Australia’s national privacy office received only 11 complaints regarding COVIDSafe since it was launched earlier this year, with attention turning away from the contact tracing app which is yet to pick up a new contact anywhere outside of New South Wales.
As part of legislation enforcing privacy and security controls around the app, the Office of the Australian Information Commissioner (OAIC) was tasked with providing six monthly reports on compliance with these privacy protections.
The OAIC released the first of these reports this week, revealing that it only received 11 enquiries relating to COVIDSafe, and it is yet to initiate its own inquiry or investigation, and has not received any notifications of data breaches relating to the app.
The office has begun four of its five planned audits of the data security practices used in relation to the app, with the first expected to be released within weeks.
Of the 11 enquiries received, seven raised general issues or concerns about COVIDSafe, while four were in relation to a request to download or use the app, which is prevented by law. These included an enquiry about the installation of the app being required on entry of a worksite, and an educational institution asking students to download it.
The OAIC is yet to receive any formal complaint, but has provided assistance on how to make a complaint to one of the enquiring individuals.
The office has not received an enquiry relating to COVIDSafe since September. This is perhaps connected to far less emphasis being placed on the tracing app by the federal government, which initially positioned it as being akin to sunscreen, but now barely mentions it, despite much of the country returning somewhat to normal.
“My office has worked to increase awareness and understanding of privacy protections and obligations related to COVIDsafe by developing guidance and providing advice to government, regulated entities and the community,” Australian Information Commissioner Angelene Falk said.
“We have also established a robust assessment program to audit the handling of personal information in the COVIDSafe system for compliance with the strict privacy protections the Australian government has in place.”
The OAIC is also planning to conduct five audits of COVIDSafe covering the data flow from a user’s phone eventually to a state or territory health body. Four of the five audits have now commenced, with the final one relating to the ultimate deletion of data once the pandemic is over.
A separate Inspector-General of Intelligence and Security (IGIS) report on COVIDSafe revealed that data from the app had been incidentally collected by agencies during the collection of other data, but “there is no evidence that any agency within IGIS jurisdiction has decrypted, accessed or used any COVID app data”.
The IGIS will be conducting investigations in the coming months to make sure this data was deleted and to “provide further assurance that no COVID app data has been accessed, used or disclosed”.