Top of page

Article Australia: Privacy Protections Applicable to COVID-19 Contact Tracing App Enacted

(May 29, 2020) On May 15, 2020, the Privacy Amendment (Public Health Contact Information) Act 2020 (Cth) was enacted in Australia. The act adds a new part to the Privacy Act 1988 (Cth) that specifically regulates the use and disclosure of data collected when people download and use the Australian government’s COVID-19 contact tracing mobile phone application, COVIDSafe.

About the App

The COVIDSafe app was launched on April 26, 2020. The app is voluntary to download and uses Bluetooth to detect and record a person’s contacts with other users; it does not record location information. The app generates encrypted references codes for each user and also stores, in an encrypted form, the date, time, and proximity of a user’s contacts on their phone. Users are unable to access this information. User contacts are automatically deleted 21 days after they have been stored on the phone.

When a user tests positive for COVID-19, state and territory health officials who undertake contact tracing will ask the user for permission to upload the data from the app into a central storage system. The information will then be used to support their usual contact tracing processes.

At the end of the pandemic, users will be prompted to delete the app, and all information in the central storage system will also be deleted.

The privacy policy applicable to the app is available online.

Interim Determination

At the time the app was launched, the minister for health issued an interim determination under the Biosecurity Act 2015 (Cth) containing privacy protections that would apply until primary legislation was enacted. The provisions of the determination ensured that data from the app would be used only to support contact tracing efforts; required that users consent to have data from their device uploaded to the data store; prevented app data from being retained or disclosed outside Australia; required that all data in the data store be deleted at the end of the pandemic; and provided that no one can be forced to download or use the app or upload data to the data store. A breach of these requirements was made a criminal offense.

Legislation

The government introduced a bill to enshrine and extend the above protections into law on May 12, 2020. The bill was enacted on May 15, 2020. The resulting Privacy Amendment (Public Health Contact Information) Act 2020 contained additional protections that included providing for the national privacy regulator—the Office of the Australian Information Commissioner (OAIC)—to have oversight of the app data; extending the Privacy Act’s Notifiable Data Breaches provisions to apply to the app data; legally obligating the administrator of the data store to delete registration data on request; setting out a process for data to be deleted at the end of the pandemic; and requiring that the minister for health and the OAIC submit reports regarding the app.

Impact of the App

On May 24, 2020, the minister for health stated that the COVIDSafe app had reached six million downloads (about 23% of the total population) and that it is “helping state and territory public health officials automate and improve manual contact tracing of the coronavirus.” He further stated that “the COVIDSafe app is playing a significant role in Australia’s world-leading health response to the coronavirus pandemic, with several countries having expressed interest in learning from its positive impacts in Australia.”

However, various commentators have raised concerns about the app, including its effectiveness and privacy implications, and have argued that use of the data by state and territory officials has so far been very limited.

About this Item

Title

  • Australia: Privacy Protections Applicable to COVID-19 Contact Tracing App Enacted

Online Format

  • web page

Rights & Access

Publications of the Library of Congress are works of the United States Government as defined in the United States Code 17 U.S.C. §105 and therefore are not subject to copyright and are free to use and reuse.  The Library of Congress has no objection to the international use and reuse of Library U.S. Government works on loc.gov. These works are also available for worldwide use and reuse under CC0 1.0 Universal. 

More about Copyright and other Restrictions.

For guidance about compiling full citations consult Citing Primary Sources.

Credit Line: Law Library of Congress

Cite This Item

Citations are generated automatically from bibliographic data as a convenience, and may not be complete or accurate.

Chicago citation style:

Buchanan, Kelly. Australia: Privacy Protections Applicable to COVID-19 Contact Tracing App Enacted. 2020. Web Page. https://www.loc.gov/item/global-legal-monitor/2020-05-29/australia-privacy-protections-applicable-to-covid-19-contact-tracing-app-enacted/.

APA citation style:

Buchanan, K. (2020) Australia: Privacy Protections Applicable to COVID-19 Contact Tracing App Enacted. [Web Page] Retrieved from the Library of Congress, https://www.loc.gov/item/global-legal-monitor/2020-05-29/australia-privacy-protections-applicable-to-covid-19-contact-tracing-app-enacted/.

MLA citation style:

Buchanan, Kelly. Australia: Privacy Protections Applicable to COVID-19 Contact Tracing App Enacted. 2020. Web Page. Retrieved from the Library of Congress, <www.loc.gov/item/global-legal-monitor/2020-05-29/australia-privacy-protections-applicable-to-covid-19-contact-tracing-app-enacted/>.