To have any chance of getting millions of Australians to use its COVID-19 contact tracing app the federal government will have to earn the trust of the public and ensure privacy by design, according to the Victorian Information Commissioner.
The government has announced plans to release a coronavirus tracking app within weeks, heavily based on the Singapore government’s TraceTogether app. It will use Bluetooth technology to record “close contacts” of at least 15 minutes between users.
If a user is later diagnosed with COVID-19, they can choose to send a list of these contacts to the government, which will then notify other users.
The launch of such an app comes with significant privacy and data security issues. The government is in the “final stages” of completing a Privacy Impact Assessment on it, and is also receiving cybersecurity advice from the Australian Cyber Security Centre.
The Attorney-General is also understood to be consulting with the Office of the Australian Information Commissioner.
The OAIC recently formed a national privacy team comprising state privacy commissioners from around the country to consult on COVID-19 responses like this. The team is yet to discuss the issue of a contact tracing app.
Victorian Information Commissioner Sven Bluemmel said the government’s discussions around the app and privacy has been encouraging, but the devil will be in the detail.
“So much will turn on the conceptual design of what’s being proposed. If you can do it in a way that follows good privacy principles, like minimising the collection of data and aggregation of data, and ensuring clarity so people who are using the app know exactly what they are agreeing to, then all these things would make any potential initiative more privacy-respectful than it otherwise would be,” Mr Bluemmel told InnovationAus.
“Some comments I’m hearing sound good, but these sorts of privacy-sensitive approaches have to be carried through at every step of the way, and that remains to be seen.”
Whether the app is successful, and enough Australians choose to download it will come down to trust, Mr Bluemmel said.
“For this to work and for people to want to sign up to it people need to trust the application, they need to trust the development behind it and they need to trust the oversight that it’s subject to,” he said.
“If you miss any of those elements then people will not trust it, which will make the whole system less effective from a public health perspective. All of this will work better if they bring the population along with them and earn their trust by doing the right things.”
There needs to be clarity, transparency and accountability around the contact tracing app, and oversight by an independent regulator, he said.
“This is another example of good privacy by design leading to good health outcomes, because people will trust the system more and there’ll be better uptake. They have to be really open and honest with the public and the regulator, not just about why this is being done but how this is being done and how it’s going to be overseen,” Mr Bluemmel said.
“All of this will work better if they bring the population along with them and earn their trust by doing the right things.”