Important restrictions on the COVIDSafe App

COVIDSafe was developed by the Australian Government to help keep the community safe from COVID-19. COVIDSafe uses Bluetooth® technology on your mobile phone to look for other devices with COVIDSafe installed. Your device will take note of contact you’ve had with other users by securely logging their reference code. If you or someone you’ve been in contact with is diagnosed with coronavirus, the close contact information securely stored in your phone can be uploaded and used — with your consent — by state or territory health officials to quickly trace people who’ve been exposed to the virus.

CLICK HERE for more information on COVIDSafe.

On 25 April 2020, the Australian Minister for Health issued a determination under the Biosecurity Act 2015 (Cth) regarding the COVIDSafe app (Determination). The Determination sets out:

  • The rights and obligations of those who download and use the app
  • Protection of the data stored within the app, and
  • The rights of those who elect not to download or use the app.

Important for employers to note is that clause 9 of the Determination states that a person must not require another person to download the app or have the app in operation on a mobile device. 

This means that employers cannot legally direct or require their employees, even those with employer-issued mobile devices, to:

  • Download the app (Download)
  • Ensure the app is operating on their mobile device (Operate), or
  • Consent to uploading data from the app on their mobile device (Consent).

There are additional provisions in the Determination which protect those who do not Download, Operate or Consent, regardless of their reasons for doing so. These protections include prohibiting employers from taking certain action against people (including employees) who do not Download, Operate or Consent. The Determination prohibits, among other actions:

  • An employer from refusing to enter into a contract (including an employment contract) with a person because that person has failed or refused to Download, Operate or Consent
  • An employer from terminating an employee’s contract of employment because the employee has failed or refused to Download, Operate or Consent
  • An employer from taking adverse action against an employee who has failed or refused to Download, Operate or Consent – including prohibitions preventing an employer from reducing an employee’s hours of work or otherwise detrimentally treating an employee
  • Anyone refusing a person (including an employee) entry to premises or participation in any activity due to that person’s failure or refusal to Download, Operate or Consent
  • Anyone refusing to receive or provide goods or services to another person (including an employee) due to that person’s failure or refusal to Download, Operate or Consent.

The Determination does not prohibit an employer from requesting that its employees Download, Operate or Consent, but care needs to be taken to ensure that this request is not misconstrued as a direction or requirement to do so.

It is also important to note that the Explanatory Statement to the issuing of the Determination indicates that any person who breaches the Determination may be guilty of an offence under the Biosecurity Act, which can constitute a criminal offence punishable by fines and imprisonment. Draft legislation has been proposed to provide legislative protection and broadly reflects the Determination. The draft Privacy Amendment (Public Health Contact Information) Bill 2020 will be considered by the Australian Parliament when it sits later this month.

Disclaimer: This summary is a guide only and is not legal advice. For more information on employers’ obligations, call NECA Legal (WA) Pty Ltd on 6241 6129 or email