Have you tried to travel interstate to Western Australia lately? If so, you would have been required to apply for a G2G PASS, designed by Genvis Pty Ltd, an Australian company “specialising in cloud-based programs, data science and artificial intelligence.” A G2G Pass is the functional equivalent of a travel passport.
This opinion piece, in focussing on these contradictions and inconsistencies, seeks to inform its readers of the invasive nature of the application process, which impedes the freedom of movement traditionally associated with living in Australia and equally importantly, potentially violates the privacy rights of Australian citizens. Using the language of the New South Wales Government, this opinion piece examines “the overall proportionality of a policy or project, that is, whether the use of personal information strikes an appropriate balance between the project objectives and the resulting privacy impacts. This is particularly important where individuals do not have a meaningful choice to provide the information”.
The relevant G2G PASS website explains that border controls are in place to limit the spread of Covid-19, and that for that purpose, travellers must present a valid Pass on arrival in Western Australia. To complete the application form, an applicant will need a driver’s licence, passport, or Medicare card. Every application is linked to an email address. Many older people who do not have an email address or are not computer-literate are thus effectively banned from travelling to Western Australia. This is a serious equity issue which is not addressed by the G2G PASS website.
The application process involves the extensive collection of personal information: name, gender, date of birth, residential address, email address, phone number, full legal name of next of kin, driver’s licence, main reason for travel, the applicant’s intended address in Western Australia, airline and flight number, and a biosecurity declaration relating to places visited in the two weeks prior to entry into Western Australia, among others. The application form indicates that “To complete your G2G PASS declaration you will need your driver’s licence, passport or Medicare card.” However, although there appears to be a choice between these three documents, a driver’s licence is the most appropriate document because, unlike a passport or a Medicare card, it contains the current residential address of the applicant, which must be listed on the application form.
The personal information collected is not only used to determine whether the applicant will be allowed to enter Western Australia, but for other purposes as well. The information may be disclosed to the service provider who has designed the G2G PASS, the authorities, “including those with Covid-19 powers and responsibilities (and those helping them) such as the State Emergency Coordinator, the Chief Health Officer and other health authorities; and others – for example, to assist in managing various states of emergency or as required by law.”
The Western Australia Police, which “proudly” brings the G2G PASS to applicants, appears not to hold the information provided in the application form. This is kept by the contractor, Genvis Pty Ltd, a private organisation. However, the WA Police, as the data custodian, is the controlling entity because it apparently controls the use and disclosure of the data and decides what happens to it.
The information is stored by Genvis Pty Ltd using Amazon Web Services. In addition, WA Police “has to (by law) keep your information, even after you have finished any quarantine or isolation – and even after you have deleted the G2G Pass app.” The information thus appears to be stored indefinitely.
Privacy Principle 11 indicates that the onus to delete information which is no longer needed should not be placed on an applicant for a G2G PASS, but rather it should be proactively deleted by the service provider when the collected information is no longer required.
Western Australia’s track record for properly and securely handling personal information is poor, considering there is no privacy law in that State. In this context, the Western Australia Auditor General’s Report, Local Government General Computer Controls, tabled on May 12, 2021, involving an examination of the use of computer systems at 50 local entities, is a timely reminder of this problem. The Auditor General found 328 weaknesses, with 33 considered as significant. She pointed out that “extremely poor general computer controls can result in system breaches, loss of sensitive and confidential information and financial loss.”
The G2G website also states that, “police may prosecute those found to provide false or misleading information.” The WA Police Operation Tide (Covid-19) Command Team emails an intimidating communication to successful applicants of a G2G PASS approximately seven days before they travel to Western Australia. The email reminds travellers that they need to update their G2G application with regards to their proposed route into Western Australia at least two days before their travel, and they are encouraged to download an app which enables Police to check on their quarantine status.
The G2G PASS is a horrendous piece of administrative oppression, which one would not expect in a democratic society but is now foisted upon Australians who are effectively banned from travelling to Western Australia, if they do not have an email address, or fail to consent to the collection, use, disclosure, and retention of their personal information. As such, the G2G PASS is an example of the operation of the Nanny State to control those who seek to enter, and travel within, Western Australia.
Australia urgently needs a sensible national policy on travel passports. What is happening in Western Australia (and Tasmania which also requires the G2G PASS) distorts a person’s basic rights to privacy and the free movement of people in Australia.
Hence, it is important that the G2G PASS be revisited to ascertain its impact on the privacy rights of people, and to ensure that the contradictions and inconsistencies between the various relevant documents are eliminated. Ultimately, the aim of this revision should be to ensure that the G2G PASS “strikes an appropriate balance between the project objectives and the resulting privacy impacts.”
Gabriël A. Moens AM is an emeritus professor of law at The University of Queensland. He served as dean of law and pro vice-chancellor at Murdoch University. He is also the emeritus editor-in-chief of the International Trade and Business Law Review and has taught extensively across Europe, Asia, and North America. He is the author of short stories and a novel on the origins of the Covid-19 virus, “A Twisted Choice”, published by Boolarong Press, 2020.
Got something to add? Join the discussion and comment below.