The Federal Government have just released their highly anticipated COVIDSafe App to help monitor the spread of novel Coronavirus (COVID-19).
Of key concern to many is the privacy implications of downloading and using the App. There is much discussion regarding how much data the App collects, who can access the data and how that data is used.
What is COVIDSafe?
The App has been implemented by the Federal Government to quickly and efficiently contact individuals who may have been exposed to COVID-19.
Downloading the App is voluntary, however in the first 12 hours of its launch, the App had more than 1 million downloads. The
Though nationally coordinated, the App is utilised by the State and Territory Governments. Health officials at the State and Territory level will utilise the data collected by the App after someone tests positive for COVID-19 to alert people that they have been in close contact with for a period of 15 minutes or more. The App allows them to identify these people and advise them to either get tested or begin quarantining.
The App utilises Bluetooth technology to record instances of “Digital Handshakes”. Digital handshakes occur when two App users are recorded as being within a 1.5m proximity of one another. This information is then encrypted to the user’s phone
How does the App use and share my data?
Many Australians are hesitant about using the App and have expressed concerns over government-collected personal information and the potential threat the App poses to individual privacy. That said, there are a number of misconceptions about the App.
In registering for the App, users are required to provide their:
- full name (or a pseudonym);
- mobile number;
- postcode; and
- age, by selecting an age bracket.
This information, in addition to the Bluetooth Digital Handshake, is all the data the App collects. The App does not utilise geo-location features. When Digital Handshakes are recorded, no data about the location or length of contact is recorded. Digital Handshake data is automatically deleted after 21 days. User’s data is only accessible by relevant Health officials and access only occurs after you or someone you have been in contact with, has tested positive for COVID-19. Persons who have tested positive for COVID-19 must consent to having their COVIDSafe data accessed and when contact is made with identified individuals, the person’s identity is not revealed.
Data collected by the App is stored in the National COVIDSafe Data system. This can only be accessed by public health officials tasked with contacting persons potentially exposed to COVID-19, these are known as State and Territory Contact Tracers. The database may also be accessed by ICT Providers where necessary.
The Government commissioned a Privacy Impact Assessment (PIA) to be carried out on the App, which has been made publicly available. Many of the recommendations of the PIA have been adopted in the released App.
With the findings being released last week, here are a few key takeaways:
- In a ground breaking move, the Government will be releasing the source code for the App, allowing public scrutiny on code used and which has been seen by many in the technology industry as an opportunity to assist the Government to address any ‘bugs’ or ‘gaps’ in the code.
- Users can delete the App at any time. After the App is deleted, all information held by the App is also deleted. At the end of the pandemic, the Government will destroy all information contained within the Database.
- Though not made expressly clear, the App allows Users to use a pseudonym instead of their real name.
- To correct personal information, Users must delete and re-install the App and re-complete the registration process.
- Uninstalling the App deletes all information stored on your device but won’t delete information collected in the 21 days prior. However, users can put through a request to delete their data by completing an online request form.
- At the end of the pandemic, there will be a prompt to delete the App with all data collected by the App to be permanently deleted.
For more information on privacy implications of the CovidSafe App, or any App, please contact our specialist team of privacy advisors.