Based on what the Inspector-General of Intelligence and Security (IGIS) has found, Australia’s intelligence and security agencies may have “incidentally” collected COVIDSafe contact tracing app’s data during the first six months after its launch. These findings were all a part of the report IGIS submitted to the Australian Information Commissioner.
The report furnished by IGIS stated that the data collection may have occurred “in the course of lawful collection of other data” which also makes it permissible under the country’s Privacy Act. One of the spokespeople for IGIS told a local news outlet that “execution of warrants” could be a possible reason why COVID app data collection could have occurred.
“Collection is considered ‘incidental’ if it is not possible or practicable to collect the data covered by the warrant without also inadvertently collecting COVIDSafe ap data,” said a spokesperson from IGIS.
It is worth noting that IGIS is not precisely pointing out which among the six intelligence and security agencies in its jurisdiction has been “incidentally” collecting user data. IGIS also stated that agencies were “taking steps to ensure any COVID app data is deleted as soon as practicable.” Even the country’s Privacy Act mandates that any state agency collecting COVIDSafe app data incidentally on grounds of “lawful collection of information” is to delete the data “as soon as practicable.”
The government has even passed strict punishments in case of disclosure, decryption, use, or collection of data for other purposes apart from contact tracing, which the data is originally intended for. What’s more, even IGIS is planning to verify whether the app data is being “deleted as soon as practicable after an agency becomes aware that it has been collected” over a period of six months.
“IGIS anticipates those inspections being completed prior to the next report to the Information Commissioner,” said a spokesperson.