26 April 2020

The Australian Government today released the COVIDSafe contact tracing app, a public health initiative to help combat the spread of COVID-19.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said that important safeguards have been put in place to protect personal information collected through the app so it can be used to help address this public health crisis.

Commissioner Falk welcomed the public release of the Privacy Impact Assessment commissioned by the Department of Health, which considered the app’s privacy impacts and made recommendations to improve privacy protections.

“The Privacy Impact Assessment has provided transparency and accountability for the use of personal information, and supports community confidence in the app,” Commissioner Falk said.

“It is positive that the Government accepted the recommendations of the assessment and that important legal safeguards are in place, including the determination under the Biosecurity Act 2015 to further protect information collected by the app.

“This ensures that the app must be voluntary, and that personal information collected can only be used for purposes related to contact tracing. It also puts important deletion and time limitations in place.”

Under the Australian Government Agencies Privacy Code, an agency must undertake a written Privacy Impact Assessment for projects involving new ways of handling personal information.

“My office has worked constructively to provide advice and guidance to Government as it considered the privacy issues through its Privacy Impact Assessment,” Commissioner Falk said.

The Office of the Australian Information Commissioner (OAIC) will have independent oversight of personal information handling by the app and the National COVIDSafe Data Store.

“My office will watch the implementation of the contact tracing app closely. We can audit the system and investigate complaints from the public about privacy issues.

“We will also closely review the legislation that is intended to be introduced and monitor the implementation of the Privacy Impact Assessment recommendations.”