> That's incorrect. The only crime that could be a valid reason for using the data is a breach of the emergency biosecurity laws
You haven't fully understood what I tried to convey. Whilst it is true that the data can only be copied from the data store for a restrictive reason, such as ensuring the security of the data store, once it is outside that store, it is no longer protected by the limitations.
So this sequence of events is possible, and legal:
+ Data store data is taken off site for a legitimate reason, such as validation, by the correct department.
+ The police upload from a suspect's CovidSafe app, as a matter of policy, to help protect the public.
+ The police issue a data request, such as under the recently passed AABill law, from the Health Department.
The protections around the data only refer to it in two ways: App data, when it is on the phone, or when referencing it in regards to the Data Store in Canberra. Once it leaves, it is no longer protected.
The definitions refer to the data in terms of location, if that location changes, then it's out of those protections.
Unless there's something I've missed entirely in the regulation, there's nothing that says the data loses its restrictions once it moved. Happy to be corrected and pointed to the specific clause, I just don't see it.
Section 3: "COVID app data is data relating to a person that...has been collected or generated through the operation of an app... and is, or has been, stored on a mobile telecommunications device." The data is defined by its origin, not its current location. The protections apply wherever it currently is.
Section 8: "A person must not decrypt encrypted COVID app data that is stored on a mobile telecommunications device"
Using your scenario, part two would be illegal (s8 especially) and the data request in part 3 should be rejected. The bigger problem is that's what _should_ happen. Whether it's enforced is another story...
> Unless there's something I've missed entirely in the regulation, there's nothing that says the data loses its restrictions once it moved.
It isn't explicitly stated, which is the point. We only have the data defined two ways: In the Data Store, and on a phone. Once downloaded from the Data Store, it is outside the definitions used within the bill.
This statement is the big one:
> However, it does not include information obtained, from a source other than the National COVIDSafe Data Store, in the course of undertaking contact tracing by a person employed by, or in the service of, a State or Territory health authority.
If the data was at one time obtained from the Data Store, but this new location is used as a source, it is no longer under the definitions of the bill.
You haven't fully understood what I tried to convey. Whilst it is true that the data can only be copied from the data store for a restrictive reason, such as ensuring the security of the data store, once it is outside that store, it is no longer protected by the limitations.
So this sequence of events is possible, and legal:
+ Data store data is taken off site for a legitimate reason, such as validation, by the correct department.
+ The police upload from a suspect's CovidSafe app, as a matter of policy, to help protect the public.
+ The police issue a data request, such as under the recently passed AABill law, from the Health Department.
The protections around the data only refer to it in two ways: App data, when it is on the phone, or when referencing it in regards to the Data Store in Canberra. Once it leaves, it is no longer protected.
The definitions refer to the data in terms of location, if that location changes, then it's out of those protections.