Despite Australia having a national contact tracing app, a range of QR-code based check-in solutions have sprung up to facilitate contact tracing in the fight against COVID-19.

You might have heard that the Australian Government was performing a review of the handling of personal information by the COVIDSafe contact tracing app. The OAIC has just published its report of that review for May - November 2020. A few takeaways:

  • This is the first in a series of 6-monthly reports - and it's early days so the report focuses mainly on describing what the OAIC has been and is doing to review the COvIDSafe app.
  • Only 11 enquiries were received by the OAIC about COVIDSafe during this 6 month period, and only one of these resulted in advice on how to make a complaint. 
  • The OAIC has not found any evidence that Australian intelligence agencies have decrypted, accessed or used any COVIDSafe app data.
  • During the reporting period, 4 assessments were commenced by the OAIC in relation to access controls, privacy protection functionality and compliance with data handling, retention and deletion requirements in the context of the app.

As background to this review, the COVIDSafe app has has overall been perceived as a bit of a damp squib: although initially enjoying fast take-up among consumers, it was hampered by functionality issues and mistrust borne out of the earlier privacy concerns expressed by privacy advocates and security experts. The Government responded to some of these concerns by updating the app and amending privacy law to include specific protections for COVIDSafe data, and a specific oversight role for the OAIC in relation to the app.

Despite (or perhaps because of?) all the negative noise about COVIDSafe, in practice, the focus has now shifted to QR code check-ins at venues - in fact, in New South Wales, use of QR code check-ins has been made mandatory. However, QR code check-ins are not a direct substitute for the COVIDSafe app, and they have their fair share of problems too...