Check-in apps are mandated in each Australian state jurisdiction and are considered crucial by health authorities to tracking and tracing potential COVID-19 contacts and cases.

Queensland was the last of the States to introduce a government QR code check-in app. Other states had such apps in place between September and December 2020.

It was only in May this year that Queensland introduced a purpose-built government coronavirus check-in app for mandatory use in hospitality venues rather than relying on the various and often time-consuming apps set up by individual businesses. One advantage of the standard app is checking in without having to enter your details each time. For contact tracers, it is faster, more reliable and more complete.

Other states have also mandated the use of apps for more than just hospitality venues. For example, in South Australia, it has been mandatory to use its government check-in app when entering all venues, events and businesses from supermarkets to petrol stations, since December 2020.

Now, the Queensland government has announced that in addition to the hospitality sector, from 1 am on Friday 9 July, the Check-In Qld app will be mandatory for a number of new sectors, including shopping centres, entertainment venues, personal care providers, gyms, libraries, museums and galleries, churches, and hospitals.

For a complete list of venues and businesses, see the Queensland Health site HERE.

While some may feel safer knowing that tracking and tracing is now more thorough, the civil liberties group Queensland Council for Civil Liberties (QCCL) has raised privacy concerns about the data collected by the app.

“The QCCL is extremely concerned about the government’s decision to make the Check-in QLD app mandatory for entry to even more venues without adequate privacy protection,” QCCL President Michael Cope said today.”

“Recently it was disclosed that Western Australian Police had had access to check-in data. Contrary to assurances of the Queensland government the same thing could happen here,” Michael Cope said.

Mr Cope said QCCL is calling on the government to pass specific legislation limiting the use of data collected, and providing for its destruction before extending the mandated use of the check in-app.

A spokesperson for the Department of Health told the Westender in April that per Queensland’s Privacy Policy, customer information collected through the Check-In Qld app “is encrypted and managed via secure storage in the existing Queensland Government data analytics platform.”

“Data collected is deleted after 56 days, a verified and irreversible process inbuilt into this secure storage system.”

“The App’s Privacy Notice and Policy was developed in consultation with the Privacy Commissioner to ensure compliance with the Information Privacy Act 2009 and the disclosure obligations under the Information Privacy Principles.”

“Prior to launching the Check in Qld App, a Human Rights Assessment was also undertaken,” the spokesperson said.

However, the QCCL says that under current arrangements, information collected using the Check-In Qld app may be disclosed to, and used by authorities:

  • with powers and responsibilities in relation to COVID-19 (and those helping them) such as the Chief Health Officer and Queensland Health (including the Hospital and Health Services) for compliance activities, and for the purposes of overseeing and managing the Queensland Government’s COVID-19 response;
  • where the use or disclosure is authorised or required by law.

The power to disclose the data for purposes “authorised or required by law” would permit police access to this data for non-covid related purposes at the stroke of a pen by a bureaucrat, Mr Cope said.

“The practice of police accessing Gocard data some years ago to make it easier to serve subpoenas, was done on exactly that basis.”

“Whilst processes were put in place to control such access in our view they were and are inadequate,” Mr Cope said.

The QCCL says the government should introduce specific legislation like that introduced for the National Covidsafe app to secure the privacy of Queenslanders in relation to the Check-in App data.

They say the legislation should:

  1. “have a defined end date, which we would suggest should be 30 September 2021 consistent with other covid emergency legislation passed by the parliament recently.
  2. specify that on that date, all data currently held will be deleted.
  3. Prohibit access by law enforcement to the data, including by subpoena or warrant.
  4. specify that the data is only to be accessed for contract tracing purposes and no other purposes. It must prohibit secondary use or disclosure of the data.
  5. specifically task the Privacy Commissioner with oversight of access to the data, including providing regular reports to the relevant Parliamentary committee.
  6. Not include delegation of the primary legislation or ministerial discretion, particularly relating to the sunset period.”

“QCCL strongly opposes the use of information gathered for health purposes for law enforcement or any other additional purpose. The use of the Checkin App should not be made mandatory for access to more places until this legislation is passed,” says Mr Cope.

Cover image: Shutterstock by Camilo Concha