Coronavirus protection. Mature  man in the city after the work day, wearing protective mask on the face. Calling for a taxi.

The ‘COVIDSafe Bill’: How safe is our data?

Malcolm Campbell ||

On 26 April 2020, the Federal Government launched the COVIDSafe app (App), which is a contact tracing app designed to trace close contacts of individuals who have tested positive for COVID-19. The Federal Government has encouraged Australians to download the App in a bid to slow the spread of COVID-19 and to begin lifting restrictions. However, there have been privacy concerns surrounding the App. To alleviate the concerns, the Federal Government released the draft Privacy Amendment (Public Health Contact Information) Bill 2020 (Cth) (Bill), which was introduced into Parliament in the week of 11 May 2020. The Bill will supersede the determination under the Biosecurity Act 2015 (Cth) and is an amendment to the Privacy Act 1988 (Cth) (Privacy Act).

What protections does the Bill introduce?

  1. The collection, use and disclosure of information from the App

The Bill specifies that the data from the App can only be collected, used or disclosed if a person is ‘employed by, or in the service of, a State or Territory health authority, and the collection, use or disclosure is for the purpose of . . . undertaking contact tracing‘. Data can also be collected or disclosed for the purpose of transferring encrypted data between mobiles or transferring data to the National COVIDSafe Data Store (Data Store).

  1. Penalties for contraventions

If someone collects, uses or discloses data from the App for purposes that are not permitted by the Act, they could receive the maximum penalty of five years imprisonment and/or a $63,000 fine.

  1. State and Territory health authorities subject to the Privacy Act

The Bill prescribes that State and Territory authorities are also subject to the Act to the extent that the authority deals with the App, or the activities of the authority relate to the App. They will be treated as ‘organisations’ under the Act to the extent that they deal with the App.

  1. Deletion of data

If an App user requests a data store administrator of the Data Store to delete any registration data, the National COVIDSafe Data Store administrator:

  1. ‘must take all reasonable steps to delete the data from the Data Store as soon as practicable; and,
  2. if it [is] not practicable to delete the data immediately – [the administrator] must not use or disclose the data for any purpose’.

In addition to the administrator’s requirement to delete any registration data upon request the administrator must also take reasonable steps to ensure that the App data is not retained on a device for more than 21 days from the date that the data is obtained.

  1. The end of the COVID-19 pandemic

A process for the deletion of the data from the App has also been outlined for the end of the COVID-19 pandemic. When the Health Minister determines that the COVIDSafe is no longer required, the National COVIDSafe Data Store administrator must:

  • not collect any App data, or make COVIDSafe available for download;
  • as soon as reasonably practicable, delete all App data from the Data Store; and,
  • take reasonable steps to inform all users that all data has been deleted, App data can no longer be collected, and that they should delete the App.

There is no requirement for any de-identified data to be deleted. However, as the data is currently stored in Australia, there is some additional comfort in the fact that the data is hosted by local infrastructure.

Who will manage complaints?

The Office of the Australian Information Commissioner will manage complaints with respect to the App.


It is evident that the Bill is a positive step forward in providing additional privacy protections for users of the App. The Bill provides some clarity by clearly stating the purposes for which App data can be collected, used and disclosed, broadening the organisations that may be subject to the Act, giving users the ability to request the deletion of their registration data, and providing a process for the deletion of App data when the COVID-19 pandemic is over.

If you have any questions or concerns relating to any of the items discussed in this blog, please do not hesitate to contact a member of Coleman Greig’s Commercial Advice team, who would be more than happy to assist you today.


Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.


More posts

Understanding roles in the strata scheme

A strata scheme is a building or group of buildings that have been divided into lots which can be apartments, villas, offices, units or townhouses. This will be articulated in the strata plan.

Can i put my home on Airbnb?

Airbnb is a form of short-term rental accommodation. To add your property to Airbnb in NSW, you are required to meet several laws and regulations governing short-term rentals.

When are liquidators required to seek approval to retain legal counsel?

When does a liquidator (or the company he or she is appointed to) need court, creditor, or committee approval to validly retain a solicitor to act in a liquidation matter which is likely to extend for longer than three months?  The answer to this question has only recently been settled.

Proposed changes to building and construction law in NSW

The Building Bill 2022 (the Bill) is the key avenue through which the NSW Government has proposed to reshape the culture of the building and construction industry by eliminating poor performance and improving the quality of building statewide.

Can you dismiss an employee who fails to return to the office?

Slowly but surely, most employers are requiring employees to return to the office for at least a portion of their working week. Some employers continue to struggle with employees resistant to returning to the office or those who have an expectation that they can continue to work from home whenever it suits them.

New powers to combat phoenixing in construction

The rise of phoenixing in the building and construction industry in Australia in recent years has proved a significant challenge to regulators. Mismanagement of time or cashflow can quickly propel businesses into insolvency.

The NSW Building Commission’s extraordinary powers

In late 2023, the NSW Government passed the Building Legislation Amendment Bill 2023 (Amendment Bill). The Amendment Bill established the NSW Building Commission and granted it extraordinary powers to enter construction sites, inspect work and take away information and materials.

© 2024 Coleman Greig Lawyers   |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230