Nick McKim (Tasmania, Australian Greens) Share this | Hansard source

by leave—I move the Australian Greens amendments on sheet 8954 together:

(1) Schedule 1, item 1, page 4 (line 6), at the end of the definition of registration data , add ", and includes the person’s phone number".

(2) Schedule 1 , item 2 , page 11 (line 3) , before " A person ", insert " (1) ".

(3) (2) A person commits an offence if:

     (a) the person decrypts encrypted data; and

     (b) the data is COVID app data that is stored on the National COVIDSafe Data Store; and

     (c) the decrypting of the data is not for the purpose of, and only to the extent required for the purpose of, undertaking contact tracing.

Penalty:   Imprisonment for 5 years or 300 penalty units, or both.

(4) (ba) show whether or not the other person has COVIDSafe downloaded or in operation on a communication device; or

(5) (1A) An act or practice in breach of a requirement of the Biosecurity (Human Biosecurity Emergency) (Human Coronavirus with Pandemic Potential) (Emergency Requirements—Public Health Contact Information) Determination2020 in relation to an individual, which occurs before the commencement of this Part, constitutes an act or practice involving an interference with the privacy of the individual for the purposes of section 13.

Note: The act or practice may be the subject of a complaint under section 36.

(6) Schedule 1 , item 2 , page 15 (line 15) , after " subsection (1) ", insert " or (1A) ".

(7) Schedule 1, item 2, page 15 (line 18), at the end of subsection 94R(2), add "or the determination referred to in subsection (1A)".

I'll just briefly explain these amendments. As I said in my contribution on the second reading, we do acknowledge that there are significant protections on privacy contained in this legislation. In fact, it ought to set a minimum standard for government in terms of protecting people's personal information and private data. It's quite shameful that a number of other sets of data collected by the Commonwealth government are not protected to the extent that data collected by this app will be. However, as ought to be obvious by our amendments, we still believe that this bill could be strengthened and more robust protections placed around the data collected by the app, and that is what our amendments seek to do.

The first amendment relates to the definition of COVID app data. I acknowledge the improvements that the government has made in the legislation that we're considering compared to the exposure draft which was originally released publicly. As a result of those amendments, the bill now covers registration data and has narrowed significantly what de-identified information is carved out from the definition. But the bill doesn't seem, on our view, to cover phone numbers, and it really should, because mobile phone numbers are in themselves personal information, because of the separate requirement under telecommunication laws for proof of identity when someone becomes a mobile phone subscriber. So our first amendment on sheet 8954 adds the person's phone number into the bill's definition of registration data.

Our second amendment, around decrypting the data store, will also extend prohibitions in the bill on decrypting data on communications devices to include all data that is stored in the national COVIDSafe data store and is not required for the purpose of tracing contacts of verified COVID-19 carriers.

The next amendment is the creation of an additional COVIDSafe offence. Proposed section 94H makes it an offence to require someone to download the app, have the app operating or consent to uploading data from their communication device to the national COVIDSafe data store. This amendment will make it an offence to require someone to show you whether they have downloaded the app onto their communications device or not. This will further reduce the potential for this app to be used for discriminatory purposes.

The next amendment is in regard to a breach of the biosecurity determination. This amendment would ensure that the protections from interference with privacy that will be provided by part VIIIA of the Privacy Act after royal assent to this bill will also be provided from the commencement of the determination. That will allow the Information and Privacy Commissioner to investigate and report on all data collected and stored by COVIDSafe.

Finally on this sheet are consequential amendments to remove limitations. This includes removing exemptions for the disclosure of personal information to ASIO, ASIS, the Australian Signals Directorate and the Office of National Intelligence and provides that these exemptions do not apply, so a disclosure in breach of the new COVIDSafe app privacy requirements to one of those agencies would still constitute an interference with privacy.

I commend these amendments to the chamber.