The country’s privacy regulator will release its first report on COVIDSafe within weeks, with the national audit office also considering scrutinising the federal government’s controversial contact tracing app.
The Office of the Australian Information Commissioner (OAIC) has released further details of the five audits it has planned around COVIDSafe.
The first, centred on the controls and safeguards around contact data being transferred and stored in the National COVIDSafe Data Store, will be released publicly by the end of the year.
The privacy office is planning to conduct audits across the whole lifecycle of data collection as part of the app, looking into compliance and risk around this and whether the government is complying with the COVIDSafe legislation it passed in May.
“The privacy protections within the system were enshrined in law to give Australians confidence that their personal information will be safeguarded when they download and use the app,” Australian Information and Privacy Commissioner Angelene Falk said.
“The changes to the Privacy Act 1988 also provided additional oversight powers for my office, including over state and territory health authorities accessing COVID app data.
“Our assessment program is examining the handling of personal information as it travels through the COVIDSafe app system, from notification, collection and storage, to access and deletion, including when the National COVIDSafe Data Store is deleted at the end of the pandemic.”
The other audits that OAIC will conduct into COVIDSafe will be looking into the access controls applied in the use of app data by state and territory health authorities, how the app is functioning against the privacy protections applied to it, the compliance of the Data Store Administrator with data handling and the deletion of data, and compliance with the deletion of data and notification requirements relating to the end of the pandemic.
The OAIC’s COVIDSafe reports will be posted publicly on its website.
The Attorney-General is also expected to release a report on the performance of COVIDSafe in the coming weeks, as required under the legislation.
The legislation passed by Parliament in May included new criminal and civil penalties for the unauthorised collection, use or disclosure of app data, the uploading of data to the national store without consent and the storing of any of this data outside of Australia.
It included a number of other privacy and security safeguards.
The Australian National Audit Office (ANAO) is also considering conducting an inquiry into COVIDSafe. This audit would potentially look into the near-$10 million paid to private contractors for work on the app, which is still yet to pick up a new close contact anywhere in Australia outside of New South Wales.
The ANAO audit would look at how economically and effectively the COVIDSafe app was designed and is being used, including the design and procurement process, the government’s promotion of it and the extent it has actually helped with contact tracing.
It is currently listed as a potential audit for the ANAO.
Human Rights Commissioner Ed Santow recently called for a “rigorous and independent” analysis of the effectiveness of COVIDSafe in order to delve into whether the privacy millions of Australians have traded away in using the app is justified.