Law-making in democracies in essence is about brute force – the government exercising the will of the majority, which it more politely calls its mandate.

This exercise of power usually doesn’t require consultation and taking into account diverging views when developing new laws. In the federal administration, the parliamentary drafters operate within a special sealed bubble within the Canberra bubble, instructed by government departments preparing drafting instructions that reflect what the Government says it wants legislated.

That drafting bubble and the drafts circulating within it are seldom exposed to public scrutiny. Government departments often consult with interested stakeholders in developing policy. This statement of policy may then influence the preparation of the drafting instructions that are passed to the parliamentary drafters.

Seldom are either the drafting instructions or draft bills circulated for comment by interested stakeholders or civil society organisations. If any outsiders are invited into the bubble, it will usually be only a very small circle of trusted confidants to the government of the day and their lobbyists. Exposure or working drafts of bills, common in some other democracies, remain the exception rather than the norm in Australia.

Control and predictability

Australian Governments like control and predictability. Exposing the government’s intentions to scrutiny is usually seen as antithetical to the government running the process. Government departments and agencies understand the zeitgeist and rarely push their Minister to open up the legislative drafting process.

As a result, we often end up with sub-optimally drafted bills entering the Parliament. The best public servants and the best parliamentary drafters can’t foresee and draft a bill to address all concerns that the government might actually wish to address, if the government were willing to run the perceived political risk, open up and ask.

Of course, it is not quite that straightforward. Federal governments of the past decade in Australia have had to take into account the crossbenchers in the Senate. Governments also need to ensure that a Bill doesn’t create so much noise from the opposition and the media that the government itself is imperilled in the mass media and the electorate. However, that is about as far as building consensus before introducing bills into the Parliament usually goes.

How the COVIDSafe app changed the game

Enter from stage left the villain and random disruptor of 2020, COVID-19, and from stage right, the vanquisher, the COVIDSafe app, and the Privacy Amendment (Public Health Contact Information) Bill 2020.

The Morrison Government’s task in legislating in support of the COVIDSafe contact tracing app was, of course, to get take-up and use by Australian mobile phone users as far above 40 per cent as reasonably possible.

Fulfilment of this task required the government to placate, if not satisfy, pesky human rights lawyers and privacy advocates, a constituency that many ‘in the Canberra bubble’ think can never be satisfied.

Subscribe to BusinessThink for the latest research, analysis and insights from UNSW Business School

Fulfilment of this task required building trust of a large segment of citizens that don’t trust apps, the government, law enforcement agencies, telecommunication companies, global data platforms, foreign spies, intelligence organisations, 5G (which caused all of this, of course), the neighbours, or whoever or whatever else.

Digital trust is hard won and easily lost. Federal governments have been pretty woeful at nurturing digital trust to date. Mandatory decryption, Robodebt, Censusfail, and MyHealth Record mandatory opt-in are poster children for how governments can readily erode digital trust.

And this task requires persuading Australian citizens to opt-in to sharing mobile phone data, which anyone who has thought data for more than five minutes knows can be an open window into our innermost lives: what we do, think, read, say, write or feel, with whom we do any of those things, and where, when and by inference why we do them.

Charting a new course

The Morrison Government and the sponsors of the Bill, the federal Attorney-General’s Department, accordingly faced yet another a novel challenge in its fight against novel coronavirus: completing, at running speed, an uphill slog of crafting law that created a good behavioural nudge for a sizeable and sceptical segment of the population that needed to be brought onboard to make the COVIDSafe app useful.

The task was only fulfilled by finding a new course up the mountain.

First, the government needed to agree to expressly exclude the sticky beaks of law enforcement agencies and other busybodies, well-meaning or otherwise, from COVIDSafe data in a bill sponsored by the Attorney-General’s Department, the department overseeing most law enforcement agencies.

Second, the responsible federal authority needed to agree to take end-to-end responsibility for management of COVIDSafe app data on the mobile phones and that data as it passed all the way through to the State or Territory contact tracer.

Every government authority dislikes assuming responsibility for acts and omissions of others, even when those others act under their direction and control and handle data within data ecosystems created and managed by the authority. If something goes wrong, the government authority has no deniability and will be held to account. However, with great data power should come great responsibility: the bill imposed that responsibility.

Third, responsibility means little without accountability and oversight. The task required a law requiring the responsible Federal agency to take on accountability, implement controls and safeguards, and expose itself to independent oversight.

Together, these are the kinds of demonstrable organisational accountability that governments (and Royal Commissions) now expect for the handling of sensitive and personal information about individuals by private sector organisations. However, governments have proven stubbornly resistant to accepting as necessary legislated controls on what they do and how they do it, and actively scornful of legislative controls that state what government says its departments and agencies have no intention of ever doing.   

Setting a precedent?

So novel coronavirus delivered a novel example of a government agency recognising that it couldn’t just say, trust us, we only want this data for the purpose that we have told you we want it for, and we’ll keep this data safe from all other arms of governments (Federal, State and Territory), and courts, and employers, that might want this data for other purpose.

By promoting a bill that ultimately incorporated these features, albeit not perfectly, the Morrison Government and the Federal Attorney-General’s Department endeavoured to demonstrate that they should be gifted digital trust in the COVIDSafe app by a sceptical segment of citizens who collectively held in their hands the power to withhold that gift.

All in all, the Federal Government and Attorney-General’s Department rose to that challenge. They listened to some of those pesky privacy advocates and rights lawyers, among others, and took into account a fair bit of what they had to say.

Will we see a repeat of this new consultative process and legislating for demonstrably good data governance and data accountability by government agencies?

Maybe.

If so, that would be one of those few excellent things to come out of this very bad crisis.

Frequently asked questions

What is the COVIDSafe legislation in Australia?
The COVIDSafe legislation refers to the Privacy Amendment (Public Health Contact Information) Bill 2020, which sets rules for data collected by the COVIDSafe app.

How did COVIDSafe affect Australian law-making?
The COVIDSafe Bill marked a departure from closed drafting processes by requiring greater accountability, privacy protections, and public trust measures.

Why is digital trust important in government legislation?
Digital trust is essential for citizen confidence in government use of data, particularly in sensitive areas like health and surveillance.

What role did privacy advocates play in the COVIDSafe Bill?
Privacy advocates influenced changes by pressing for accountability, independent oversight, and limits on government use of COVIDSafe data.

Will future Australian laws follow the COVIDSafe precedent?
It is uncertain, but the COVIDSafe Bill demonstrated a shift toward more transparent legislative practices that may influence future lawmaking.

Peter Leonard is Professor of Practice in the School of Information Systems & Technology Management, and School of Taxation & Business Law at UNSW Business School.