By Aaron Dearden, Alison Baker and Karli Thomas of Hall & Wilcox
More than 4 million Australians have downloaded the Federal Government’s digital contact tracing app ‘COVIDSafe’ since it was launched on 26 April 2020. Many employers will want their employees to download COVIDSafe but can they ‘require’ employees to do so?
The Federal Government is urging more Australians to download the voluntary app to help slow the spread of COVID-19 and to allow social distancing restrictions to be eased.
Many employers will want their employees to download COVIDSafe to help protect the health and safety of their workforce, customers/clients and the wider community. However, it is important that employers are aware that while they may encourage employees to download or use COVIDSafe, they cannot ‘require’ employees (or any other person) to do so, whether by positive obligation, or by adverse consequences on the basis that the person has not downloaded, or does not use, the app.
A brief overview of COVIDSafe
COVIDSafe was established by the Australian Government in partnership with the medical community as a public health initiative to allow state and territory health officials to automate and improve manual contact tracing processes currently being undertaken by public health authorities.
COVIDSafe helps find ‘close contacts’ of COVID-19 cases by using Bluetooth to look for other devices that have the app installed. Anonymised user ID codes are exchanged in ‘digital handshakes’ when two phones with the app are within 1.5 metres for 15 minutes or more. The date, time, distance and duration of the contact are generated. This information is encrypted and stored on users’ phones for 21 days, before being deleted.
If a person is diagnosed with COVID-19, they will be asked to provide their consent to upload the information collected by their COVIDSafe app to the National COVIDSafe Data Store. This will allow state and territory health officials to use the anonymised contact information captured by the app to support their contact tracing processes.
While COVIDSafe has received some strong support, particularly from the health sector, it has also generated a large amount of privacy-related discussion.
The Government has sought to reassure users that information collected though the app will only be used for the purpose of contact tracing. To this end, the Government has put in place a number of safeguards with respect to the use of COVIDSafe and the protection of information collected by the app.
Prohibition on requiring persons to download or use COVIDSafe
On 25 April 2020, the Health Minister made a determination under the Biosecurity Act 2015 (Cth), which sets out a range of restrictions to protect information collected by the app and to ensure use of the app is voluntary (Biosecurity Determination).1
The Biosecurity Determination is a legislative instrument under the Biosecurity Act and has the force of law. However, it is expected that legislation will be introduced in Parliament in May 2020 to support the Biosecurity Determination.
The Biosecurity Determination contains a number of restrictions in respect of coercing the use of COVIDSafe.
The first set of restrictions relate to requiring another person to download or use COVIDSafe.
Subsection 9(1) of the Biosecurity Determination provides that a person must not require that another person:
- download COVIDSafe to a mobile telecommunications device;
- have COVIDSafe in operation on a mobile telecommunications device; or
- consent to uploading COVID app data from a mobile telecommunications device to the National COVIDSafe Data Store.
The second set of restrictions relate to adverse consequences taken because a person has not downloaded, or does not use, COVIDSafe.
Subsection 9(2) of the Biosecurity Determination provides that a person must not:
- refuse to enter into, or continue, a contract or arrangement with another person (including a contract of employment);
- take adverse action (within the meaning in the Fair Work Act 2009 (Cth) (FW Act)) against another person;
- refuse to allow another person to enter premises;
- refuse to allow another person to participate in an activity;
- refuse to receive goods or services from another person; or
- refuse to provide goods or services to another person,
on the ground that, or on grounds that include the ground that, the other person:
- has not downloaded COVIDSafe to a mobile telecommunications device; or
- does not have COVIDSafe in operation on a mobile telecommunications device; or
- has not consented to uploading COVID app data from a mobile telecommunications device to the National COVIDSafe Data Store.2
A person who contravenes a requirement in the Biosecurity Determination will commit an offence, punishable by a maximum penalty of up to five years’ imprisonment or 300 penalty units ($63,000) (or both).
What does this mean for employers?
The Biosecurity Determination prohibits employers (and other persons) from requiring another person to download, or use COVIDSafe, on a mobile telecommunications device. The Biosecurity Determination makes no reference to the ownership of the ‘mobile telecommunications device’ or to the purpose for which the device is used.
This means that while an employer may encourage their employees to download or use COVIDSafe, they cannot direct employees (or any other person) to download or use COVIDSafe, either on a personal mobile device or on a mobile device provided by the employer for business use.
In our view employers could not go so far as to recall employer-provided devices from employees and unilaterally install the app on such devices themselves (or install the app on new employer-provided devices for issuance) because the Biosecurity Determination ultimately gives employees the right to freely choose themselves whether to download, and use, COVIDSafe.
Under the Biosecurity Determination, an employer is also prohibited from (among other things):
- refusing to enter into, or continue, an employment contract or any other contract arrangement (for example, a contract with an independent contractor) with a person; or
- taking ‘adverse action’ (within the meaning in the Fair Work Act) against a person,
because the other person has not downloaded COVIDSafe, does not have COVIDSafe in operation on a mobile device or has not consented to uploading COVID app data to the National COVIDSafe Data Store. These prohibited grounds need only be ‘a’ reason for the adverse action.
‘Adverse action’ (within the meaning in the FW Act) includes a broad range of actions. It applies to actions taken against employees, prospective employees and independent contractors. Adverse action includes for example, dismissing an employee from their employment, taking disciplinary action against an employee, refusing to employ a prospective employee or discriminating against an employee or prospective employee.
As noted above, any contravention of a requirement in the Biosecurity Determination will constitute an offence (punishable by a maximum penalty of up to five years’ imprisonment or $63,000 (or both)).
In addition to penalties imposed under the Biosecurity Act, any direction by an employer that an employee download or use COVIDSafe may be open to legal challenge on the basis that it is not a lawful and reasonable direction. If an employer were to dismiss an employee for their failure to comply with such direction, the employer could be exposed to a successful unfair dismissal claim by an eligible employee, on the basis that there was no valid reason for the dismissal.
Given the strict requirements in the Biosecurity Determination, employers should act cautiously to ensure the download or use of COVIDSafe by employees is voluntary. While employers may encourage their employees to download or use the app, they must not direct (or otherwise require) employees (or any other person) to do so.
This article first appeared on the Hall & Wilcox website and is reproduced with permission.