21 December 2020

In the light of the recent COVID flare-ups in Sydney, and hot on the heels of the ACT’s launch of its Check In CBR app, Queensland has announced that venues in the State will now be required to use electronic devices or QR codes to maintain registers of guests.

Premier Annastacia Palaszczuk and Chief Health Officer Dr Jeannette Young expressed their concern that incomplete entries and illegible handwriting meant much of the information in manual records was proving to be unusable. They laid down a 72-hour deadline (i.e. until Wednesday 23 December 2020) for venues to make the necessary arrangements. Failure to do so would bring about a tightening of restrictions – non-compliant businesses would be back to imposing the rule of one person per four square metres, with a complete ban on non-seated drinking. Compliant pubs, clubs and restaurants on the other hand would be able to continue with the more relaxed arrangements Queenslanders have gotten used to over the last few months.

Difficulties tracing a cluster of cases in south Brisbane have exposed the shortcomings of paper-based systems. As we previously discussed in our article on ACT’s new Check In app, anecdotal evidence suggests an ongoing reluctance by many individuals to engage properly with track and trace procedures. While it is not clear how far this is due to concerns over the reliability or trustworthiness of manual records and QR-enabled databases, it would certainly do no harm if Australians could be assured that all such schemes are fully compliant with the requirements of privacy law. Venues and app operators need to strike an appropriate balance between information security and public health policy, and it is important that the public feel that they can trust them not to mishandle their personal information.

As we reach the end of 2020, compliance with the Australian Privacy Principles is even more important than ever. Secure and robust apps could hold the key to controlling COVID and to do this, they only need to collect the minimum necessary data, keep it for no longer than the necessary requirement, and only use it for the stated purpose.

Data protection and privacy are complex issues. If you have any questions about the collection, storage, or processing of personal data around the world, especially in Australia or the European Union, please contact us.

This memo presents an overview and commentary of the subject matter. It is not provided in the context of a solicitor-client relationship and no duty of care is assumed or accepted. It does not constitute legal advice.

© Moulis Legal 2020