Australia’s privacy watchdog says police access to COVID-19 check-in app histories has the potential to “undermine” contact tracing efforts and should be prohibited.
The Office of the Australian Information Commissioner (OAIC), in which Privacy Commissioner Angelene Falk sits, was responding to recent evidence of multiple requests by law enforcement officials across Australia attempting to access the check-in histories of state and territory COVID check-in apps.
If law-enforcement access remained unconstrained, as remains the case in some states and territories, it could discourage individuals from providing accurate information, the OAIC said.
As reported by InnovationAus in June, Western Australian police twice accessed data from the state’s COVID-19 contact tracing check-in app, forcing the state government to introduce urgent legislation to prevent it from happening again. The data was reportedly sought in order to find potential witnesses to a crime committed near a cafe.
And in Victoria, police attempted to take data from the app three times without a warrant, but were blocked by the health department. Victoria Police can access information with a court-issued warrant, government services minister Danny Pearson revealed in June, adding later in the month that he did not support the introduction of legislation restricting police access.
Meanwhile, in Queensland, police have also made use of the state’s check-in app data as part of an investigation into the reported theft of an officer’s gun and Taser from a regional pub. Officer were later directed not to access such data “except in extraordinary circumstances” and the officer involved was stood down pending an ethical standards investigation.
The NSW government is one of the few states that, from the start, has had restrictions baked into its public health orders that restrict police access.
“The OAIC considers that health orders that expressly prohibit access to contact tracing data for law enforcement purposes are best able to protect personal information and increase community trust and confidence in using QR Codes,” the OAIC said in a statement to InnovationAus this week.
“Allowing personal information to be used for other purposes may undermine an effective and efficient contact tracing system, for example, by discouraging individuals from giving accurate information. Where state and territory public health orders permit other uses and disclosures, the order should be specific to provide transparency and clarity.”
While the Privacy Commissioner’s office does not have jurisdiction over how state and territory governments implement privacy policies, Ms Falk has been working on contact tracing guidelines with state and territory privacy regulators. The first draft of the non-binding guidelines were released in November last year, with the final version published on Friday.
“Each state and territory public health order must specify the extent to which other uses or disclosures may occur, for example, for law enforcement purposes,” the guidelines state.
“Health orders that expressly prohibit access to contact tracing data for law enforcement purposes protect personal information and increase community trust and confidence in using QR Codes.”
In the case of the federal government’s COVIDSafe app, the issue of law enforcement access to its data was considered and criminal offences were introduced under the Privacy Act for any prohibited collection, use or disclosure of data. Law enforcement agencies are not permitted to collect, use or disclose the federal government’s app data except for the purposes of investigating or prosecuting a breach of the Privacy Act.
Do you know more? Contact James Riley via Email.