Waiting for an Uber

The ‘COVIDSafe Bill’: How safe is our data?

Malcolm Campbell ||

On 26 April 2020, the Federal Government launched the COVIDSafe app (App), which is a contact tracing app designed to trace close contacts of individuals who have tested positive for COVID-19. The Federal Government has encouraged Australians to download the App in a bid to slow the spread of COVID-19 and to begin lifting restrictions. However, there have been privacy concerns surrounding the App. To alleviate the concerns, the Federal Government released the draft Privacy Amendment (Public Health Contact Information) Bill 2020 (Cth) (Bill), which was introduced into Parliament in the week of 11 May 2020. The Bill will supersede the determination under the Biosecurity Act 2015 (Cth) and is an amendment to the Privacy Act 1988 (Cth) (Privacy Act).

What protections does the Bill introduce?

  1. The collection, use and disclosure of information from the App

The Bill specifies that the data from the App can only be collected, used or disclosed if a person is ‘employed by, or in the service of, a State or Territory health authority, and the collection, use or disclosure is for the purpose of . . . undertaking contact tracing‘. Data can also be collected or disclosed for the purpose of transferring encrypted data between mobiles or transferring data to the National COVIDSafe Data Store (Data Store).

  1. Penalties for contraventions

If someone collects, uses or discloses data from the App for purposes that are not permitted by the Act, they could receive the maximum penalty of five years imprisonment and/or a $63,000 fine.

  1. State and Territory health authorities subject to the Privacy Act

The Bill prescribes that State and Territory authorities are also subject to the Act to the extent that the authority deals with the App, or the activities of the authority relate to the App. They will be treated as ‘organisations’ under the Act to the extent that they deal with the App.

  1. Deletion of data

If an App user requests a data store administrator of the Data Store to delete any registration data, the National COVIDSafe Data Store administrator:

  1. ‘must take all reasonable steps to delete the data from the Data Store as soon as practicable; and,
  2. if it [is] not practicable to delete the data immediately – [the administrator] must not use or disclose the data for any purpose’.

In addition to the administrator’s requirement to delete any registration data upon request the administrator must also take reasonable steps to ensure that the App data is not retained on a device for more than 21 days from the date that the data is obtained.

  1. The end of the COVID-19 pandemic

A process for the deletion of the data from the App has also been outlined for the end of the COVID-19 pandemic. When the Health Minister determines that the COVIDSafe is no longer required, the National COVIDSafe Data Store administrator must:

  • not collect any App data, or make COVIDSafe available for download;
  • as soon as reasonably practicable, delete all App data from the Data Store; and,
  • take reasonable steps to inform all users that all data has been deleted, App data can no longer be collected, and that they should delete the App.

There is no requirement for any de-identified data to be deleted. However, as the data is currently stored in Australia, there is some additional comfort in the fact that the data is hosted by local infrastructure.

Who will manage complaints?

The Office of the Australian Information Commissioner will manage complaints with respect to the App.

Conclusion

It is evident that the Bill is a positive step forward in providing additional privacy protections for users of the App. The Bill provides some clarity by clearly stating the purposes for which App data can be collected, used and disclosed, broadening the organisations that may be subject to the Act, giving users the ability to request the deletion of their registration data, and providing a process for the deletion of App data when the COVID-19 pandemic is over.

If you have any questions or concerns relating to any of the items discussed in this blog, please do not hesitate to contact a member of Coleman Greig’s Commercial Advice team, who would be more than happy to assist you today.

Share:

Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.

Categories
Archives
Author

More posts

Festive season: Managing public holiday work obligations

Employers are gearing up for a run of public holidays. Provisions requiring an employee to work on a public holiday in certain circumstances have been commonplace and not overly concerning. However, the Federal Court recently held that such a provision contravened the National Employment Standards.

Employers should exercise caution when dismissing during probationary period

Can you dismiss an employee during the probationary period? Yes, but a recent case is a lesson in caution. The recent Federal Court decision of ‘Dabboussy v Australian Federation of Islamic Councils’ is a warning to employers to consider the importance of timing if dismissing an employee during probation.

The business impacts from the Government’s new cyber security laws

Cybercrime ‘is a multibillion-dollar industry that threatens the wellbeing and security of every Australian’. In an effort to combat the impact on businesses and individuals, the Australian Government has introduced cyber security legislative reforms into the Parliament.

A guide to intrafamily adoption

Adoption is the process where a parent’s legal rights for their child are transferred to another person. The formal adoption of a stepchild or close relative is known as intrafamily adoption.

Passenger movement and visa data-matching by the ATO

Heading overseas for work or a holiday? Taxation issues, including tax residency, should be on front of mind when departing from or arriving to Australia. Why? Because the Australian Taxation Office (ATO) can follow your footprints and, if you’re not careful, spring unexpected taxes on you.

Is it really necessary for my executor to have so many powers?

People often question why the executor of their estate needs to have so many powers. Simply put – if your executor isn’t given any additional powers by your Will, then they are limited to what is set out in the Trustee Act. One area that this can lead to issues in, is the family home – particularly if beneficiaries aren’t in agreement.

Essential terms of a commercial lease

A commercial lease is a contract that details the rights and obligations of a tenant and landlord. So, what are the necessary terms of a commercial lease?

Responding to data breaches

In the final part of our four-part series on your business’ responsibilities related to cyber attacks and data breaches, Special Counsel John Bennett how businesses should respond to data breaches, including application and requirements of the Notifiable Data Breaches Scheme.

© 2024 Coleman Greig Lawyers  |  Sitemap  |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230