COVID-19 check-in apps privacy FAQs

9 August 2021
Tags: COVID-19

What are COVID-19 check-in apps?

As a result of the COVID-19 pandemic, state and territory public health orders require certain businesses to collect personal information from individuals for the purpose of contact tracing.  

The requirements of the public health orders vary across states and territories. This includes the types of businesses they apply to and the personal information you will be asked to provide.

All Australian state and territory governments have now made QR code-based check-in apps available for this purpose.

Most states and territories have mandated the use of their government app for contact tracing.

Can someone make me use a check-in app?

The Australian Privacy Act 1988 allows businesses to collect personal information if it is required by law, such as a public health order.

If a state or territory public health order applies to the business, they are required to collect your contact information before you enter their premises.

Most states and territories have mandated the use of their government app for this purpose.

In most cases, if electronic registration is unavailable or you do not have a smartphone, you may be asked to provide your contact information manually.

What privacy protections are in place for check-in apps?

Privacy protections for state and territory government check-in apps vary and are subject to the relevant jurisdictions’ laws.

State and territory government check-in apps only store information for a certain period (generally 28 days) before the information must be deleted. 

Only the minimum amount of information permitted under the relevant public health order can be collected and the information can only be used for contact tracing purposes, unless otherwise required by or authorised under law.

Does section 94H of the Privacy Act apply to check-in apps?

No. Section 94H of the Australian Privacy Act makes it an offence for anyone to be required to download or use the Australian Government’s COVIDSafe app – this offence does not apply to other check-in apps.

If a business is required under a public health order to collect your personal information for contact tracing purposes, and they ask you to provide your details through a state or territory government app, or through a QR check-in app developed by a private business, this is not an offence.

Most states and territories have mandated the use of their government app for contact tracing purposes.

The COVIDSafe app is a voluntary app and is different to check-in apps as it uses Bluetooth technology to identify other users who you have come into close contact with.

Read our guidance on the COVIDSafe app and your privacy rights for more information.

Who oversees the privacy protections for check-in apps?

The enforcement of privacy protections for state and territory government check-in apps is a matter for state and territory governments.

If a public health order permits the use of QR check-in apps developed by private businesses, many of these private businesses will be covered by the Australian Privacy Act. These businesses must comply with the Australian Privacy Principles.

How can I make a privacy enquiry or complaint?

If your privacy enquiry or complaint is about a state or territory government check-in app, you should contact the privacy authority in your state or territory (or relevant health authority for states and territories without privacy laws). Find out who regulates privacy laws in your state or territory.

You can also contact the health department in your state or territory if your enquiry relates to compliance with a public health order:

If your privacy enquiry or complaint is about a QR check-in app developed by a private business, you can contact the OAIC.