The Privacy Amendment (Public Health Contact Information) Bill 2020, will reinforce the protections set out in the Determination made by the Minister for Health under the Biosecurity Act 2015 on 25 April 2020, placing the protections into primary legislation through amendments to the Privacy Act 1988.
Under the determination, it is a criminal offence to collect, use or disclose COVIDSafe app data for a purpose that is not related to contact tracing. It is also a criminal offence to coerce a person to use the app, to store or transfer COVIDSafe app data to a country outside Australia and to decrypt app data. A maximum penalty of 5 years imprisonment or $63,000 applies to breaches of the determination.
The draft Bill clarifies the enforcement mechanisms for the penalties that are already in place against misuse of data from the COVIDSafe app. Criminal offences under the Bill can be investigated by the Australian Federal Police. Individuals can also have their complaints heard by the Office of the Australian Information Commissioner or the relevant State or Territory privacy regulator if appropriate.
In addition to the protections provided by the Biosecurity Determination this Bill puts in place a clear process outlining how the Government will satisfy its obligation to delete all COVIDSafe data from the National COVIDSafe Data Store once the pandemic is over.