Waiting for an Uber

The ‘COVIDSafe Bill’: How safe is our data?

Malcolm Campbell ||

On 26 April 2020, the Federal Government launched the COVIDSafe app (App), which is a contact tracing app designed to trace close contacts of individuals who have tested positive for COVID-19. The Federal Government has encouraged Australians to download the App in a bid to slow the spread of COVID-19 and to begin lifting restrictions. However, there have been privacy concerns surrounding the App. To alleviate the concerns, the Federal Government released the draft Privacy Amendment (Public Health Contact Information) Bill 2020 (Cth) (Bill), which was introduced into Parliament in the week of 11 May 2020. The Bill will supersede the determination under the Biosecurity Act 2015 (Cth) and is an amendment to the Privacy Act 1988 (Cth) (Privacy Act).

What protections does the Bill introduce?

  1. The collection, use and disclosure of information from the App

The Bill specifies that the data from the App can only be collected, used or disclosed if a person is ‘employed by, or in the service of, a State or Territory health authority, and the collection, use or disclosure is for the purpose of . . . undertaking contact tracing‘. Data can also be collected or disclosed for the purpose of transferring encrypted data between mobiles or transferring data to the National COVIDSafe Data Store (Data Store).

  1. Penalties for contraventions

If someone collects, uses or discloses data from the App for purposes that are not permitted by the Act, they could receive the maximum penalty of five years imprisonment and/or a $63,000 fine.

  1. State and Territory health authorities subject to the Privacy Act

The Bill prescribes that State and Territory authorities are also subject to the Act to the extent that the authority deals with the App, or the activities of the authority relate to the App. They will be treated as ‘organisations’ under the Act to the extent that they deal with the App.

  1. Deletion of data

If an App user requests a data store administrator of the Data Store to delete any registration data, the National COVIDSafe Data Store administrator:

  1. ‘must take all reasonable steps to delete the data from the Data Store as soon as practicable; and,
  2. if it [is] not practicable to delete the data immediately – [the administrator] must not use or disclose the data for any purpose’.

In addition to the administrator’s requirement to delete any registration data upon request the administrator must also take reasonable steps to ensure that the App data is not retained on a device for more than 21 days from the date that the data is obtained.

  1. The end of the COVID-19 pandemic

A process for the deletion of the data from the App has also been outlined for the end of the COVID-19 pandemic. When the Health Minister determines that the COVIDSafe is no longer required, the National COVIDSafe Data Store administrator must:

  • not collect any App data, or make COVIDSafe available for download;
  • as soon as reasonably practicable, delete all App data from the Data Store; and,
  • take reasonable steps to inform all users that all data has been deleted, App data can no longer be collected, and that they should delete the App.

There is no requirement for any de-identified data to be deleted. However, as the data is currently stored in Australia, there is some additional comfort in the fact that the data is hosted by local infrastructure.

Who will manage complaints?

The Office of the Australian Information Commissioner will manage complaints with respect to the App.

Conclusion

It is evident that the Bill is a positive step forward in providing additional privacy protections for users of the App. The Bill provides some clarity by clearly stating the purposes for which App data can be collected, used and disclosed, broadening the organisations that may be subject to the Act, giving users the ability to request the deletion of their registration data, and providing a process for the deletion of App data when the COVID-19 pandemic is over.

If you have any questions or concerns relating to any of the items discussed in this blog, please do not hesitate to contact a member of Coleman Greig’s Commercial Advice team, who would be more than happy to assist you today.

Share:

Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.

Categories
Archives
Author

More posts

Are you liable for labour hire workers if they are injured?

Many employers (host employers) engage employees of labour hire companies, particularly in the building and construction, hospitality and manufacturing industries. Such arrangements provide flexibility, reduced admin responsibilities, and increased access to diverse and skilled workers. However, what happens when one of these employees gets injured at the host employer’s work site? Who is liable for the injuries?

Part 1- The risks with cyber attacks and data breaches

Part 1 of a four-part series on your business’ responsibilities related to cyber attacks and data breaches. Cyber attacks and data breaches are the top business risk in Australia according to Aon’s 2023 Global Risk Management Survey.

Help! My builder won’t finish the job – what do I do?

It’s normal for building projects to experience setbacks during construction.  However, in extreme cases your builder may suspend works and leave the site or disappear without explanation. This article will explain your available options if your builder won’t return to the site, and how to avoid the common pitfalls which may affect your rights against your builder.

Is your intellectual property secure?

Securing intellectual property (IP) is critical in today’s competitive and increasingly digital landscape. From innovative startups to established enterprises, big or small, safeguarding your business’ intellectual assets can help ensure sustained competitiveness, legal protection and set you up to capitalise on your unique creations.

Out with the old (section 260) and in with the new (Part IVA)

Part IVA overcomes deficiencies of section 260 of the Income Tax Assessment Act (ITAA), exposed by judicial decisions. Part IVA was introduced, albeit with limitations on scope, to provide an appropriate balance between combatting tax avoidance without discouraging commercial and familial transactions.

The ‘COVIDSafe Bill’: How safe is our data?

© 2024 Coleman Greig Lawyers  |  Sitemap  |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230