Law-making in democracies in essence is about brute force – the government exercising the will of the majority, which it more politely calls its mandate.

This exercise of power usually doesn’t require consultation and taking into account diverging views when developing new laws. In the federal administration, the parliamentary drafters operate within a special sealed bubble within the Canberra bubble, instructed by government departments preparing drafting instructions that reflect what the Government says it wants legislated.

That drafting bubble, and the drafts circulating within it, is seldom exposed to public scrutiny. Government departments often consult with some interested stakeholders in development of policy. This statement of policy may then influence the preparation of the drafting instructions that are passed to the parliamentary drafters.

Seldom are either the drafting instructions, or draft bills, circulated for comment by interested stakeholders or civil society organisations. If any outsiders are invited into the bubble, it will, usually be only a very small circle of trusted confidants to the government of the day and their lobbyists. Exposure or working drafts of bills, common in some other democracies, remain the exception rather than the norm in Australia.

Control and predictability

Australian Governments like control and predictability. Exposing government’s intentions to scrutiny is usually seen as antithetical to government running the process. Government departments and agencies understand the zeitgeist and rarely push their Minster to open up the legislative drafting process.

As a result, we often end up with sub-optimally drafted bills entering the Parliament. The best public servants and the best parliamentary drafters can’t foresee and draft a bill to address all concerns that the government might actually wish to address, if government was willing to run the perceived political risk, open up and ask.

Of course, It is not quite that straightforward. Federal governments of the past decade in Australia have to take into account the crossbenchers in the Senate. Governments also need to ensure that a Bill doesn’t create so much noise from the opposition and the media that the government itself is imperilled in the mass media and the electorate. However, that is about as far as building consensus before introducing bills into the Parliament usually goes.

How the COVIDSafe app changed the game

Enter from stage left the villain and random disrupter of 2020, COVID-19, and from stage right, its would be vanquisher, the COVIDSafe app and the Privacy Amendment (Public Health Contact Information) Bill 2020.

The Morrison Government’s task in legislating in support of the COVIDSafe contact tracing app was, of course, to get take-up and use by Australian mobile phone users as far above 40 per cent as reasonably possible.

Fulfilment of this task required the government to placate, if not satisfy, pesky human rights lawyers and privacy advocates, a constituency that many ‘in the Canberra bubble’ think can never be satisfied.

Fulfilment of this task required building trust of a large segment of citizens that don’t trust apps, the government, law enforcement agencies, telecommunication companies, global data platforms, foreign spies, intelligence organisations, 5G (which caused all of this, of course), the neighbours, or whomever or whatever else.

That digital trust is hard won and easily lost. Federal governments to-date have been pretty woeful at nurturing digital trust. Mandatory decryption, Robodebt, Censusfail, and MyHealth Record mandatory opt-in, are poster children in how governments can readily erode digital trust.

And this task requires persuading Australian citizens to opt-in to sharing mobile phone data, which anyone who has thought data for more than five minutes knows can be an open window into our innermost lives: what we do, think, read, say, write or feel, with whom we do any of those things, and where, when and by inference why we do them.

Charting a new course

The Morrison Government and the sponsors of the Bill, the federal Attorney-General’s Department accordingly faced yet another a novel challenge in its fight against novel coronavirus: completing, at running speed, an uphill slog of crafting law that created a good behavioural nudge for a sizeable and sceptical segment of the population that needed to be brought onboard to make the COVIDSafe app useful.

The task was only fulfilled by finding a new course up the mountain.

First, government needed to agree to keep the sticky beaks of law enforcement agencies and other busybodies, well-meaning or otherwise, out of COVIDSafe data, by express exclusion in a bill sponsored by the Attorney-General’s Department, the department overseeing most law enforcement agencies.

Second, the responsible federal authority needed to agree to take end-to-end responsibility for management of COVIDSafe app data on the mobile phones and that data as it passed all the way through to the State or Territory contact tracer.

Every government authority dislikes assuming responsibility for acts and omissions of others, even when those others act under their direction and control and handle data within data ecosystems created and managed by the authority. If something goes wrong, the government authority has no deniability and will be held to account. However, with great data power should come great responsibility: the bill imposed that responsibility.

Third, responsibility means little without accountability and oversight. The task required a law whereby the responsible Federal agency took on accountability, implemented controls and safeguards and exposed itself to independent oversight.

Together, these are the kinds of demonstrable organisational accountability that governments (and Royal Commissions) now expect for handling of sensitive and personal information about individual by private sector organisations. However, governments have proven stubbornly resistant to accepting as necessary legislated controls on what they do and how they do it, and actively scornful of legislative controls that state what government says its departments and agencies have no intention of every doing.   

Setting a precedent?

So novel coronavirus delivered a novel example of a government agency recognising that it couldn’t just say, trust us, we only want this data for the purpose that we have told you we want it for, and we’ll keep this data safe from all other arms of governments (Federal, State and Territory), and courts, and employers, that might want this data for other purpose.

By a promoting a bill that ultimately incorporated these features, albeit not perfectly, the Morrison Government and the Federal Attorney-General’s Department endeavoured to demonstrate that they should be gifted digital trust in the COVIDSafe app by a sceptical segment of citizens who collectively held in their hands the power to withhold that gift.

All in all, the Federal Government and Attorney-General’s Department rose to that challenge. They listened to some of those pesky privacy advocates and rights lawyers, among others, and took into account a fair bit of what they had to say.

Will we see a repeat of this new consultative process and legislating for demonstrably good data governance and data accountability by government agencies?

Maybe.

If so, that would be one of those few excellent things to come out of this very bad crisis.

Peter Leonard is Professor of Practice in the School of Information Systems & Technology Management, and School of Taxation & Business Law at UNSW Business School. For more information contact Professor Leonard directly.