
information can be provided.

 

Yours faithfully,

 

Charlie Drummond

 

-------------------------------------------------------------------

 

This is an Official Information request made via the FYI website.

 

Please use this email address for all replies to this request:

[6][FOI #32965 email]

 

Is [7][NZTA request email] the wrong address for Official
Information requests to New Zealand Transport Agency? If so, please
contact us using this form:

[8]https://aus01.safelinks.protection.outlo...

 

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:

[9]https://aus01.safelinks.protection.outlo...

 

If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.

 

 

-------------------------------------------------------------------

 

This message, together with any attachments, may contain information that
is classified and/or subject to legal privilege. Any classification
markings must be adhered to. If you are not the intended recipient, you
must not peruse, disclose, disseminate, copy or use the message in any
way. If you have received this message in error, please notify us
immediately by return email and then destroy the original message. This
communication may be accessed or retained by NZ Transport Agency Waka
Kotahi for information assurance purposes.

References

Visible links
1. mailto:[NZTA request email]
2. https://www.nzta.govt.nz/contact-us/conn...
3. https://nzta.govt.nz/
4. mailto:[FOI #32965 email]
5. https://aka.ms/LearnAboutSenderIdentific...
6. mailto:[FOI #32965 email]
7. mailto:[NZTA request email]
8. https://fyi.org.nz/change_request/new?bo...
9. https://fyi.org.nz/help/officers

hide quoted sections