• GL
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Australia - New laws introduced to ease privacy concerns regarding the COVIDSafe app

27 May 2020
The federal government has passed legislation governing the collection, use and disclosure of  COVIDSafe app data as the government increases its efforts to get Australians to sign up and help track the spread of COVID-19.

New COVIDSafe legislation has been passed by the federal government to supplement the COVIDSafe app by providing strong, ongoing privacy protection. 

The Australian government launched the COVIDSafe app in late April. The app is designed to track, via Bluetooth, the movements of a person infected with COVID-19 to ensure state and territory health authorities can contact anyone that may have come into close contact with an infected individual.

The newly passed Privacy Amendment (Public Health Contact Information) Bill 2020 (Bill) governs how government entities collect, use and disclose COVIDSafe data and ensures that all data collected by the app is securely stored within Australia.

The legislation is aimed at giving Australians the confidence to download the app, as the government increases its efforts to get many more Australian citizens to sign up and help track the spread of COVID-19. At the time of writing, downloads of the app had reached 5.6 million.  

The legislation

The Bill was structured as an amendment to the Privacy Act 1988 (Cth) (Privacy Act). 

The approved amendments to the Privacy Act: 

  1. Ensures that COVIDSafe data can only be collected, used and disclosed by a person employed by, or in the service of, a state or territory health authority for the sole purpose of COVID-19 contact tracing;

  2. Requires users to provide consent before data from their device is uploaded, in encrypted form, to the National COVIDSafe Data Store (Data Store). The information uploaded to the Data Store can only be accessed by state and territory health authorities for the sole purpose of contact tracing;

  3. Extends the Privacy Act's Notifiable Data Breaches scheme (NDB Scheme) to apply to COVIDSafe data. The NBD Scheme requires organisations and agencies to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach involving COVIDSafe data is likely to result in serious harm;

  4. Grants the OAIC oversight of the COVIDSafe app. The OAIC will manage complaints about mishandling of COVIDSafe data and conduct relating to the maintenance and handing of data. If required, the OAIC can refer complaints to the Australia Federal Police;

  5. Requires that all COVIDSafe data stored on mobile devices and in the Data Store be deleted at the end of the COVID-19 pandemic; and

  6. Creates a series of offences punishable by up to five years in prison, a $63,000 fine, or both for anyone who collects, uses or discloses COVIDSafe data outside of the designated purposes, uploads COVIDSafe data to the Data Store without the users consent, or attempts to decrypt encrypted COVIDSafe data stored on a mobile device. It will also be an offence to require a person to download or use the app.

Further Information

If you have any questions or concerns, DWF has a team of expert Privacy lawyers who can advise you on Australian privacy law. Please do not hesitate to contact Alex Ninis or Marcus Hannah should you require further information.


We would like to acknowledge the contribution of Serpil Bilgic to this article.

Further Reading

We use cookies to give you the best user experience on our website. Please let us know if you accept our use of cookies.

Manage cookies

Your Privacy

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. We mainly use this information to ensure the site works as you expect it to, and to learn how we can improve the experience in the future. The information does not usually directly identify you, but it can give you a more personalised web experience.
Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change permissions. However, blocking some types of cookies may prevent certain site functionality from working as expected

Functional cookies

(Required)

These cookies let you use the website and are required for the website to function as expected.

These cookies are required

Tracking cookies

Anonymous cookies that help us understand the performance of our website and how we can improve the website experience for our users. Some of these may be set by third parties we trust, such as Google Analytics.

They may also be used to personalise your experience on our website by remembering your preferences and settings.

Marketing cookies

These cookies are used to improve and personalise your experience with our brands. We may use these cookies to show adverts for our products, or measure the performance of our adverts.