LSB September 2021 LR

More documents

Recommendations

Info

FEATURE reluctance to implement any legislation to guard against law enforcement authorities obtaining access to such data for use for purposes other than contact tracing. 33 FORM OF ANY LEGISLATIVE SAFEGUARDS The legislation adopted by the Commonwealth, and Western Australia, serve as useful examples, of the form of legislative safeguards required in South Australia. At the Commonwealth level, there is the Privacy Amendment (Public Health Contact Information) Act 2020 (Cth). 34 This legislation regulates the collection, storage, use and disclosure of the personal information of persons captured by the use of the application COVIDSafe. The legislation criminalises the unauthorised collection, use or disclosure of data obtained via COVIDSafe. The same legislation provided that the collection, use or disclosure of such data was, relevantly, only permitted for the purpose of, and only to the extent required for the purpose of: (i) investigating possible non-authorised collection, use or disclosure of data obtained via COVIDSafe; or (ii) prosecuting a person for an offence regarding the non-authorised collection, use or disclosure of data obtained via COVIDSafe. 35 More recently, Western Australia has enacted the Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021 (WA). This Act provides protections similar to those outlined above in relation to Privacy Amendment (Public Health Contact Information) Act 2020 (Cth). 36 However, further, this Act explicitly provides that ‘entry registration information’ 37 is not admissible in evidence in any criminal or civil proceedings other than proceedings for an offence relating to compliance with an obligation under the Act, or the recording or disclosure of entry registration information. 38 As was explained during the Second Reading Speech: This bill will introduce a strong, clear and comprehensive legislated framework for regulating the use of entry registration information. …This is in recognition of the critical importance of this information in our public health response to this pandemic and the need to maintain public confidence in our entry registration arrangements. 39 The legislation adopted by the Commonwealth and Western Australia address some of the concerns which remain with the current legislative framework in South Australia. However, the legislation adopted by the Commonwealth and Western Australia is not without issue. For example, the legislation adopted by the Commonwealth does not explicitly state that data obtained via COVIDSafe is not admissible as evidence in criminal or civil proceedings unrelated to contact tracing (although it can be inferred). Further, the legislation adopted by Western Australia does not address what other use can be made of ‘entry registration information’. The legislation does not explicitly protect against the use of such information (regardless of how obtained) to uncover other evidence against the individual who provided the information. This is what might be described as a prohibition on ‘indirect use’ or protection from ‘derivative use’. 40 An example of such indirect or derivative use is using data collected via COVID SAfe Check-In to obtain a search warrant (which in turn is used to obtain other evidence against the individual in question). 41 CONCLUSION Assurances that the data collected via COVID SAfe Check-In will not be used for any purpose other than contact tracing are insufficient given that they are without legislative basis. To the contrary, the Emergency Management Act makes specific provision for the disclosure of information, such as the data collected via COVID SAfe Check-In. As outlined above, this lack of legislative safeguards remains concerning for a number of reasons. To remedy the situation, and consistent with the assurances given, the State Government should introduce legislation which addresses and prohibits disclosure, use (including as admissible evidence), and derivative use, of data collected via COVID SAfe Check-In (or any other electronic platform), for any purpose beyond contact tracing in relation to COVID-19. Put simply, not only is the data collected via COVID SAfe Check-In of critical importance in our public health response to this pandemic, but so too is the trust and willingness of South Australians to provide such information so long as called upon. This article is based upon legislation as in effect as at 2 August 2021. B Endnotes 1 Acknowledgements: The author wishes to thank Associate Professor Matthew Stubbs, and others, for valuable feedback regarding earlier drafts of this article. Any errors are the author’s own. Eugene Boisvert, ‘South Australia coronavirus cluster grows again as pizza bar link confirmed’, ABC (Web Page, 26 November 2020) ; ‘SA to roll out mandatory QR check-ins for venues’, Sky News (Web Page, 27 November 2020) ; Emergency Management (Public Activities No 13) (COVID-19) Direction 2020, cl 10. 2 Emergency Management Act 2004 (SA), s 28(1) (‘Emergency Management Act’). 3 Boisvert, ‘South Australia coronavirus cluster grows again as pizza bar link confirmed’ (n 1); ‘SA to roll out mandatory QR check-ins for venues’ (n 1). See, also, Emily Cosenza, ‘South Australia shuts out Victorian travellers from midday on Saturday’, The Australian (online, 17 July 2021) ; Steven Marshall MP and Stephen Wade MLC, ‘Operation COVID Shield Begins’ (Media Release, 22 February 2021) . 4 ‘QR codes are being rolled out in venues across South Australia — here’s what you need to know’, ABC (Web Page, 1 December 2020) ; Andrew Hough and Kara Jung, ‘Contact tracing in SA: What you need to know’, The Advertiser (online, 17 November 2020)
FEATURE news-story/9aa67e8c9ed436669771cdecc7cdce 3f>; Stephanie Richards, ‘Law Society warning over COVID QR check-in data privacy’, InDaily (Web Page, 6 January 2021) ; ‘COVID SAfe Check-In: Frequently asked questions for the community’, Government of South Australia (Web Page, 7 June 2021) . 5 Emily Olle, ‘Woodville Pizza Bar worker’s COVID interview with SA Health officials “privileged”’, 7NEWS (Web Page, 2 December 2020) . 6 Patrick James and Lynton Grace, ‘Prof Spurrier says interview with Woodville Pizza Bar worker came under patient confidentiality’, The Advertiser (online, 4 December 2020) . 7 Andrew Hough and Gabriel Polychronis, ‘SA Police Commissioner warns against QR code complacency’, The Advertiser (online, 6 February 2021) ; Andrew Hough, ‘Covid-19: SA Health uses QR code data in state first to trace coronavirus contacts of infectious miner Adam Ryan’, The Advertiser (online, 7 July 2021) ; Emergency Management (Activities – General No 3) (COVID-19) Direction 2021, cl 7. 8 Cam Wilson, ‘Who’s been looking at your check-in data? We asked the states and territories to “fess up”’, Crikey (Web Page, 1 July 2021) ; Evidence to Public Accounts and Estimates Committee, Parliament of Victoria, Melbourne, 21 June 2021, 3-4 (Shane Patton, Chief Commissioner of Police), 6 (Danny Pearson, MP, Acting Minister for Police and Emergency Services); Eliza Laschon, ‘Check-ins to SafeWA app unaffected after WA Police accessed data as part of criminal investigations’, ABC (Web Page, 19 June 2021) ; Michael Ramsey, ‘Privacy infringement fears after police access data from SafeWA contact tracing app’, 7NEWS (Web Page, 15 June 2021) . 9 Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021 (WA); Melissa Coade, ‘WA Police murder investigation using QR contact tracing data prompts law reform’, The Mandarin (Web Page, 16 June 2021) . 10 7NEWS Adelaide (Facebook, 20 July 2021, 10:57pm ACST) ; Andrew Hough, Brad Crouch, Dixie Sulda, and Paul Starick, ‘Double Jeopardy: High alert as cluster doubles’, The Advertiser (Adelaide, 22 July 2021), 4; see Emergency Management (Activities – General) (COVID-19) Direction 2021, cl 7(6)-(7). 11 Declaration of a Major Emergency, State Coordinator, 22 March 2020; Approval of Extension of a Major Emergency Declaration under section 23, Approval of the Governor, 22 July 2021. 12 Emergency Management Act (n 2) s 25(1). 13 Ibid s 25(2)(ka). 14 See, eg, Emergency Management (Public Activities No 12) (COVID-19) Direction 2020, cl 10(4), 15(1), which required a person to make and retain contact tracing records for persons attending the activity. Such records had to include certain details in relation to each person attending. 15 ‘relevant contact details’ means a person’s name, telephone number and the time at which the person entered at the relevant place. See Emergency Management (Public Activities No 13) (COVID-19) Direction 2020, cl 10(7) (definition ‘relevant contact details’). 16 Emergency Management (Public Activities No 13) (COVID-19) Direction 2020, cl 10(4). 17 Ibid cl 10(7). 18 See, eg, Emergency Management (Activities – General No 3) (COVID-19) Direction 2021, cl 7. The use of ScanTek was later discontinued as means of registering attendance at a venue with effect from 17 February 2021 (see Emergency Management (Public Activities No 19) (COVID-19) Direction 2021, Sch 3, cl 1(5) (definition of ‘approved contact tracing system’)). 19 Emergency Management (Public Activities No 22) (COVID-19) Direction 2021, Sch 3, cl 1(6)-(8). 20 Richards, ‘Law Society warning over COVID QR check-in data privacy’ (n 4); Eugene Boisvert, ‘Privacy concerns about SA Government’s mySA GOV QR code coronavirus contact tracing app’, ABC, (Web Page, 27 November 2020) ; Bension Siebert, ‘Privacy concerns as South Australia becomes latest state to flag QR code contact tracing’, ABC (Web Page, 3 November 2020) . 21 South Australia, Parliamentary Debates, House of Assembly, 2 February 2021, 3705 (Vickie Chapman). The State Government has also cited the Information Privacy Principles Instruction (‘Instruction’) as governing the disclosure of collected via COVID SAfe Check-In. However, the Instruction does not further assist in addressing the concerns raised; the Instruction explicitly provides that personal information can be used by an agency (or disclosed by an agency to a third person) if, relevantly, the use/disclosure is ‘required or authorised by or under law’ or ‘reasonably necessary for the enforcement of the criminal law’. 22 Emergency Management Act (n 2) s 31A(e). 23 See, eg, Supreme Court Criminal Rules 2014 (SA), r 78, Ch 14; Uniform Civil Rules 2020 (SA), r 156.13, Ch 17, Pt 5; Mahaffy v Mahaffy [2013] NSWSC 245, [105]. 24 Australian Federal Police v XYZ (2015) 123 SASR 274, 281-2 [40]. 25 Milisits v South Australia (2014) 119 SASR 538. 26 Regina (C’Wealth) v Baladjam & Ors [No 29] [2008] NSWSC 1452; Roberts-Smith v Fairfax Media Publications Pty Limited (No 14) [2021] FCA 552. 27 Jacobsen v Rogers (1995) 182 CLR 572, 589. 28 R v Lobban (2000) 77 SASR 24. 29 Health Care Act 2008 (SA), s 93. 30 Western Australia, Parliamentary Debates, Legislative Council, 15 June 2021, 1408a (Matthew Swinbourn). 31 R v Rockford (2015) 122 SASR 391. 32 Wilson, ‘Who’s been looking at your check-in data? We asked the states and territories to “fess up”’ (n 8); Evidence to Public Accounts and Estimates Committee, Parliament of Victoria, Melbourne, 21 June 2021, 3-4 (Shane Patton, Chief Commissioner of Police). 33 Evidence to Public Accounts and Estimates Committee, Parliament of Victoria, Melbourne, 21 June 2021, 6 (Danny Pearson, MP, Acting Minister for Police and Emergency Services). 34 Privacy Amendment (Public Health Contact Information) Act 2020 (Cth) which inserted Part VIIIA (titled ‘Public health contact information’) into the Privacy Act 1998 (Cth). 35 Privacy Act 1998 (Cth), s 94D(2)(e). 36 Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021 (WA), s 6(1), (4)-(5). 37 ‘entry registration information’ is the information collected via SafeWA, the Western Australian equivalent of COVIDSAfe Check-In. 38 Protection of Information (Entry Registration Information Relating to COVID-19 and Other Infectious Diseases) Act 2021 (WA), s 6(2). 39 Western Australia, Parliamentary Debates, Legislative Council, 15 June 2021, 1409a (Matthew Swinbourn). 40 Queensland Law Reform Commission, The Abrogation of the Privilege against Self-Incrimination (Report No 59, December 2004), 19; X7 v Australian Crime Commission (2013) 248 CLR 92, 106 [17]. 41 See, eg, Commonwealth Director of Public Prosecutions v Leach (No 3) [2020] QDC 42. September 2021 THE BULLETIN 15
Page 1 and 2: THE BULLETIN THE LAW SOCIETY OF SA
Page 3 and 4: This issue of The Law Society of So
Page 5 and 6: PRESIDENT’S MESSAGE Emergency pow
Page 7 and 8: EXECUTIVE POWER powers as does the
Page 9 and 10: FROM THE CONDUCT COMMISSIONER Poach
Page 11 and 12: FEATURE by the Committee. With the
Page 13: FEATURE information protected by th
Page 17 and 18: EXECUTIVE POWER The High Court deci
Page 19 and 20: WELLBEING & RESILIENCE R U Ok? U R
Page 21 and 22: YOUNG LAWYERS facebook.com/YLCSA Ca
Page 23 and 24: FEATURE to aid learning and underst
Page 25 and 26: COMPULSORY ACQUISITION An artist's
Page 27 and 28: COMPULSORY ACQUISITION is an essent
Page 29 and 30: FAMILY LAW appeals (the highest num
Page 31 and 32: FAMILY LAW Child Dispute Services a
Page 33 and 34: TAX FILES in a balance sheet withou
Page 35 and 36: EVENTS the majority shareholder be
Page 37 and 38: SUCCESSION LAW financial benefit is
Page 39 and 40: BOOKSHELF J Anderson 4 th ed Federa
Page 41 and 42: RISK WATCH more complex emails) and
Page 43 and 44: UNCONSCIONABLE CONDUCT and reckless
Page 45 and 46: FAMILY LAW CASE NOTES Family Law Ca
Page 47 and 48: CLASSIFIEDS VALUATIONS MATRIMONIAL

LSB September 2021 LR

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?