In a bid to reawaken the Australian economy, the Federal Government is developing a return to work health and safety “toolkit” and is encouraging workplaces to become “COVID-safe”. At the same time, the Government is continuing to encourage the public to download its COVIDSafe digital contact-tracing App.
As recently reported by our Data Privacy & Cybersecurity team, the App is designed to record Bluetooth “digital handshakes” between app users’ mobile phones. If an App user tests positive for COVID-19, they are asked to upload this data to the National COVIDSafe Data Store for the purpose of tracing community transmission of the virus. The Government is touting widespread use of the App as essential to the lifting of social distancing restrictions. In light of this message many employers will be urging their employees to download the App, in the hope of returning to normal business as soon as possible. However, any employer attempting to compel their staff to download the App will be in breach of legislation. Some employers have already taken the Government’s encouragement a step too far, including a Sydney Council which recently found itself in hot water after reportedly ordering employees to install the App on their work phones.
Despite Government enthusiasm and the seeming common sense of the measure, it is clear that in striving for a COVID-safe workplace, employers do not have the power to direct employees to download or use the COVIDSafe App. Its launch led unsurprisingly to debate over the security and privacy of App users’ data. To quell data protection concerns, the Government introduced legislation to govern the use of the App through amendments to the Privacy Act 1988 (Cth), which passed Parliament on 14 May. Under the new legislation (the Privacy Amendment (Public Health Contact Information) Bill 2020), it is an offence to:
- require another person to download or use the App or to consent to uploading App data to the Data Store; or
- take certain action against a person because (or for reasons including that) the person has not downloaded the App, does not have the App in operation on a mobile device, or has not consented to uploading data from the App to the Data Store. Such prohibited action includes:
- refusing to enter into, or continue, an employment contract with another person;
- refusing to allow another person to enter certain premises or participate in an activity (such as refusing to allow an employee to enter their normal workplace); and
- taking adverse action within the meaning of the Fair Work Act 2009 (Cth) against another person.
In the FW Act, the term ‘adverse action’ is wide-ranging, extends beyond employees to independent contractors and job candidates, and includes dismissing an employee, discriminating between employees and ‘injuring’ an employee in their employment.
The legislation makes it clear that employers cannot lawfully direct employees (encourage, yes, but not instruct) to install the App or take adverse action against employees because they fail to do so. Breaching these provisions may lead to fines of up to AUD$63,000 and/or 5 years’ imprisonment, so however sensible employers may believe the App to be and however unpersuaded they are by the employee’s reason for refusing, it is not something which should be pushed. In addition, where adverse action under the FW Act is taken by the employer against someone who declined to use/install, etc., the burden will be on it to show that the real reason for that action was for something unrelated. So while the Government’s new workplace safety protocols will hopefully help guide employers towards re-opening their businesses safely, instructing employees to install the App is one tool that is not available.