Should you opt in to the COVID-19 tracing app?

Does the Government have a duty to protect my rights in developing this app? 

In terms of human rights law, the Australian Government should be considering two human rights foremost: the right to privacy and the right to health. Freedoms of movement and association may also come into play. To be clear, limitations on such rights may legally be limited, including for public health reasons. However, such limitations must be reasonable and proportionate to the public health aim to be achieved.

In South Korea the government is harvesting a range of location data (including phone broadcasts and logs, credit card records and CCTV) to map and publish the movements of COVID-19 carriers. There has been a lively debate in the region as to whether this strikes the right balance between the protection of health and privacy rights, given the potentially life-altering effects of involuntary publication of a person’s whereabouts.

The biggest threat is of such a monitoring regime is to the right to privacy, which is protected under article 17 of the International Covenant on Civil and Political Rights. Australia has been party this this treaty since 1980. International jurisprudence on the right to privacy has been evolving rapidly – particularly in Europe with the advent of the General Data Protection Regulation (like the federalPrivacy Act 1988 on steroids). Broadly speaking, the current state of the law both in Europe and in Australia is that data protection rules still apply, but that information critical to preventing public health can be shared on a ‘need-to-know’ basis. More specifically, governments are still required to be transparent about what they are collecting and why, and they must make every effort to maintain confidentiality of sensitive information. It must be noted that the enforcement of such obligations has been made more difficult in recent years, due to the current Government’s systematic defunding of the Office of the Australian Information Commissioner, which oversees privacy and FOI.
 
Do any tech companies involved also have to respect my rights? 

Businesses such as Apple and Google, and any company working with the Digital Transformation Agency on apps such as Delv, have a responsibility under international law to respect human rights in developing products and services. Apple actually has a relatively strong track record in this regard, but Google’s is chequered.

Governments, on the other hand, have concrete legal obligations, including a supervisory obligation to ensure that corporations live up to their human rights responsibilities. As such, it will ultimately be up to the Australian Government to check that the human rights implications of this tracing mechanism have been adequately considered and mitigated.

The Parliamentary Joint Committee on Human Rights would normally consider the legislation passed to support the tracing mechanism and provide a report on its compatibility with Australia’s human rights obligations. For the moment, the PJCHR is continuing its work remotely, but given the Prime Minister’s preferred timeframe of 2 weeks to roll out an app, there is likely to be insufficient time for such formal processes.

Rather, it will likely be up to public servants such as the Human Rights Unit in the Attorney-General’s Department to perform the relevant compatibility / proportionality analysis before the rollout.
 
So should I opt in?

Unlike the metadata regimes and other surveillance tools, this regime is envisaged to be introduced on an opt-in basis. However, we should be mindful that other comparable Government tools such as My Health Record were also opt-in initially, before moving to an opt-out approach (and we all rememberhow well that went). The Prime Minister has not ruled out such an approach for this app. The Government has very little time to build public trust so that the rollout of this tracing app does not suffer a similar fate.

Usually, my advice is to be cautious of rights-restrictive measures taken by the Australian Government (or technology companies, for that matter). There has been a consistent pattern in recent years of regimes introduced to manage or surveil various populations without adequate safeguards. However, given the life-saving potential of this tool, and the need for at least 40% us to opt in for it to be effective (some say closer to 75%), I think it might be worth giving the Government the benefit of the doubt on this one. Contact tracing will become an increasingly important preventive measure when restrictions ease and physical interactions increase.

The Singapore Government’s Bluetrace claims to ‘safeguard user privacy and give users control of their data’ in its White Paper, and the Government is consulting the Privacy Commissioner and theAustralian Cyber Security Centre on the potential privacy impact of the app. Minister Stuart Robert has even promised to take down its central database of infected citizens’ personal information once the pandemic is over (though it must be noted that Minister Robert has a lot of work to do to regain public trust after presiding over, and failing to apologise for, the huge robodebt debacle).  

Only you can decide whether to opt in, but hopefully the information presented here, and further details available via the links throughout, will help you to make that decision.