COVIDSafe App: What We Know

 In Commercial & Property
covidsafe app privacy australia

What is the COVIDSafe App?

The COVIDSafe App (“App”) has been designed to speed up the current manual process of locating people who have been in close contact with someone who is infected with COVID-19.

After you download the App, details are collected including your name, mobile number, age range and postcode to create a unique encrypted reference code.

The App will then recognise other devices which have the App installed and Bluetooth enabled. When the App recognises another user, it records the date, time, distance and duration of the contact and the other user’s unique reference code but not the location.

When a person is diagnosed with COVID-19, they (or their parent/guardian) will be asked by health officials if they have downloaded the App. They will be asked for their permission to upload the encrypted contact information gathered by the App to the National COVIDSafe Data Store system and can refuse at this point. The uploaded information is then used to:

  1. undertake contact tracing; and
  2. contact other App users which may have been exposed and offer advice.

The COVIDSafe app is the only contact trace app approved by the Australian Government.

On Sunday, 26 April 2020 at 6:00pm AEST the App was released. By 10:30pm it had been downloaded by over 1 million Australians. Federal Health Minister Greg Hunt announced the App as focussed on “finding those cases which may be undiagnosed in the community, helping people get early treatment, helping people have early diagnosis and to ensure that our doctors and nurses, our health workers, our families and friends are protected and that will save lives and protect lives”.

Currently, more than four million Australians have downloaded the App.


On 25 April 2020, Federal Health Minister Greg Hunt exercised his powers under the Biosecurity Act 2015 to enact delegated legislation providing for regulation of the data collected, stored and used by the App. A declaration was made called the Biosecurity (Human Biosecurity Emergency) (Human Coronavirus with Pandemic Potential) (Emergency Requirements—Public Health Contact Information) Determination 2020 (“Declaration”).

This Declaration is intended to govern the law and manner in which information obtained through the App can be utilised to encourage the public to download and use the App without concerns as to the use of their personal information.

The Declaration prevents a person from collecting, using or disclosing the App data for any purpose other than the specific exemptions provided under Section 6 of the Declaration which include “…for the purpose of, and only to the extent required for the purpose of, undertaking contact tracing”.

Importantly, the data gathered from the App cannot be used for any other purpose, other than for the purposes of tracing the spread of COVID-19 and as per the specific exemptions provided for under the Declaration. The data gathered from the App cannot be used against a person such as for the purpose of criminal proceedings except in relation to a failure to comply with Section 479 of the Biosecurity Act 2015. Section 479 of the Biosecurity Act 2015 provides that all people (regardless of whether they are App users) must comply with emergency requirements and directions from the government.

As per Section 7 of the Declaration, the Commonwealth Government must cause the data obtained through the App to be deleted at the conclusion of the COVID-19 pandemic. A person can delete the App from their phone at any time. This will delete all App information from their phone but any information in the National COVIDSafe Data Store system will not be deleted until the end of the pandemic. The data stored in a user’s phone is deleted on a 21-day rolling cycle.

Digital rights advocates have called for the source code to be made public so the inner workings of the app can be scrutinised. The source code is yet to be released.

Your Choice

As per Section 9 of the Declaration, a person cannot be forced to download the App and cannot force others to download the App. It is a breach of the Declaration and a criminal offence to require another person to:

  1. download the App;
  2. have the App operating on a mobile device; or
  3. upload their data to the National COVIDSafe Data Store system.

Further, a person cannot:

  1. refuse to enter into, or continue, a contract or agreement with another person (e.g. employment);
  2. take adverse action against another person;
  3. refuse another person entry to a premises;
  4. refuse another person to participate in an activity; or
  5. refuse to provide goods or services to another person

on the basis that that person has not downloaded the App, does not have the App in operation or has not consented to the uploading of the App date to the National COVIDSafe Data store.

Recent Posts