This week is Privacy Awareness Week, an initiative of the Asia Pacific privacy authorities designed to raise awareness and support privacy related initiatives. The theme this year is “Reboot your Privacy”.
Privacy has been particularly topical during the COVID – 19 pandemic and made particularly so by the release of the COVIDSafe app, the Privacy Impact Assessment into the COVIDSafe app and now the draft legislation.
The draft legislation will codify the existing protections for individuals’ data collected by the COVIDSafe app that have been established in the Health Minister’s Biosecurity Act Determination. The Privacy Amendment (Public Health Contact Information) Bill 2020, is intended to reinforce the protections set out in the Determination made by the Minister for Health under the Biosecurity Act 2015 on 25 April 2020, by placing the protections into primary legislation through amendments to the Privacy Act 1988. Under the Determination, it is a criminal offence to collect, use or disclose COVIDSafe app data for a purpose that is not related to contact tracing. It is also a criminal offence to coerce a person to use the app, to store or transfer COVIDSafe app data to a country outside Australia and to decrypt app data. A maximum penalty of 5 years imprisonment or $63,000 applies to breaches of the Determination.
The draft Bill seeks to clarify the enforcement mechanisms for the penalties that are already in place against misuse of data from the COVIDSafe app. Criminal offences under the Bill can be investigated by the Australian Federal Police. Individuals can also have their complaints heard by the Office of the Australian Information Commissioner or the relevant State or Territory privacy regulator if appropriate. Under the Bill, the eligible data breach regime (under Part IIIC of the Privacy Act 1988) will apply to COVIDSafe app data and breaches reportable to the affected individual and the Privacy Commissioner.
The Bill is due to be introduced to Parliament next week for further debate.
As anticipated, the issues for debate raise complex matters of data protection and broader questions as to accountability for such a sensitive data set and rights of redress for individuals.
Also debatable are questions as to the:
- constitutional validity of some of the provisions relating to the administration of state based health department entities;
- appropriateness of provisions which purport to create proprietary rights for the Commonwealth Government in some types of COVIDSafe app data.
The materials represent the collective thoughts of a large cross section of privacy practitioners which have already been shared by members of civil society, The Law Council of Australia, the Attorney General’s Department and various privacy forums and industry associations. In addition the Law Council’s principles, released on 24 April may provide useful background and guidance.
We at ACC Australia share these with you for your consideration and to use where appropriate to help express your position or the position of your respective organisations (if any).
Should you wish to contribute to the submission or have any queries please do not hesitate to contact us at firstname.lastname@example.org.