New COVIDSafe App Privacy Act Receives Assent

Monday 18 May 2020 @ 11.20 a.m. | Judiciary, Legal Profession & Procedure | Torts, Damages & Civil Liability

The Privacy Amendment (Public Health Contact Information) Bill 2020 (Cth) (the Bill) was introduced into Federal Parliament on 12 May 2020 by Mr Porter, the Commonwealth Attorney-General and was passed the Senate on 14 May 2020. The Bil lwas assented to on 15 May 2020, and is now the Privacy Amendment (Public Health Contact Information) Act 2020 (Act No. 44 of 2020) (the legislation). According to the Attorney-Genera,l the legislation introduces strong privacy protections that apply to data collected through the COVIDSafe app and is intended to facilitate the COVID-19 contact tracing efforts of the State and Territory health authorities. 

Overview and Purpose

In a joint Media Release with the Minister for Health, Greg Hunt, the Attorney-General indicated that the COVIDSafe app was an important tool in the fight against COVID-19, and the Privacy Amendment (Public Health Contact Information) Act 2020, should give Australians full confidence that their private information is in safe hands, saying:

“This legislation clearly defines the very limited circumstances in which COVIDSafe data can be collected, used or disclosed, as well as prescribing significant criminal and civil penalties for any misuse, . . . That includes jail terms of up to five years, or a fine of $63,000 per offence. It is also a criminal offence under the legislation for anyone to coerce a person to use the app, to store or transfer COVIDSafe data to a country outside Australia, and to decrypt app data.”

The Minister for Health indicated that the COVIDSafe app had already been downloaded more than 5.68 million times and said:

“The COVIDSafe app will help protect people and the community. It will enable public health officials to quickly notify individuals who have been in contact with a person who has tested positive, . . . Having an extra level of community protection gives the Government the confidence it needs to continue easing restrictions, and reopen our economy.”

In broad terms, breaches of privacy protections will, under the legislation, be subject to criminal offences, and privacy protections will be overseen by the Australian Information Commissioner (the Commissioner) under the Privacy Act 1988 (Cth). Part of the oversight will be the inclusion of the ability for individuals to make complaints to the Commissioner. 

The privacy protections ensure that individuals must not be required to download, use or upload data through COVIDSafe app by any person, and that informed consent is required before the Commonwealth is able to collect data relating to a person through the COVIDSafe app. The protections also limit the ability to disclose COVID app data that is or has been stored in the Commonwealth’s National COVIDSafe Data Store outside of Australia. Under the legislation, data can only be accessed by authorised state and territory health officials for contact tracing purposes after a user who has tested positive to the virus consents to their encrypted data being uploaded.

The Commonwealth will also be required to delete the National COVIDSafe Data Store when COVIDSafe is no longer required or is no longer likely to be effective as part of Australia’s response to COVID-19 (which must be determined based on expert medical advice).

The legislation replaces the previous protections introduced by Ministerial Determination under the Biosecurity Act on 25 April 2020.

Legislation Supported by the Opposition

According to news reports, the Opposition has been working with the Government since the release of the draft of the legislation, and agreed on changes to the legislation which enabled the quick passage of the legislation through Parliament. However, a number of proposals from the Opposition, such as extra funding for the privacy office to conduct its oversight role, were rejected by the government. Mark Dreyfus, the Shadow Attorney-General, was reported as confirming that the opposition would support the legislation in both houses:

“One of the reasons I support the passage of this Bill is the very positive engagement I have had with the Attorney-General over the last week. Following the release of the draft legislation, I approached the Attorney-General with a number of suggestions for improving the Bill and boosting confidence, ... This is now a stronger and better piece of legislation as a result of the constructive engagement between Labor and the government. And this is not the case of set and forget. We will be keeping an eye on how the measures are being implemented to ensure they are effective and working as intended...”


The changes from the draft legislation the Opposition claims to have influenced are:

  •  greater clarity around what data is protected by the privacy safeguards, 
  •  greater oversight from the Office of the Commissioner, 
  • the ability for the Commissioner to continue an investigation even if there is a concurrent criminal investigation, and 
  •  new public reporting requirements.

Under the new legislation, both the Attorney-General and the Commissioner will have to report every six months on the operation and effectiveness of the COVIDSafe app. The changes also prevent the Department of Health from delegating any of its administrator functions over the national data store to an enforcement or intelligence agency.

Recommendations made by the opposition not taken up by the government were extra funding for the Commissioner to conduct its oversight role on the COVIDSafe app, and the appointment of a standalone privacy commissioner to deal with matters relating to the COVIDSafe app. The government's response was that the Commissioner's office did not need any additional resources to take on the COVIDSafe app work.

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products. Nothing on this website should be construed as legal advice and does not substitute for the advice of competent legal counsel.

Sources:

Privacy Amendment (Public Health Contact Information) Bill 2020 [Act No. 44 of 2020], second reading speech and explanatory material as reported in the TimeBase LawOne Service.

Media Release: Legislation for COVIDSafe App Privacy Protections (Attorney General's Department, 4 May 2020)

COVIDSafe laws get a new framework (Denham Sadler, InnovationAus, 14/05/2020)

Related Articles: