Yesterday the Prime Minister reiterated the government’s goal of having 16 million downloads of the COVIDSafe app as a primary means of tracking the progression of the COVID-19 virus.

At today’s date, only 5 million users have downloaded the app, indicating that the community is wary or unsure of the app, how it works and whether it will pose a risk to individuals’ privacy. In this article, Nicole Shenfield broadly touches on some of these key issues.

How does it work?

The app operates by using your device’s Bluetooth functionality to identify nearby devices that also have the app installed. The app records the anonymised ID of that other user and uploads that information into a database which is only accessibly by state and territory public health officials. Importantly, the app does not operate to pair your device with any other device; it simply operates as a radar which identifies other devices with the app. So there is no risk that other uses of the app will have access to your device or data on your device.

Is it secure?

Whilst the source code for the app has still not been released, it has been decompiled by various developers. It has been identified from a technical perspective that there are some security deficiencies in the app which ought to be resolved. These deficiencies make the app insecure and therefore more vulnerable to a malicious attack should someone wish to gain access to the app on your device.

However, consider the consequences if this occurred. The app only collects your name, phone number, postcode and an age group. This kind of basic information is hardly powerful and could not be used to steal your identity or do any real damage. It is likely you share far greater personal information with Google, Facebook or other social media platforms or online sellers.

What about my privacy?

As is pointed out in the advertisement campaign, the government is subject to legal restrictions regarding the collection, use, disclosure and storage of personal information. These obligations are contained in the Privacy Act. The government cannot disclose your personal information overseas unless you give express consent, which does not appear to be included in the app itself. The use of Amazon Web Services to store the data in the cloud should not be of concern: AWS is perhaps the most secure cloud storage provider and given the government’s legal obligations, it is likely that the data will be stored in the servers located and accessible only in Australia.

Further, if a data breach occurs, the government has obligations under the notifiable data breach regime to immediately take steps to remedy the breach (if possible), and if not, to alert affected individuals. Again though, given the type of information that is inputted into the app, it is difficult to see how any real harm could come to individuals if there was an unfortunate data breach.

Additionally, on Monday the Attorney-General released an exposure draft of a bill which seeks to amend the Privacy Act by inserting a jail term of up to 5 years for the collection, use or disclosure of data from the app for any purpose other than contact tracing of COVID-19 by anyone other than a state or territory health authority or behalf of an authority.

Summary

Whilst the app could be improved a little technically, there are other measures in place which sufficiently mitigate against any real risk of an individual’s privacy being interfered with as a result of downloading the app. The upside of a community adoption of the app is obvious and so its use should be encouraged and broadly adopted.

Latest News


April 18, 2024

A housing trust’s modernisation requires Court approval

Background The Baxter Homes Trust (Trust), was a charitable trust established in Victoria by a deed executed in 1960. Its purpose was to provide aged inhabitants of Geelong Victoria or its neighbourhood with housing as administered by The Geelong and Western District Ladies Benevolent Association’ incorporated under the Hospitals and Charities Act 1890. The Trust A housing trust’s modernisation requires Court approval

Read Article

April 18, 2024

Draft Regulations for NPO Self-Review Assessment Return Released

We have previously written in bulletins about the forthcoming self-assessment tax review for non-profit profit organisations which have an Australian Business Number (ABN) but are not registered as charities with the ACNC – Be alert to being alarmed on viewing your club or society annual report this year and self-assessment by tax-exempt. The background is Draft Regulations for NPO Self-Review Assessment Return Released

Read Article

March 13, 2024

Last of the loopholes? Let’s hope so!

Background All Australian employers will be acutely aware that the Federal government has, since the last election, embarked on a fairly aggressive program of targeted changes to the nation’s industrial relations laws. So far, we’ve had changes aimed at supporting Australia’s jobs and economic recovery[1], gained more respect at work[2], we’ve secured our jobs and Last of the loopholes? Let’s hope so!

Read Article