In considering all its defensive options against the spread of COVID-19, the Australian Government has proposed a contact tracing smartphone “app” to be used in restricting the spread of COVID-19 and loosening lockdown measures.
But before downloading the app, the trade-off between privacy interests and sharing data for the public’s benefit must be considered. Transparency around how these competing interests are balanced is key to boosting public confidence in the app. This is crucial as it is estimated 40% of the population must adopt the app for it to succeed.
The aim of the app is to digitise the manual contact tracing process that occurs when an individual tests positive to COVID-19. The app is viewed as a tool to provide long term resilience against pandemics. It is intended to get people to get back to their normal lives as soon as possible not just during this pandemic, but in any that will follow.
- The app involves a privacy trade-off to achieve a public benefit. Government transparency around how these issues are balanced will cheapen the privacy bargain.
- Government has so far stated the app will be entirely voluntary. It will be important to understand how the app and the related systems deal with a withdrawal of consent.
- This app is expected to be based on the Singaporean app. It will involve, at a minimum, the collection of a user’s name, mobile phone number, age and postcode.
- Security requirements to prevent the unauthorised use of the data is a key priority. The app is aimed to collect data on at least 40% of the population.
- The Government is intending to release a comprehensive privacy impact assessment. This will be important to boost confidence that the data will be appropriately used and protected.
Contact tracing now
Contact tracing is a way of slowing the spread of COVID-19 by identifying who has been in contact with an infected person. It is a method that has been used to protect public health and safety for years. For example, it is commonly used to find the contacts of people with tuberculosis, meningococcal diseases and sexually transmitted infections such as HIV.
For those who test positive for COVID-19 today, health professionals will explain the benefits of contact tracing, they will request contact tracing information from the patient and decide how to notify the exposed contacts. This manual process takes time, information provided may be inaccurate and it can be ineffective for asymptomatic carriers. The proposed app aims to leverage existing technology to solve such problems.
What data is being collected
Although details are still forthcoming, it is expected the Australian app will based on the design of the Singaporean app, TraceTogether. The app is expected to collect and store four data points: user name, mobile phone number, age and postcode. These data points will be transmitted from one app user to any other app user that remains within 1.5 metres for 15 minutes or more.
This app will use Bluetooth technology to detect a user’s proximity to others. It would be expected a user does not see data about nearby smartphones, but the record of contacts in close proximity to a user can be recovered by health professionals if the user tests positive for COVID-19 and they provide consent.
The Government has so far stated location data will not be collected, only proximity data as their intention is contact tracing, not tracking. That being said, it has been conceded the system is not foolproof and that location could be inferred from proximity data.
How the data is being secured
Encryption for the app is being scrutinised by the Australian Cyber Security Centre and the Australian Signals Directorate. Like the Singaporean app, it's expected that data will only be stored for 21 days before it's automatically deleted.
However, if a user tested positive to COVID-19 and provided consent, their data would be unencrypted and shared to reveal the details of users they were in contact with. As currently proposed, public health officials will operate as gatekeeper and hold the key to decrypt the centralised data of infected individuals.
Centralising data in this way inherently gives rise to security risks and unfortunately the Government does not have an ideal record on such matters. For example, in 2016 the OAIC found breaches of the Privacy Act by the Department of Health for weak encryption techniques when protecting health related records.
Balancing privacy and the public’s interest
There are privacy challenges for any app collecting large amounts of data that includes personal information. Few in democratic societies such as Australia expect their government to consider tracing their citizens through smartphones. However, the ability for smartphone technology to outpace the spread of COVID-19 means it is a tool that must be considered in the defence against the pandemic.
Citizen trust must be fostered since the adoption of the app is a prerequisite to its success. To achieve this, checks and balances must be put in place to protect the privacy of citizens. Without this, there is a legitimate concern that the app may become a permanent surveillance tool and the long term legacy of COVID-19.
Currently, there is uncertainty as to how the app will coexist with current surveillance and privacy laws. The Privacy Act will regulate any personal information collected through the app, but even under this regime there are exemptions that provide the Government with room for manoeuvrability if national interests are at stake. The OAIC is working with the Government on producing a privacy impact assessment on the apps privacy arrangements. This is expected to be released shortly and we hope it will resolve many of these uncertainties.
Finding a way forward
In an attempt to boost public confidence, the Government has announced it will release a comprehensive privacy impact assessment of the app. This is a step in the right direction and it is positive to see the discussion around privacy.
In this assessment it will be important to see whether the privacy measures adequately meet the risks. There should be analysis of how collection of the data complies with legal obligations (such as obtaining consent), how the data will be secured and whether the minimum amount of data is being collected and retained. Additional restrictions such as purpose limitation, regulatory oversight and accountability measures will also be important to achieve a privacy by default arrangement.
The terms on which the data is collected will also be important. Such information must be accurately communicated to ensure any consent obtained is sufficient to be relied upon. In addition to complying with legal obligations, such transparency will likely increase the uptake of the app.