Nick McKim (Tasmania, Australian Greens) Share this | Hansard source

Through you, Madam Chair, I thank Minister Payne for her responses to issues that were raised during the second reading contributions of many senators, including Australian Greens senators. I'm very pleased to hear that states and territories have been asked whether they would be happy with the data management protocols being released publicly. I understand there may need to be some revisions to those agreements or protocols as a result of this legislation being passed, but I genuinely hope that we and the Australian people are able to understand what particular safeguards are in those agreements or protocols. When the relevant data goes to state and territory health authorities, that does constitute one of the major vulnerabilities of the data that will be collected by the app.

Minister Payne also responded to questions that had been raised by a number of senators in regard to the operation of the US CLOUD Act by reminding us of something that we already knew—that this legislation does criminalise the provision of data overseas. Given the way the US CLOUD Act operates, Minister, I just need to place on the record that there is no way that you or anyone else can give the Senate, and therefore the Australian people, a 100 per cent guarantee that the data collected by this app will not end up in the hands of US law enforcement and security agencies. That is because under the US CLOUD Act, which specifically relates to data stored overseas from the US—and obviously that would include data stored in Australia—data is available and may be accessed under warrants issued by a US court. I asked the Attorney-General's Department about this in the Senate select committee last week, and it became clear that that 100 per cent guarantee could not be given. Even though I acknowledge the government has done its best by legislating here in Australia, the simple fact remains that the head of AWS in the US is likely to be far more concerned about the operation of US law than about the operation of Australian law. So, Minister, if you're able to give that 100 per cent guarantee, please feel free to do that. I don't think you'll be able to, and that constitutes another potential vulnerability for the data under this act.

Minister, I acknowledge that you weren't in the chamber during my contribution. That's obviously no criticism of you. Minister Cash, from memory, was the duty minister. But I did raise an issue, and I'd be appreciative if you'd be able to seek some advice on it and respond to me in the committee stage. That is around the data collected by this app not being limited to a 15-minute duration or to data being collected within a certain bluetooth range. So could you please confirm that this app actually collects data of a close contact, no matter what the duration of that contact is—in other words, a contact does not have to be for 15 minutes or more for this app to collect the data—and that the filtering of that data, if you like, will actually be done by state and territory health agencies after they receive the data. They will then filter it and only take action in regard to contacts of more than 15 minutes duration. If you're able to address that, Minister, I'd appreciate that.