Home - Consent to provide vaccination status is not nullified by threat to dismiss

UpdatesFeb 03, 2022

Consent to provide vaccination status is not nullified by threat to dismiss

If an employer is an organisation subject to the Privacy Act 1988 (Cth) (which for private sector organisations must mean they have an annual turnover of not less than $3 million), the employer must not do an act or engage in a practice that breaches an Australian Privacy Principle (APP).

Complying with the APPs when collecting vaccination histories

The collection of an employee’s vaccination history brings into play APP 3.3. Vaccination history is sensitive information, and an organisation must not collect sensitive information about an individual unless the requirements set out in APP 3.3(a) and 3.3(a)(ii) are met.

Those requirements are that:

Exceptions are set out in APP 3.4. These are where:

What is valid consent?

The Australian Information Commissioner has expressed the view that consent can be express (e.g. the employee indicates agreement to provide the information either in writing or by spoken words) or implied (e.g. the information is given following implementation of a requirement to do so).

In addition, according to the Commissioner, for consent to be valid, the following requirements must be met:

When is the collection reasonably necessary?

The Australian Information Commissioner states whether collection of vaccination history from employees is reasonably necessary to manage risk of COVID-19 infection in the workplace will depend on public health advice on what vaccination status information is reasonably necessary, along with applicable workplace laws and contractual obligations. If the requirement that the employee be vaccinated is a lawful and reasonable direction, the provision of evidence of their vaccination will be reasonably necessary.

Application in the Fair Work Commission (FWC)

In CFMMEU v BHP Coal (2022), unions contended – on behalf of their members at the Mt Arthur coal mine – that an employee’s consent to supply their vaccination history is vitiated by the employer’s threat that, if they do not consent, they may be disciplined or have their employment terminated.

The unions relied on a previous FWC ruling in Lee v Superior Wood (2019) that a direction in relation to the provision of sensitive information was unlawful and unreasonable because it was contrary to the Privacy Act 1988 (Cth), and stated that any consent by the employee in that case would likely have been vitiated by the threat of termination of his employment.

The FWC rejected this argument in the BHP Coal decision. Unlike the employer in the Lee case, BHP Coal had met all the other applicable APP requirements, and had extensively consulted with the unions and employees about the implementation of the requirement. Employees were not being forced to provide sensitive information. While they may be subject to economic and social pressure to meet the requirement, this is not coercion that overcomes their choice about whether or not to provide the information.

The FWC also concluded the information is reasonably necessary for, or directly related to, one or more of the organisation’s functions or activities. The requirement was being implemented to lessen or prevent a serious threat to the life, health and safety of individuals on worksites, and to public health and safety.

Find out more about the APPs in the Employment Law Practical Handbook chapter Privacy and data protection.


In your cart



View cart
View Cart