National privacy regulator set to publish COVID-19 app investigation findings

By Shannon Jenkins

Thursday November 19, 2020


The Office of the Australian Information Commissioner (OAIC) will soon detail its findings from an audit of the federal government’s COVID-19 contact tracing app, in a report to be released by the end of the year.

The national privacy regulator has been investigating the handling of personal information by the COVIDSafe app, including compliance with strict protections.

The incoming report will contain findings and recommendations from the first in a series of five assessments, which information and privacy commissioner Angelene Falk said have been examining compliance and risk throughout the “information lifecycle” of app data.

“Our assessment program is examining the handling of personal information as it travels through the COVIDSafe app system, from notification, collection and storage, to access and deletion, including when the National COVIDSafe Data Store is deleted at the end of the pandemic,” she said.

Read more: Five years in prison for those who misuse COVID-19 tracing app

Back in May, the Morrison government amended the Privacy Act to protect COVID app data and provide the OAIC with an oversight and assurance role. Under the COVIDSafe provisions, the purpose for which data can be collected, used or disclosed has been limited, and data must be stored in Australia. There are also penalties for breaches of the law.

“The privacy protections within the system were enshrined in law to give Australians confidence that their personal information will be safeguarded when they download and use the app. The changes to the Privacy Act 1988 also provided additional oversight powers for my office, including over state and territory health authorities accessing COVID app data,” Falk said.

Under the assessment program, the OAIC is examining:

  • Access controls applied to the National COVIDSafe Data Store by the Data Store Administrator,
  • Access controls applied to the use of COVID app data by state or territory health authorities,
  • Functionality of the COVIDSafe app against specified privacy protections set out under the COVIDSafe privacy policy and collection notices,
  • Compliance of the Data Store Administrator with data handling and deletion requirements,
  • The compliance of the Data Store Administrator with the deletion and notification requirements which relate to the end of the pandemic.

The federal government repeatedly encouraged Australians to download the app — which cost roughly $70 million to develop — when it launched in April, but became increasingly quiet as the app was found to be largely ineffective.

Read more: Christian Porter to block police from accessing COVID-19 app metadata


About the author
Inline Feedbacks
View all comments