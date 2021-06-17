The Australian Information Commissioner (OAIC) ​​Office has released its second semi-annual report on the privacy and security of the controversial Australian application COVIDSafe.

While there were no reports of violations, no complaints made and no ongoing investigations, the OAIC said the application, preceded by Prime Minister Scott Morrison as a “digital sunscreen”, was the subject of 14 “investigations”.

This included 12 questions from individuals and two from businesses during the period 16 November 2020 to 15 May 2021.

“We provided general information in response to 11 questions and provided assistance on how to file a complaint in response to three questions,” report [PDF] said

During the Senate Appraisals last month, Information and Privacy Commissioner Angelene Falk said the OAIC, by the end of April, had received about 25 inquiries from members of the public seeking information about COVIDsafe and their privacy rights.

Breaking down the types of investigations, the report said the OAIC received 10 inquiries raising general issues or concerns about COVIDSafe, including an investigation into changes to the COVIDSafe Privacy Act and an investigation by an individual seeking to delete data uploaded to National COVIDSafe Data Store.

The OAIC also received four questions about a request to download or use COVIDSafe, which the report explained as an inquiry into a site that refuses individual entry if they do not use COVIDSafe or have not signed up using a QR code and a inquiry whether an employer may require an employee to download COVIDSafe.

Legislation wrapped in COVIDSafe prevents a directive from an employer or location to request the application be downloaded.

Falk told Senators last month that the OAIC has implemented a series of evaluations or controls of the COVIDSafe application, which she said assess privacy measures related to the Privacy Act and follow the “information life cycle” of the COVIDsafe application.

“We are appreciating the protection of security and access to the national COVIDSafe data storage environment,” she said. “We are also evaluating the way in which information is obtained from states and territories. And the legislation passed by Parliament at this time last year gave my office jurisdiction over the handling of states and territories of that COVIDSafe application data. “

OAIC has four assessments in progress. The report said the OAIC has advanced draft reports for all of them.

The agency also provided guidance to state and territory health authorities regarding COVIDSafe and COVID application data during the reporting period.

Also included in the OAIC document is a report by the Inspector General of Intelligence and Security (IGIS).

IGIS reviewed the compliance of the agencies it oversaw between 16 November 2020 and 15 May 2021 and said it remains satisfied that these agencies have appropriate policies and / or procedures and are taking reasonable steps to avoid intentional collection of application data COVID.

“IGIS staff have conducted inspections of these agencies to determine whether the COVID application data that was randomly collected as part of the agency’s functions was not accessed or used, and that any COVID application data was deleted as soon as possible. possible once the agency becomes aware is assembled, “IGIS wrote in its brief report.

“While the relevant agencies accidentally collected data from the COVID applications, which the Privacy Act acknowledges may occur, IGIS found that there is no evidence to suggest that these agencies intentionally targeted or decrypted, accessed or used data tilla. “

IGIS has not received any complaints or disclosures of public interest regarding the COVIDSafe application data, but said there were ongoing discussions between the parties concerned regarding the implementation of the anti-disclosure prohibition as set out in the Privacy Act.

COVIDSafe, according to the Digital Transformation Agency, had received 567 close contacts that were not found through manual contact tracking, a large increase from the previous number of 17 contacts. The agency said there have been 779 uploads to the National Data Store since the beginning last year.

Earlier this week, the Western Australian government introduced legislation that would keep information received through SafeWA check-in app from trackers out of contact with state law enforcement authorities.

The state currently has no protection for such information, with WA Police using it to investigate “two serious crimes”.

“The system was introduced in the midst of the global pandemic and while access to this information was legal, the WA government’s intention was that contact logs be used for contact tracking purposes only,” the government said.

“Information collected through the SafeWA application has never been able to be used for commercial purposes. This will remain in line with the new legislation.”

A B C Wednesday reported the state government was forced to introduce legislation after failing to reach an agreement with the police. The report shows that Prime Minister Mark McGowan revealed in April that police were receiving data to find witnesses to a number of serious crimes, including a murder, but were not previously aware of it.

“We tried to negotiate a deal with the police. They advised it was legal and they could not do things that are legal,” he told Radio ABC Perth.

WA Police Commissioner Chris Dawson said the circumstances requiring access to SafeWA data were exceptional.

“I admit that people do not always read printed in security policies or whatever, and this is a very important principle, but the police have only received information twice out of 240 million transactions and those were extraordinary circumstances, and it is legal, “he said, speaking further 6PR radio

“Police have a duty to investigate the crime and we are talking about a man who was shot in a public arena with a gun claimed to be of high power and other people were injured.”

The state opposition has called it “a breach of trust”.

