The Law Council of Australia president Pauline Wright told InDaily the peak law body was “quite happy with a lot of the protections” surrounding COVIDSafe but wanted draft legislation released in order to “maximise the public’s confidence and assurance in the new app.”

“It is in our collective national interest that the tracing app works effectively,” Wright said.

The Law Council was also wanting the government to introduce an extra layer of independent protection by enabling the state and territory privacy commissioners to have oversight of the app’s use.

“It would mean that the public would know that someone who is independent is looking that the way the app is used and administered and making sure that it is used and administered in the way the government has told us it would be,” Wright said.

Legislation to protect people’s privacy in relation to the app is expected to be introduced to parliament next month.

South Australian Centre Alliance Senator Rex Patrick said he welcomed the decision to legislate the privacy protections but he wanted draft legislation to ensure privacy concerns were appropriately addressed.

On Sunday, the Federal Government launched its coronavirus tracing app – COVIDSafe – in a bid to understand and slow the spread of the disease.

The app – which is voluntary to download – allows state and territory health officials to contact people who may have been exposed to another person with COVID-19 by tracing users’ movements.

This enables people who may have been in contact with an active coronavirus case to self-isolate or be tested if need be.

People who download the app are asked to provide their name, age range, postcode and phone number – with all information stored on a government server and distributed to state and territory health officials when there’s a positive COVID-19 case.

Data remains encrypted on the user’s phone for 21 days and is then deleted. This happens every 21 days. 

Under the provisions governing the app, if a user deletes the app all of the information attached to the app is deleted.

Commonwealth officials and law enforcement are also not able to access the stored data. Anyone who does access the app’s data illegally could face up to five years’ jail.

The government has also said at end of the pandemic, the information storage system would be destroyed.

The Law Council said although these rules offered users “very good protection”, it was concerned that while the measures were not legislated the protections could be changed at any time.

“The government has said they would bring it in for legislation on the first sitting day of May, and we … would like to see that happen definitively,” Wright said.

“This determination is an executive determination, so it can be made unilaterally by the executive government. And, by the same power, they can amend or remove it.

“We want that regulatory framework to be on a comprehensive statutory footing, instead of being an executive instrument that can be changed at any time.”

The Law Council said if the government legislated the privacy protections and other essential requirements for the app, an Exposure Draft Bill and Privacy Impact Assessment should be released to provide the public an opportunity to comment.

South Australian Law Society president Tim White said the body was seeking to have draft legislation released “as soon as possible”.

“It is important that the Government is completely transparent about the use and the storage of the data, and both technical and legislative measures to protect users’ privacy,” White said.

“The legislation should also prescribe the time frame within which the app will operate and data is to be deleted, providing explicit obligations … to wind back the app and delete data as soon as the app or the data collected by the app is no longer necessary for its stated purpose.

“In theory, the COVIDSafe app could be extremely effective at contract tracing and therefore play a key role in easing the restrictive quarantine measures currently imposed on Australians.”

The concerns follows criticism from Rex Patrick about procuring a US company to store the app’s data.

“I think it is disgusting that the government … in the midst of COVID-19 chose to use a US company, where an Australian company could have done the job,” he said.

“So from a procurement perspective, I’m really quite annoyed that the government has simply exported this money in circumstances where we could have supported an Australian company that has the capabilities and expertise to do the cloud aspect of this application in company.”

Data from COVIDSafe is stored by Amazon Web Services (AWS), a subsidiary of Amazon and one of the biggest cloud companies in the world.

Patrick said he was concerned with AWS storing the data information could be moved overseas at the request of the US government. But this – as well as his other concerns – could be solved through the appropriate legislation.

“I’m not trying to scaremonger – I think the application is a very useful application and will be very helpful. But my job as a parliamentarian is that we do things better, or we have the best possible solution,” Patrick said.

“But I think people do need to be informed about whether people download and use it. There will be instances where, the balance would suggest, they don’t.

“If you’re a bus driver and you drive buses and you go home and watch Netflix, go out and have fun with your family … I don’t think there’s a risk.

“But if you’re a journalist, I think you need to give real consideration in relation to the protection of sources as to whether you download this application. The same concern would be assigned in my view with anyone who deals with whistleblowers – which includes politicians.”

InDaily contacted the Department of Health.

Want to comment?

Send us an email, making it clear which story you’re commenting on and including your full name (required for publication) and phone number (only for verification purposes). Please put “Reader views” in the subject.

We’ll publish the best comments in a regular “Reader Views” post. Your comments can be brief, or we can accept up to 350 words, or thereabouts.