Towards a trustworthy COVIDSafe app

elevenM Principal Melanie Marks has joined other leading privacy experts in a submission to the Australian Government on what is required of new federal legislation that will govern the new COVIDSafe app. 


The COVIDSafe app has been introduced at an unprecedented moment and a time of national urgency. To ensure we garner the level of community trust necessary for the app to succeed, we also need unprecedented and urgent legislation that ensures the right privacy safeguards are in place.

This is the essence of a submission made to the Attorney General’s Department by Australia’s leading privacy thinkers.

The submission –  led by Peter Leonard (Principal, Data Synergies) and taking input from leading privacy practitioners including elevenM’s Melanie Marks – warns of a “backdoor” that could lead to leakage of data belonging to users of the COVIDSafe app, if new federal legislation governing the app is introduced without sufficient safeguards and coverage.

The paper lays out a series of suggestions to achieve the ultimate objective of ensuring the COVIDSafe app is safe for all citizens to use for its stated purpose of contact tracing.

State and Territory agencies – who will ultimately handle user data from the app – are currently not regulated by the Privacy Act. While the app states that a user’s data – which includes a log of other users of the app they have come in contact with – will only be used for contact tracing by State or Territory officials, the paper notes that enforcement of this currently relies merely on “agreement” and reassurances of “good intent”.

It argues for “legislated assurance” that the data won’t be potentially available to other government agencies, law enforcement and so on.

The paper recommends stronger safeguards and controls to ensure handling of COVIDSafe data by agencies is separated from other operations. It also calls for oversight of the legislation by a commissioner or ombudsman, and the encryption of all COVIDsafe app data in transit and at rest.

Read the full paper here.