COVIDSafe App
Run consultation |
Check Fact Cross References |
Check Fact Translations
/* http://austlii.community/foswiki/DataLex/DTS4A2J/COVIDSafeAct */
DEFAULT ACT Privacy Act 1988
/*OBJECTS*/
PERSONTHING the potential offender
STRING the name of the potential offender
PROMPT what is the name of the person or organisation who may have committed an offence in relation to data relating to the COVIDSafe app and/or the COVIDSafe app
TRANSLATE AS the name of the potential offender
PERSONTHING the potential obligor
STRING the name of the potential obligor
PROMPT what is the name of the person or organisation who may have received data related to the COVIDSafe app in error
TRANSLATE AS the name of the potential obligor
/*LINKS*/
LINK COVID app data TO http://beta.datalex.org/app/consultation?rulebase=http%3A%2F%2Faustlii.community%2Ffoswiki%2FDataLex%2FDTS4A2J%2FHowToDetermineWhetherDataIsCOVIDAppData
LINK State or Territory health authority TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#solicits
LINK contact tracing TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s94d.html
LINK contracted service provider TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#consumer_credit_related_purpose
LINK National COVIDSafe Data Store TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#mortgage_insurance_purpose
LINK COVIDSafe app TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#court_proceedings_information
LINK former-COVIDSafe user TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s94n.html
LINK COVIDSafe user TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#court_proceedings_information
LINK Commissioner TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#collects
LINK communication device TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#commonwealth_officer
LINK communication devices TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#commonwealth_officer
LINK encrypted data TO http://austlii.community/foswiki/DataLex/DTS4A2J/Definitions
LINK de-identified TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#default_information
LINK data store administrator TO https://www.dta.gov.au/our-privacy-policy#dta-as-covidsafe-data-store-administrator
LINK Part VIIIA TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s94a.html
LINK Health Minister TO https://www.health.gov.au/ministers
LINK registration data TO http://www5.austlii.edu.au/au/legis/cth/consol_act/pa1988108/s6.html#record
LINK penalty units TO http://www5.austlii.edu.au/au/legis/cth/consol_act/ca191482/s4aa.html
LINK Section 15.1 of the Criminal Code Act 1995 TO http://www5.austlii.edu.au/cgi-bin/viewdoc/au/legis/cth/consol_act/cca1995115/sch1.html#Division_15_--_Extended_geographical_jurisdiction
LINK file a complaint TO https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/
LINK click here TO http://beta.datalex.org/app/?rulebase=http://austlii.community/foswiki/DataLex/DTS4A2J/FilingAComplaintOAIC
LINK Office of the Australian Information Commissioner TO https://www.oaic.gov.au/
LINK soon as practicable TO http://www.austlii.edu.au/cgi-bin/sinosrch.cgi?mask_path=;method=auto;query=soon%20as%20practicable%20COVIDSafe;excerpt=1;offset=0
/*GOAL RULES*/
GOAL RULE Is advice needed on laws regarding the mishandling of data relating to the COVIDSafe app (e.g. its collection, use, disclosure, upload or decryption)? PROVIDES an offence has been identified ONLY IF
the potential offender has committed an offence under s 94E OR
the potential offender has committed an offence under s 94F(1) OR
the potential offender has committed an offence under s 94F(2) OR
the potential offender has committed an offence under s 94D OR
the potential offender has committed an offence under s 94G
GOAL RULE Is advice needed on whether requiring the use of the COVIDSafe app is unlawful? PROVIDES an offence has been identified ONLY IF
the potential offender has committed an offence under s 94H(1) OR
the potential offender has committed an offence under s 94H(2)
GOAL RULE Is advice needed on laws requiring the deletion of data received in error? PROVIDES an obligation exists ONLY IF
the potential obligor is obligated to delete the data and notify the data store administrator that the data was received in error
GOAL RULE Is advice needed on the data store administrator's obligations in regards to data relating to the COVIDSafe app? PROVIDES an obligation may have been breached ONLY IF
the data store administrator is obligated to take all reasonable steps to ensure that COVID app data is not retained on a communication device AND the data store adminstrator would likely be in breach if they do not comply with their obligations OR
the data store administrator is obligated to take all reasonable steps to delete any registration data of the person that has been uploaded from the device to the National COVIDSafe Data Store as soon as practicable, or if it is not practicable, the data store administrator must not use or disclose the data for any purpose OR
the data store administrator is obligated to not collect COVID app data related to the user through a particular communication device OR
the data store administrator is obligated not to collect any COVID app data or make the COVIDSafe app available to be downloaded AND
the data store administrator is obligated to delete all COVID app data from the National COVIDSafe Data Store as soon as reasonably practicable AND
the data store administrator is obligated to inform the Health Minister and the Commissioner that all COVID app data has been deleted from the National COVIDSafe Data Store as soon as reasonably practicable AND
the data store administrator is obligated to take all reasonable steps to inform all COVIDSafe users (other than former-COVIDSafe users) that all COVID app data has been deleted from the National COVIDSafe Data Store, data can no longer be collected, and that they should delete the COVIDSafe app from their communication devices
/*RULES*/
RULE Information Commissioner Complaint PROVIDES you may wish to file a complaint with the Office of the Australian Information Commissioner. If you would like assistance with the complaint, click here ONLY IF
an offence has been identified OR
an obligation exists OR
an obligation may have been breached
RULE Privacy Act 1988 s 94D applies PROVIDES the potential offender has committed an offence under s 94D ONLY IF
the potential offender has collected, used or disclosed data relating to the COVIDSafe app AND
the data (being considered here under s 94D) is COVID app data AND
s 94D(1)(c) applies AND
s 94D(3) does not apply
IF the potential offender has committed an offence under s 94D THEN the penalty is imprisonment for 5 years of 300 penalty units or both
RULE s 94D(2) PROVIDES s 94D(1)(c) does not apply ONLY IF
the s 94D(2)(a) exception applies OR
the s 94D(2)(b) exception applies OR
the s 94D(2)(c) exception applies OR
the s 94D(2)(d) exception applies OR
the s 94D(2)(e) exception applies OR
the s 94D(2)(f) exception applies OR
the s 94D(2)(g) exception applies
RULE s 94D(2)(a) PROVIDES the s 94D(2)(a) exception applies ONLY IF
the potential offender is employed by, or in the service of, a State or Territory health authority AND
the potential offender has collected, used or disclosed the COVID app data for the purpose of, and only to the extent required for the purpose of, undertaking contact tracing
RULE s 94D(2)(b) PROVIDES the s 94D(2)(b) exception applies ONLY IF
the potential offender is an officer or employee of the data store administrator OR
the potential offender is a contracted service provider for a government contract with the data store administrator AND
the potential offender has collected, used or disclosed the COVID app data for the purpose of, and only to the extent required for the purpose of enabling contact tracing by persons employed by, or in the service of, State or Territory health authorities OR
the potential offender has collected, used or disclosed the COVID app data for the purpose of, and only to the extent required for the purpose of ensuring the proper functioning, integrity or security of the COVIDSafe app or of the National COVIDSafe Data Store
RULE s 94D(2)(c) PROVIDES the s 94D(2)(c) exception applies ONLY IF
the data was disclosed or collected for the purpose of transferring encrypted data between communication devices through the COVIDSafe app OR
the data was disclosed or collected for the purpose of transferring encrypted data, through the COVIDSafe app, from a communication device to the National COVIDSafe Data Store
RULE s 94D(2)(d) PROVIDES the s 94D(2)(d) exception applies ONLY IF
the data was collected, used or disclosed for the purpose of, and only to the extent required for the purpose of, the Commissioner performing the functions or exercising the powers of the Commissioner under or in relation to Part VIIIA (this Part)
RULE s 94D(2)(e) PROVIDES the s 94D(2)(e) exception applies ONLY IF
the data was collected, used or disclosed for the purpose of, and only to the extent required for the purpose of investigating whether Part VIIIA (this Part) has been contravened or for a prosecution for an offence under this Part
RULE s 94D(2)(f) PROVIDES the s 94D(2)(f) exception applies ONLY IF
the data was used by the data store administrator AND
the data was used for the purpose of, and only to the extent required for the purpose of, producing de-identified statistical information about the total number of registrations through the COVIDSafe app
RULE s 94D(2)(g) PROVIDES the s 94D(2)(g) exception applies ONLY IF
the data was used by the data store administrator AND
the data was required by s 94L to be deleted AND
the data was used for the purpose of, and only to the extent required for the purpose of, confirming that the correct data is being deleted
RULE s 94D(3) PROVIDES s 94D(3) applies ONLY IF
the collection of the COVID app data occurred as part of the collection, at the same time, of data that is not COVID app data (non-COVID app data) AND
the collection of the COVID app data was incidental to the collection of the non-COVID app data AND
the collection of the non-COVID app data is permitted under Australian law AND
the COVID app data was deleted as soon as practicable after the potential offender became aware that it had been collected AND
the COVID app data was not otherwise accessed, used or disclosed by the potential offender after it was collected
RULE Privacy Act 1988 s 94E PROVIDES the potential offender has committed an offence under s 94E ONLY IF
the potential offender has uploaded, or caused to be uploaded, data from a communication device to the National COVIDSafe Data Store AND
the data (being considered here under s 94E) is COVID app data AND
consent has not been given to the upload
RULE Privacy Act 1988 s 94E(c) PROVIDES consent has not been given to the upload ONLY IF
consent has not been given to the upload by the COVIDSafe user in relation to that device, or by a parent, guardian or carer of the user, if the user is unable to give consent or has requested a parent, guardian or carer to act on their behalf
IF the potential offender has committed an offence under s 94E THEN the penalty is imprisonment for 5 years or 300 penalty units, or both
RULE Privacy Act 1988 s 94F(1) PROVIDES the potential offender has committed an offence under s 94F(1) ONLY IF
the potential offender has retained data on a database outside Australia AND
the data (being considered here under s 94F(1)) is COVID app data AND
the data has been uploaded from a communication device to the National COVIDSafe Data Store
IF the potential offender has committed an offence under s 94F(1) THEN the penalty is imprisonment for 5 years or 300 penalty units, or both
RULE Privacy Act 1988 s 94F(2) PROVIDES the potential offender has committed an offence under s 94F(2) ONLY IF
the potential offender has disclosed data to another person outside Australia AND
the data (being considered here under s 94F(2)) is COVID app data AND
the data has been uploaded from a communication device to the National COVIDSafe Data Store AND
the s 94F(2)(c) exception does not apply
RULE Privacy Act 1988 s 94F(2)(c) PROVIDES the s 94F(2)(c) exception applies ONLY IF
the potential offender is a person who is employed by, or in the service of, a State or Territory health authority AND
the potential offender disclosed the data for the purpose of, and only to the extent required for the purpose of, undertaking contact tracing
IF the potential offender has committed an offence under s 94F(2) THEN the penalty is imprisonment for 5 years or 300 penalty units, or both
RULE Privacy Act 1988 s 94G PROVIDES the potential offender has committed an offence under s 94G ONLY IF
the potential offender decrypted encrypted data AND
the data (being considered here under s 94G) is COVID app data AND
the data is stored on a communication device
IF the potential offender has committed an offence under s 94G THEN the penalty is imprisonment for 5 years or 300 penalty units, or both
RULE Privacy Act 1988 s 94H(1) PROVIDES the potential offender has committed an offence under s 94H(1) ONLY IF
the potential offender has required another person to download the COVIDSafe app to a communication device OR
the potential offender has required another person to have the COVIDSafe app in operation on a communication device OR
the potential offender has required another person to consent to uploading data from a communication device to the National COVIDSafe Data Store AND
the data (being considered here under s 94H(1)) is COVID app data
IF the potential offender has committed an offence under s 94H(1) THEN the penalty is imprisonment for 5 years or 300 penalty units, or both
RULE Privacy Act 1988 s 94H(2) PROVIDES the potential offender has committed an offence under s 94H(2) ONLY IF
the potential offender has refused to enter into, or continue, a contract or arrangement with another person (including a contract of employment) AND/OR
the potential offender has taken adverse action (within the meaning of the Fair Work Act 2009 ) against another person AND/OR
the potential offender has refused to allow another person to enter premises that are otherwise accessible to the public AND/OR
the potential offender has refused to allow another person to enter premises that the other person has a right to enter AND/OR
the potential offender has refused to allow another person to participate in an activity AND/OR
the potential offender has refused to receive goods or services from another person, or insists on providing less monetary consideration for the goods or services AND/OR
the potential offender has refused to provide goods or services to another person, or insists on receiving more monetary consideration for the goods or services
AND
the potential offender did act on the grounds that the other person had not downloaded and/or had the COVIDSafe app in operation and/or consented to upload COVID app data from a communication device to the National COVIDSafe Data Store
IF the potential offender has committed an offence under s 94H(2) THEN the penalty is imprisonment for 5 years or 300 penalty units, or both
RULE Privacy Act 1988 s 94J PROVIDES Section 15.1 of the Criminal Code Act 1995 - (extended geographical jurisdiction--category A) applies ONLY IF
the potential offender has committed an offence under s 94D OR
the potential offender has committed an offence under s 94E OR
the potential offender has committed an offence under s 94F(1) OR
the potential offender has committed an offence under s 94F(2) OR
the potential offender has committed an offence under s 94G OR
the potential offender has committed an offence under s 94H(1) OR
the potential offender has committed an offence under s 94H(2)
RULE Data retention - Privacy Act 1988 s 94K PROVIDES the data store administrator is obligated to take all reasonable steps to ensure that COVID app data is not retained on a communication device ONLY IF
data relating to the COVIDSafe app has been retained on a communication device for more than 21 days AND
the data has been retained for longer than practicably necessary AND
the data (being considered here under s 94K) is COVID app data
RULE Data retention obligations PROVIDES the data store adminstrator would likely be in breach if they do not comply with their obligations ONLY IF
the data store administrator is obligated to take all reasonable steps to ensure that COVID app data is not retained on a communication device
RULE Data deletion on request - Privacy Act 1988 s 94L PROVIDES the data store administrator is obligated to take all reasonable steps to delete any registration data of the person that has been uploaded from the device to the National COVIDSafe Data Store as soon as practicable, or if it is not practicable, the data store administrator must not use or disclose the data for any purpose ONLY IF
a request to delete their registration data has been made by a COVIDSafe user or a former-COVIDSafe user in relation to a communication device AND/OR
the user is unable to make the request or have they requested their parent, guardian or carer to make a request on their behalf to delete the registration data AND
the data is not de-identified data AND
the data was not uploaded from another COVIDSafe user's communication device and collected through the interaction between the devices
RULE Data deletion in case of error - Privacy Act 1988 s 94M PROVIDES the potential obligor is obligated to delete the data and notify the data store administrator that the data was received in error ONLY IF
the potential obligor received data related to the COVIDSafe app in error AND
the data (being considered here under s 94M) is COVID app data
RULE Data collection bar - Privacy Act 1988 s 94N PROVIDES the data store administrator is obligated to not collect COVID app data related to the user through a particular communication device ONLY IF
the person is a former-COVIDSafe user AND
the data (being considered here under s 94N) is COVID app data
RULE COVIDSafe data period - Privacy Act 1988 s 94P(1) PROVIDES the data store administrator is obligated not to collect any COVID app data or make the COVIDSafe app available to be downloaded ONLY IF
the COVIDSafe data period has ended
RULE COVIDSafe data period - Privacy Act 1988 s 94P(2) PROVIDES the data store administrator is obligated to delete all COVID app data from the National COVIDSafe Data Store as soon as reasonably practicable ONLY IF
the COVIDSafe data period has ended
RULE COVIDSafe data period - Privacy Act 1988 s 94P(3)(a) PROVIDES the data store administrator is obligated to inform the Health Minister and the Commissioner that all COVID app data has been deleted from the National COVIDSafe Data Store as soon as reasonably practicable ONLY IF
the COVIDSafe data period has ended
RULE COVIDSafe data period - Privacy Act 1988 s 94P(3)(b) PROVIDES the data store administrator is obligated to take all reasonable steps to inform all COVIDSafe users (other than former-COVIDSafe users) that all COVID app data has been deleted from the National COVIDSafe Data Store, data can no longer be collected, and that they should delete the COVIDSafe app from their communication devices ONLY IF
the COVIDSafe data period has ended
/*
RULE COVIDSafe data period - Privacy Act 1988 s 94Y PROVIDES the COVIDSafe data period has ended ONLY IF
the Health Minister has consulted, or considered recommendations from, the Commonwealth Chief Medical Officer or the Australian Health Protection Principal Committee AND
the Health Minister is satisfied that the use of the COVIDSafe app is no longer required or likely to be effective in preventing or controlling the entry, emergence, establishment or spread of COVID-19 AND
the Health Minister has determined by notifiable instrument the day that the COVIDSafe data period will end, and that day has passed.
*/
RULE COVIDSafe data period - Privacy Act 1988 s 94Y PROVIDES the COVIDSafe data period has ended ONLY IF
the Health Minister has determined by notifiable instrument the day that the COVIDSafe data period will end
AND that day has passed