Construction, Forestry, Maritime, Mining and Energy Union v BHP Coal Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA

Case

[2022] FWC 81

21 JANUARY 2022


[2022] FWC 81 [Note: a correction has been issued to this document]

FAIR WORK COMMISSION

RECOMMENDATION AND REASONS

Fair Work Act 2009

s.739—Dispute resolution

Construction, Forestry, Maritime, Mining and Energy Union & Ors
v

BHP Coal Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA & Ors

(C2021/8213 & Ors)

DEPUTY PRESIDENT ASBURY

BRISBANE, 21 JANUARY 2022

Applications for Commission to deal with a dispute in accordance with a dispute settlement procedure in enterprise agreements – Consultation on major workplace change – Site Access Requirement that employees are vaccinated against COVID – 19 and provide evidence of vaccination including type of vaccine and date given – Whether Site Access Requirement is a lawful and reasonable direction having regard to the Privacy Act and the right to bodily integrity – Privacy Act and Australian Privacy Principle 3.3 – Whether consent to provide sensitive information in relation to vaccine status is vitiated by coercion or duress in circumstances where non-compliance will result in termination of employment – Whether information verifying vaccination status is reasonably necessary for employer’s functions and activities – Site Access Requirement not unreasonable because if violates right to bodily integrity – Site Access Requirement not unlawful because it breaches Privacy Act – Finding that site access requirement is lawful and reasonable having regard to the Privacy Act and the Right to bodily integrity.

Introduction

  1. On 7 October 2021, employees at Queensland coal mines and related sites, operated by, or related to, the BHP Group of Companies, were informed of the introduction of a Site Access Requirement (SAR) by which they were directed that as a condition of entry to Queensland sites, they would be required, by 31 January 2022, to be fully vaccinated against COVID-19.  The direction also requires that employees provide evidence of their compliance with the SAR by 31 January 2022 including the type of vaccination and the date it was received. 

  1. Applications under s. 739 of the Fair Work Act 2009 (the FW Act) were made by the Construction, Forestry, Maritime, Mining and Energy Union – Mining and Energy Division (CFMMEU), the Communications, Electrical, Electronic, Energy, Information, Postal, Plumbing and Allied Services Union of Australia (CEPU) and the “Automotive, Food, Metals, Engineering, Printing and Kindred Industries Union” known as the Australian Manufacturing Workers’ Union (AMWU) (collectively the Unions/Applicants) for the Fair Work Commission (the Commission) to deal with disputes in accordance with disputes settlement procedures under enterprise agreements applying at mine sites and related operations (the sites) of various entities including BHP Coal Pty Ltd, BHP Billiton Mitsubishi Alliance and Central Queensland Services Pty Ltd (collectively the Respondents). Details of the Respondents, the enterprise agreements under which the disputes are raised and related matter numbers, are set out in Annexure A

  1. Disputes were also raised with other entities – OS ACPM Pty Ltd, OS MCAP Pty Ltd and BMA Rail – and are at earlier stages in the dispute resolution procedures under the instruments applying to employees of those entities.

  1. The CFMMEU and CEPU contend in the Form F10 applications, that the SAR is invalid and of no effect on various grounds, including that it is not reasonably necessary for the performance the employees’ contracts of employment, it is an unreasonable invasion into the privacy of employees, it ignores the prevailing circumstances (namely the degree of risk presented at the workplaces by COVID-19) and ignores other and more effective means to control any risk presented at the workplaces by COVID-19 (for example, rapid antigen testing and other control measures currently in place or that have been in place).  The CFMMEU and CEPU further contend that the SAR amounts to a unilateral variation of the employees’ contracts of employment.

  1. The AMWU similarly contends in its F10 applications that the SAR is not a lawful and reasonable direction as among other things, the Respondents have failed to consult with employees and their representatives before the decision was made to implement the mandate, there is no state-wide public health order requiring mine workers to be vaccinated against COVID-19, there are already COVID-19 control measures at the various mine sites, the SAR was not introduced on the basis of the particular circumstances of employment that apply at each site and the Respondents have not complied with obligations under the Privacy Act 1988 (Cth) (Privacy Act).

  1. Conferences of the parties were held on 10, 15 and 22 December 2021 and 4 and 7 January 2022.  Without departing from their positions, the Unions and the Respondents agreed to a Consultation Plan.  The objective of the Consultation Plan was for employees and their representatives to provide all thoughts, ideas, suggestions and scientific, medical or safety data or other information about the site access requirement, and for the employers to consider all such matters, and what if any, measures to avert or mitigate the effect of the site access requirement should be taken, before making a final decision on its introduction.

  1. At the conclusion of the process established under the Consultation Plan, it was accepted by the Unions that all issues in dispute had been resolved except for issues relating to the rights of employees under the Privacy Act and to bodily integrity with the Unions maintaining that the SAR is invalid on grounds related to these matters.  The parties agreed to seek a Recommendation from the Commission in the form of an answer to the following question: “Is the Site Access Requirement a lawful and reasonable direction or not, having regard to (1) the Privacy Act and (2) the right to bodily integrity?” 

  1. The parties also agreed that the Recommendation would resolve the notified disputes (set out in Annexure A) and disputes involving OS ACPM Pty Ltd, OSMCAP Pty Ltd and BMA Rail.  Further, it was agreed that any party aggrieved by the Recommendation may seek, within 24 hours of the Recommendation, that the disputes be referred to the President for re-allocation to another Commissioner or a Full Bench for arbitration.

  1. In accordance with agreed Directions, the Applicants filed and served submissions by 12.00 pm on Monday 10 January 2022 and the Respondents by 12.00 pm on Tuesday 11 January 2022.  The matter was listed for oral submissions at 5.00 pm on Tuesday 11 January 2022.  The parties also agreed that the proceedings would be conducted on the basis that any material on the Consultation Hub used by the Respondents for the purposes of disseminating information to employees, may be used as evidence for the purposes of answering the question posed for Recommendation.  

  1. All parties were legally represented as of right under the terms of the BMA Enterprise Agreement 2018 and to the extent that it was necessary in relation to disputes notified under other industrial instruments, permission for legal representation was granted on the basis that I was satisfied that it would enable the matter to be dealt with more efficiently, taking into account its complexity. 

  1. The CFMMEU and the CEPU were represented by Mr L Tiley of Hall Payne Lawyers.  The AMWU was represented by Mr P Turner of Maurice Blackburn Lawyers.  The RTBU was represented by Mr L Kennedy.  The Respondents were represented by Mr I Neil SC, with Ms H Blattman of Counsel, instructed by Herbert Smith Freehills.

  1. For the reasons set out below, I have concluded that the answer to the question is: Yes, the Site Access Requirement is a lawful and reasonable direction having regard to the Privacy Act and the right to bodily integrity.

The Mt Arthur Coal decision

  1. In Construction, Forestry, Maritime, Mining and Energy Union, Mr Matthew Howard v Mt Arthur Coal Pty Ltd T/A Mt Arthur Coal[1] (Mr Arthur Coal), a Full Bench constituted by five Members of the Commission, dealt with a dispute about whether a direction to employees of Mt Arthur Coal Pty Ltd, a member of the BHP Group of Companies, in relation to a site access requirement that is in essentially the same terms as the direction in the present case, was lawful and reasonable.  The Full Bench in Mt Arthur Coal answered a question for arbitration finding that the direction was not lawful and reasonable on the basis of failure to consult in accordance with obligations under the Workplace Health and Safety Act 2011 (NSW).  All parties made submissions about the Mt Arthur Coal decision and the effect of the findings of the Full Bench on the matters in dispute in the present case.  It is convenient to deal with those submissions at the outset.

  1. The Respondents submit that the Full Bench decision in Mt Arthur Coal has two classes of findings that are significant in the present case.  These findings are characterised by the Respondents as conclusions of a legal character and findings of fact in relation to medical, scientific and epidemiological justification for the site access requirement. 

  1. With respect to the second category of findings, the Full Bench in Mt Arthur Coal found that the following uncontentious factual propositions (at [29]), were established on the evidence:

1.   COVID-19 involves a high burden of disease, greater than influenza.

2.   Any infected person is at risk of developing serious illness from the virus, which may lead to death.

3.   The risks posed by COVID-19 have changed with the rapid rise of the Delta variant which is more infectious and has more severe health effects than previous variants.

4.   All COVID-19 vaccines currently available in Australia are effective at preventing symptomatic infection, including from the Delta variant.

5.   All COVID-19 vaccines currently available in Australia substantially reduce the risk of serious illness or death, including from the Delta variant.

6.   All COVID-19 vaccines currently available in Australia are safe and any adverse effects are usually mild. There is a much higher risk of developing serious complications and dying from acquiring COVID-19.

7.   An unvaccinated person is more likely to acquire COVID-19 from another unvaccinated person, rather than a vaccinated person.

8.   While other measures, such as mask wearing, and social distancing, are demonstrated to reduce the transmission of COVID-19, the effectiveness of these measures depends on people applying them consistently or correctly. They do not provide a substitute for the constant protection offered by vaccines, nor do they reduce the risk of developing serious illness once somebody acquires an infection.

9.   Vaccination is the most effective and efficient control available to combat the risks posed by COVID-19.

10.    Even with high vaccine rates in the community, COVID-19 will remain a significant hazard in any workplace in which there is a possibility that people will interact or use the same common spaces (even at separate times). The Mine is clearly such a workplace.

[61]       …higher rates of vaccination do not remove the risk of COVID-19 infection for unvaccinated workers. That is because unvaccinated workers are at risk of catching COVID-19 from other unvaccinated workers and fully vaccinated workers, who can acquire COVID-19 and efficiently transmit the disease to others. Indeed, unvaccinated people are more likely to acquire COVID-19 compared with vaccinated people. Further, unvaccinated workers on a work site increase the risk of spreading COVID-19 to vaccinated workers and other unvaccinated workers. In turn, those persons are at risk of spreading COVID- 19 outside the workplace to their families and friends.

[62]       …the rates of infection of COVID-19…throughout Australia, are likely to increase over time as movement restrictions ease, with the result that it is inevitable that everyone who works on the Mine will come into contact with someone – probably many people – who are infected with COVID-19. Witness R5 [an expert medical witness] went on to express his opinion that ‘with reopening the virus will spread through Australia, and [although] the timing in the given locations [is] not exact, but in time it will spread to all locations, and be present in all work places’. When COVID-19 does so spread, those who remain unvaccinated are at greatest risk of acquiring COVID-19, becoming seriously ill or dying from acquiring COVID-19, and infecting other people with whom they come into contact.

[85] We accept that the object and purpose of the [Mt Arthur] Site Access Requirement is to protect the health and safety at work of Mt Arthur’s employees and other people at the Mine.

[252] …The Mt Arthur Site Access Requirement] is directed at ensuring the health and safety of workers of the Mine.

  1. The Full Bench in Mt Arthur Coal found that: “Even with high vaccine rates in the community, COVID-19 will remain a significant hazard in any workplace in which there is a possibility that people will interact or use the same common spaces (even at separate times).” The Respondents submit that each site subject to the SAR is such a workplace.

  1. The Respondents point to the fact that the Applicants do not take issue with the findings made by the Full Bench in Mt Arthur Coal and submit that those findings are manifestly correct. The Respondents also submit that the content of the SAR is identical in every material respect to the site access requirement that was considered by a Full Bench in Mt Arthur Coal.  Further, with one qualification, the reasons and justification for the SAR are also identical in every material respect to those that supported the Mt Arthur SAR. The qualification is that, when Mt Arthur was heard, the Omicron variant of COVID-19 had not been identified in Australia; COVID-19 infections are now at higher rates in Australia than seen throughout the pandemic and a number of positive cases have been identified at the Respondents’ Queensland Mines. The Respondents submit that the subsequent arrival and rapid spread of Omicron is a further reason, in addition to those found in Mt Arthur Coal, that supports the introduction and implementation of the SAR.

  1. In these respects, there is no material distinction between the facts considered by the Full Bench in Mt Arthur Coal, with those in this case.  There is also no challenge in this case to any aspect of the Health and Safety Rationale, and it should be accepted as being factually correct in every respect.  The SAR is supported by the material on the Consultation Hub which is also not disputed.  The SAR is supported by the findings of fact in the Mt Arthur Coal decision at [29] and those findings should be accepted as correct, and applied mutatis mutandis in the present case, on the basis that:

·  They were made after a full hearing by a five-member Full Bench that had been specially constituted to hear and determine challenges to the lawfulness and reasonableness of the Mt Arthur SAR. The Full Bench had the benefit of receiving evidence and submissions from each party and intervenor in those proceedings;

·  The CFMMEU was an applicant in Mt Arthur Coal. The AMWU participated in the hearing as an intervenor, but with the same rights as a party. It led evidence and made submissions;

·  The decision in Mt Arthur Coal, including the findings of fact set out in the previous paragraph, was a focus of consultation about the SAR.[2] No question about the correctness of any of these findings of fact was raised in consultation; and

·  There is no challenge to their correctness in these proceedings.

The SAR

  1. The basis of, and rationale for, the SAR is set out in a communication to employees issued via the Consultation Hub, updated on 6 January 2022, which states in summary that: BHP has an obligation and responsibility to keep workers safe and healthy; COVID-19 remains a significant risk to the Company’s workforce and vaccination remains the most efficient and effective control available to combat the risks posed by COVID-19.  Reference is also made to the removal of harder controls and isolation measures by most State and Territory Governments and that in combination with the emergence of the more transmissible Omicron variant, the likelihood of infection including in the workplace, increases. 

  1. Other relevant matters set out in the communication are that: unvaccinated people have a significantly higher likelihood of serious illness and possibly death if they get COVID-19; Delta strain continues to circulate and there is evidence it causes more severe illness; the more transmissible Omicron is expected to overtake Delta as the predominant strain by early 2022; vaccinated people can still transmit the virus but at a lower rate than those who are unvaccinated; all levels of Government are transitioning away from hard controls; and many BHP workers commute and travel, including to remote and regional areas.[3]

  1. The Respondents submit that these matters are not contested by the Applicants in the present proceedings and the health and safety rationale should be accepted as being factually correct.  In oral submissions the representatives of the Unions clarified that while the Unions do not take issue with the matters set out in the documents explaining the basis of and rationale for the direction in these proceedings, they reserve their rights to do so in any later proceedings.  The Respondent also submits that the communication is consistent with the findings of the Full Bench in Mt Arthur Coal which should be accepted as correct.  I accept that submission and the factual correctness of the health and safety rationale for the SAR.  

  1. The Respondents’ submissions also detail the SAR requirements and the proposal for its implementation.  The information in those submissions is not disputed.  The SAR requires that employees have received two doses of approved COVID – 19 vaccinations.  Employees are also required to provide information to demonstrate their vaccination status.  There are four sources of information that the Respondents will accept as verification of a COVID – 19 Digital Vaccination Certificate.  They are depicted as images on an information sheet issued by BHP and appended to the submissions of the CFMMEU and CEPU as Attachment “A”.  In the order they are set out on the information sheet issued by BHP, the first document is titled “COVID – 19 Digital Certificate”.  The second document is also titled “COVID – 19 Digital Certificate” but is in a in a form which is designed to be saved to a device such as a smart phone.  The third document is titled “International COVID – 19 Certificate”.  The fourth document is titled “Immunisation History Statement”. 

  1. The three documents the Respondents will accept as evidence, titled as Certificates, include the employee’s name, date of birth, vaccine type, both vaccine dose dates and the document number.  In addition to that information, the Immunisation History Statement includes all other immunisations that the holder has received, and the type of vaccine given.  The document number is unique to each Certificate and the Immunisation History Statement and is not connected to the Individual Health Identifier of the holder and does not allow that number to be discovered by reference to the document number.   The Individual Health Identifier of the holder is included on the first, third and fourth document.  It is not included on the Digital Certificate designed to be saved to a device.  However, the Respondent states, and it is not disputed, that it neither requires nor collects the Individual Health Identifier of the document holder.

  1. There are two other forms of COVID – 19 Digital Certificate depicted on the BHP information sheet.  These are also titled “COVID – 19 Digital Certificate”.  The first such certificate (the fifth on the information sheet) is the certificate found on a smart phone application known as the “Check in Queensland app”.  The second such certificate (the fifth on the information sheet) is a certificate which can be accessed via the MyGov or Medicare apps.  These certificates indicate the employee’s name, date of birth and date the certificate is valid from, being the date of the last vaccination. These documents are not accepted by the Respondents as evidencing vaccination status.    

  1. The SAR provides for two means by which employees can provide information evidencing their vaccination status:[4]

(a)   They can upload the information to BHP’s Vaccination Data Capture Portal (Vaccination Portal) on its Digital Work Space (DWS), being BHP’s internal intranet;

(b)   Alternatively, they can visit designated stations on-site at which authorised personnel can sight and record their Vaccination Information.

  1. The Respondents state that in either case, the employee needs either their COVID-19 digital certificate issued by the Federal Government (Vaccination Certificate) or their immunisation history statement. An employee will only have a Vaccination Certificate if they have received two doses of an approved COVID-19 vaccine.  If they have only received a single dose, they will instead have access to an immunisation history statement. In both cases employees are asked whether they give their express consent to the collection of the information via the following consent notice. If an employee does not consent the information is not collected.

“Declaration and Consent

To keep you and our workforce safe and healthy BHP wishes to collect and process information about your COVID-19 vaccination status. This will assist us to plan for the future and escalate or de-escalate our COVID-19 controls and enable us to make decisions about workplace and site access in order to protect you and other BHP workers against COVID-19 infection risk.

By [checking the box], you consent to BHP:

1. collecting and processing information about your COVID-19 vaccination status for the purposes described above; and
2. where necessary, disclosing this information to third parties (health, security, site access and travel service providers); and
3. storing this information in BHP systems in line with our Global Privacy Notice for BHP Workers.

Giving your consent is voluntary and you are free to withdraw, alter or restrict your consent at any time by notifying BHP in writing. However, it would be helpful for you to share your vaccination status with us, as it will assist BHP to identify controls to continue to keep our workers as safe and healthy as possible. Without access to this information, we may assume that you have not received the COVID-19 vaccine for the purpose of our controls, including workplace entry controls.

We will manage all of your information in accordance with privacy laws. Your information will be stored securely and only accessible by the BHP Health Team. For more about BHP privacy management practices, and about your rights in relation to information held by BHP, please see the Global Privacy Notice for BHP Workers and Our Requirements for Information Governance and Controlled Documents.”

  1. To upload proof of their vaccination status employees are able to click on a link on the Vaccination Portal and download and complete a “COVID-19 Vaccination Form” (Vaccination Form).  On the Vaccination Form, employees enter their name, date of birth, BHP employee number, date of their COVID-19 vaccine dose(s), the type of vaccine they had (i.e. Pfizer, AstraZeneca, or Moderna) and the document ID of either their Vaccination Certificate or immunisation history statement (together, the Vaccination Information). The document ID refers only to the Vaccination Certificate or immunisation history statement. It is not the employee’s Individual Health Identifier number and does not enable that number to be identified. The employee also attaches a copy of either their Vaccination Certificate or their immunisation history statement.[5]

  1. The Vaccination Form makes clear that consent is voluntary and can be withdrawn at any time and requests employees to express their consent by ticking a box marked: “I agree”.[6] If employees do not indicate agreement in this manner, they will not be able to submit through the Vaccination Portal and therefore no record is created in the Vaccination Portal or the Cority database, used by BHP to record health and safety hygiene data. 

  1. As an alternative to submitting the Vaccination Form via the Vaccination Portal, employees can give their Vaccination Information in person to a BHP Health Team member at site. The process involves the Health Team member reading out the consent notice set out on the Vaccination Form,[7] including that consent is voluntary and employees are free to withdraw, alter or restrict their consent at any time by notifying BHP in writing.  Employee orally confirm consent and provide the Vaccination Information by showing the Vaccination Certificate or immunisation history statement to the BHP Health Team member, who uses it to verify the Vaccination Information, but without taking a copy of the document and the Health Team member inputs only the Vaccination Information into Cority.[8]

  1. Other relevant implications of the SAR are that employees who cannot comply with a site access requirement on the date that it becomes effective will be stood down on unpaid leave. Those who cannot comply with the SAR without reasonable excuse will be asked to show cause why their employment should not be terminated.”[9]  Further, it is stated that if employees do not provide access to their vaccination status, BHP “may assume that you [the employee] have not received the Covid-19 vaccine for the purpose of this critical control.”[10]

The Unions’ cases

  1. The structure of the case advanced by the CFMMEU and the CEPU is that the primary argument is based on the Privacy Act issue and the alternative argument relies on the bodily integrity issue. In relation to the bodily integrity issue, it is not asserted by the CFMMEU and the CEPU that the effect the SAR has on bodily integrity is, of itself, sufficient to make the site access requirement unreasonable.  Rather, the argument advanced on behalf of the CFMMEU and the CEPU is that taken together, the contravention of the Privacy Act and the effect that the SAR has on bodily integrity cumulatively tips the balance against the reasonableness of the SAR.  The AMWU’s position is that the privacy issue and the bodily integrity issue must be weighed in considering whether the SAR is lawful and reasonable.

  1. The Unions’ submissions all point to the fact that there is nothing in public health orders, the industrial instruments or the express terms in the employees’ contracts that would provide the legal basis for the SAR.  It follows that the basis for the SAR must derive from the term implied into all contracts of employment to the effect that employees must follow the lawful and reasonable directions of their employer. Such a term is implied by law, in the absence of a contrary intention by the parties.  In Mt Arthur Coal the Full Bench accepted that a direction must be lawful and reasonable for an employee to be obliged to follow it.[11]

  1. The seminal decision referred to by the Unions concerning the requirement of employees to follow lawful and reasonable directions of their employer, is R v Darling Island Stevedoring & Lighterage Co Ltd; Ex parte Halliday[12] (Darling Island Stevedoring) in which Dixon J summarised the common law position as follows:

“Naturally enough the award adopted the standard or test by which the common law determines the lawfulness of a command or direction given by a master to a servant. If a command relates to the subject matter of the employment and involves no illegality, the obligation of the servant to obey it depends at common law upon its being reasonable.

In other words, the lawful commands of an employer which an employee must obey are those which fall within the scope of the contract of service and are reasonable.”

  1. The CFMMEU and CEPU contend that the meaning of the word “lawful”, in the context of “lawful and reasonable” is elusive, but point to the following definitions in the Macquarie Dictionary (3rd edition) which should be adopted for the purpose of the Recommendation:

·  Legal appointed, established or authorised by law; deriving authority from law.

·  Illegal not legal; unauthorised.

·  Unlawful Not lawful; contrary to law; illegal; not sanctioned by law.

·  Lawful allowed or permitted by law; not contrary to law.

  1. The above definitions demonstrate that there is no material difference between legal/lawful on the one hand and illegal/unlawful on the other. It is a false dichotomy to suggest that, for example, illegality is concerned with the criminal law whereas unlawfulness is concerned with the civil law. The terms lawful and legal (and their negative equivalents) can and should be used synonymously.

  1. The CFMMEU and CEPU further note that obviously enough, a direction will not be lawful if it is unlawful. The direction will be unlawful if it involves, as a constituent part, a failure to comply with applicable legislation. As the above definitions demonstrate, whether the legislative breach is one which attracts a civil penalty or some other remedy, is of no moment.

  1. The AMWU highlights that a direction must be both lawful and reasonable, and that as the Federal Court observed in McManus v Scott-Charlton[13]:

“Questions of illegality and reasonableness apart, the alternate formulations of lawfulness proposed by Dixon J are that the command “relates to the subject matter of the employment” or falls “within the scope of the contract of service”. It is clear that these were intended to be synonymous in the limitation they expressed.

The need for some such limitation is patent: employment does not entail the total subordination of an employee's autonomy to the commands of the employer.  As was said by the President in Australian Tramway Employees' Association v Brisbane Tramways Co Ltd (1912) 6 CAR 35 at 42:

“A servant has to obey lawful commands, not all commands. The servant does not commit a breach of duty if he refuse to attend a particular church, or to wear a certain maker's singlets. The common law right of an employee is a right to wear what he chooses, to act as he chooses, in matters not affecting his work.”

There are obvious, and powerful, considerations of civil rights and liberties and of due process which inform this. These need not be laboured here although they are of no little significance in the resolution of this case.”[14]

  1. Further, the AMWU cited the principle that the reasonableness and proportionality of a direction ought be assessed on a case-by-case basis as observed by the Full Bench in Mt Arthur Coal:

“[259] The reasonableness of a direction is a question of fact having regard to all the circumstances, which may include whether or not the employer has complied with any relevant consultation obligations; the nature of the particular employment; the established usages affecting the employment; the common practices that exist; and the general provisions of any instrument governing the relationship.”[15]

  1. The CFMMEU and the CEPU contend that as in the Mt Arthur Coal case, where a direction involves one aspect of unreasonableness it is rendered wholly invalid.  It is also contended that the SAR is “replete with unlawfulness and unreasonableness” having regard to the Privacy Act issue and that on this basis alone, the Commission should conclude that the direction is invalid.  Alternatively, the Commission should reach the conclusion that the direction is invalid having regard to the cumulative effect of the Privacy Act issue and the issue of bodily integrity. 

  1. The AMWU submits that while many matters which might reasonably be said to bear on the question of lawfulness and reasonableness were canvassed in Mt Arthur Coal, and it does not cavil with matters where the Full Bench made findings, the Privacy Act issue and the bodily integrity issue were not dealt with to finality in that case. These matters are of concern to AMWU members and must be weighed in considering whether the SAR is lawful and reasonable, a matter that was not dealt with in Mt Arthur Coal. 

  1. The Respondents contend that premise that the SAR is a breach of the Privacy Act is of critical importance, particularly to the case advanced by the CFMMEU and the CEPU, with the result that if the argument based on the Privacy Act fails, the case advanced by those Unions falls away.  It is convenient to deal first with the bodily integrity issue.

The bodily integrity issue 

Union submissions

  1. The CFMMEU and CEPU adopt and support the AMWU’s position on the issue of bodily integrity.  The CFMMEU and the CEPU also contend that the SAR is replete with unlawfulness and unreasonableness, having regard to the Privacy Act.  On this basis alone, the Commission should conclude that the direction is invalid.  Alternatively, the Commission should reach the conclusion that the direction is invalid having regard, cumulatively, to the bodily integrity issue and the Privacy Act issue.  As was the case in Mt Arthur Coal, where a direction involves one aspect of unreasonableness, it will be rendered wholly invalid. The CFMMEU and CEPU submit that the same applies to unlawfulness.

  1. The AMWU’s position is that the Commission should issue a recommendation concluding that the SAR is not a lawful and reasonable direction having regard to the Privacy Act and the right to bodily integrity.  The AMWU submits that employees subject to the SAR have a right to bodily integrity at common law.[16]  Considerations of civil rights and liberties inform the limitations on the capacity of an employer to direct its employees.[17]

  1. The AMWU contends that it ought be uncontroversial, as it was in Mt Arthur Coal, that absent medical contraindications, the choice for employees is between being vaccinated and continuing to be employed by their employer.[18]  The AMWU submits that the pressure being applied to employees to give up their bodily integrity and to cede a civil right, when otherwise they would not wish to do so, is a matter that is relevant in an assessment of the reasonableness of the direction.

  1. The AMWU referred to the statement of the Full Bench in Mt Arthur Coal that:

[223] The practical effect of the Site Access Requirement is to apply pressure to employees to surrender their bodily integrity (by undergoing medical treatment) in circumstances where they would prefer not to do so. In our view, this is plainly a relevant matter in assessing the reasonableness of the direction. However, we also accept that this factor is not determinative of the question of reasonableness; it is a consideration to be weighed in the balance with the other relevant considerations…”[19]

  1. The AMWU submits that the significant pressure exerted by the Respondents upon employees to forfeit their right to bodily integrity is a matter which weighs against a conclusion that the SAR is a reasonable direction.  It is a matter which alongside the Respondents’ breaches of the Privacy Act, leads to a conclusion that the direction is unreasonable.

  1. In oral submissions the AMWU clarified that it is not contended that the right to bodily integrity is violated by the SAR and thereby the direction is rendered unlawful.  Rather, consistent with the decision in Mt Arthur Coal the AMWU submits that the practical effect of the SAR is that employees are forced to choose between getting vaccinated where they do not wish to do so or losing their job.  This pressure goes to the reasonableness of the direction, and it is a matter to be weighed in the balance alongside what the AMWU asserts is a breach of the Privacy Act.

Respondents’ submissions

  1. The Respondents accept in Mt Arthur Coal that there was a common law right to bodily integrity,[20] and make the same concession in the present matters. In Mt Arthur Coal the Full Bench held that the right to bodily integrity consisted of “the right to an individual to choose what occurs with respect to his or her own person.”[21]

  1. The Respondents contend that the question in these disputes is whether that right is violated by the SAR.  The same question was put in issue in Mt Arthur Coal.[22] The Full Bench held that the right to bodily integrity was not violated by the Mt Arthur SAR, because:

·     It did not purport to confer authority on anyone to perform a medical procedure on anyone else;[23] and

·     It did not involve coercion in the legal sense, such as would vitiate an employee’s consent to be vaccinated.[24]

  1. The same conclusions should be applied to the SAR in these disputes, for the following four reasons.  First, as the content of the SAR is materially identical to that of the Mt Arthur SAR, there is no material basis on which to distinguish them.  Second, although, as a non-judicial body, the Commission is not bound by the doctrine of precedent,[25] as a matter of policy and sound administration it and its predecessors have generally followed previous Full Bench decisions relating to the issue to be determined, in the absence of cogent reasons for not doing so.[26] Here, there are no such reasons.  Third, the Respondents submitted that there are cogent reasons for the Commission as presently constituted to follow and apply the conclusions in Mt Arthur Coal in respect of bodily integrity on the basis that:

·The decision is manifestly correct;[27]

·The Full Bench cited in support of its conclusions a passage from the first instance decision of the New South Wales Supreme Court in Kassam v Hazzard.[28] That aspect of Kassam has subsequently been confirmed on appeal by the New South Wales Court of Appeal.[29]

  1. Fourth, and independently of the first three reasons, the Respondents contend that it would be an abuse of process if the Applicants were to seek to reagitate in these issues that were conclusively resolved in Mt Arthur[30] and they should not be heard to do so.

  1. According to the Respondents, once the conclusions of the Full Bench in Mt Arthur Coal are applied in the present case, it necessarily follows that the SAR is not unlawful because of its effect on bodily integrity.  The same process of reasoning was applied in Mt Arthur Coal where the Full Bench held that the Mt Arthur SAR was prima facie lawful.[31] It did so notwithstanding that it recognised that “[t]he practical effect of the [Mt Arthur] Site Access Requirement is to apply pressure to employees to surrender their bodily integrity (by undergoing medical treatment) in circumstances where they would prefer not to do so.”[32] Plainly, the Full Bench did not consider that this rendered the Mt Arthur SAR unlawful.  The Respondents’ position is that the same conclusion should be applied to the Queensland SAR.

  1. In Mt Arthur Coal the Full Bench held that the practical effect of the Mt Arthur SAR was a relevant matter in assessing the reasonableness of the direction. However, the Respondents also accept that this factor is not determinative of the question of reasonableness; it is a consideration to be weighed in the balance with the other relevant considerations.’[33] The Respondents’ view is that the same conclusions should be applied to the SAR.  The Respondents submit that the following considerations are relevant, and together substantially outweigh the fact that the practical effect of the SAR is to apply pressure to employees to surrender their bodily integrity by being vaccinated in circumstances where some of them may prefer not to do so.

  1. First, the Respondents referred to Mt Arthur Coal where the Full Bench made the following finding:

“We note that there are a range of considerations which otherwise weighed in favour of a finding that the Site Access Requirement was reasonable, including that:

1. It is directed at ensuring the health and safety of workers of the Mine.
2. It has a logical and understandable basis.
3. It is a reasonably proportionate response to the risk created by COVID- 19.
4. It was developed having regard to the circumstances at the Mine, including the fact that Mine workers cannot work from home and come into contact with other workers whilst at work.
5. The timing for its commencement was determined by reference to circumstances pertaining to NSW and the local area at the relevant time.
6. It was only implemented after Mt Arthur spent a considerable amount of time encouraging vaccination and setting up a vaccination hub for workers at the Mine.”[34]

  1. Consistent with the Respondents’ submissions that the factual findings in Mt Arthur Coal regarding the COVID-19 disease should be accepted in these disputes, these findings should be applied, mutatis mutandis, to the SAR.

  1. Second, the Respondents submit that the Full Bench’s reference in the passage quoted in the previous paragraph to the “health and safety of workers” was no doubt intended to take up the findings of fact set out in paragraph [29] of the Mt Arthur Coal decision in relation to COVID – 19, which are a powerful factor supporting the reasonableness of the SAR, just as they were for the Mt Arthur SAR.

  1. Third, all the Respondents are subject to statutory obligations to manage health and safety at their workplaces, and employees are subject to correlative duties to protect their own health and safety and that of other workers. For example, section 39(1)(c) of the Coal Mining Safety and Health Act 1999 (Qld) (CMSH Act) requires a coal mine worker to take any “reasonable and necessary course of action to ensure anyone is not exposed to an unacceptable level of risk”. That requirement in section 39(1)(c) of the CMSH Act encompasses, as held in Grant v BHP Coal Pty Ltd,[35] the imposition of conditions that may constitute an intrusion on the person. The facts and matters set out in the Health and Safety Rationale, the documents supporting that rationale, and the findings of fact made by the Full Bench in Mt Arthur Coal, all demonstrate that the SAR is directed to compliance with the Respondents’ statutory and common law obligations to protect health and safety at the workplace. The Respondents submitted that the obligations, and the correlative rights that they create, are another powerful factor supporting the reasonableness of the SAR.

  1. Fourth, the most important consideration supporting the conclusion in Mt Arthur Coal that the Mt Arthur SAR was unreasonable was deficiencies in consultation.[36] This consideration has no application to these disputes. There has been fulsome consultation. Employees who have views regarding vaccination as a SAR have been heard, they have been consulted, and their views have been taken into account.[37]  It follows that the balancing exercise identified in Mt Arthur weighs conclusively in favour of the reasonableness of the SAR.

The Privacy Act issue

Relevant provisions of the Privacy Act

  1. The provisions of the Privacy Act which were the focus of submissions and are relevant to the matters in dispute, are set out below.  The objects of the Privacy Act set out in s. 2A are as follows:

“The objects of this Act are:

(a)     to promote the protection of the privacy of individuals; and

(b)    to recognise that the protection of the privacy of individuals is balanced with the interests of entities in carrying out their functions or activities; and

(c)     to provide the basis for nationally consistent regulation of privacy and the handling of personal information; and

(d)    to promote responsible and transparent handling of personal information by entities; and

(e)     to facilitate an efficient credit reporting system while ensuring that the privacy of individuals is respected; and

(f)   to facilitate the free flow of information across national borders while ensuring that the privacy of individuals is respected; and

(g)    to provide a means for individuals to complain about an alleged interference with their privacy; and

(h)    to implement Australia's international obligation in relation to privacy.”

  1. Section 6 Interpretation, contains the following definitions:

collects”: an entity collects personal information only if the entity collects the personal information for inclusion in a record or generally available publication.

consent”means express consent or implied consent.

record” includes:

(a) a document; or
(b) an electronic or other device”…

  1. Section 14 explains that the Australian Privacy Principles (APP) are set out in the clauses of Schedule 1 to the Privacy Act. Section 15 provides that APP entities, which by virtue of the definition in s. 6C are organisations including bodies corporate, must not do an act or engage in a practice that breaches an Australian Privacy Principle. Principles 3.3 and 3.4 relevantly provide:

“3  Australian Privacy Principle 3—collection of solicited personal information

Sensitive information

3.3  An APP entity must not collect sensitive information about an individual unless:

(a)  the individual consents to the collection of the information and:

(i)if the entity is an agency—the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or

(ii)if the entity is an organisation—the information is reasonably necessary for one or more of the entity’s functions or activities; or

(b)    subclause 3.4 applies in relation to the information.

3.4  This subclause applies in relation to sensitive information about an individual if:

(a)     the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or

(b)    a permitted general situation exists in relation to the collection of the information by the APP entity; or …

Note: For permitted general situation, see section 16A. For permitted health situation, see section 16B.”

  1. Section 16A of the Privacy Act concerns permitted general situations in relation to the collection, use or disclosure of personal information.  The provision is set out in tabular form and the present dispute relates to item 1 in the table as follows:

“16A - Permitted general situations in relation to the collection, use or disclosure of personal information

(1)    A permitted general situation exists in relation to the collection, use or disclosure by an APP entity of personal information about an individual, or of a government related identifier of an individual, if:

(a)     the entity is an entity of a kind specified in an item in column 1 of the table; and

(b)    the item in column 2 of the table applies to the information or identifier; and

(c)     such conditions as are specified in the item in column 3 of the table are satisfied.”

Permitted general situations

Item Column 1
Kind of entity
Column 2
Item applies to
Column 3
Condition(s)
1 APP entity

(a) personal information; or

(b) a government related identifier.

(a) it is unreasonable or impracticable to obtain the individual's consent to the collection, use or disclosure; and

(b) the entity reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

  1. In relation to breach of an Australian Privacy Principle, s. 6A(1) provides:

6A - Breach of an Australian Privacy Principle

(1) For the purposes of this Act, an act or practice breachesan Australian Privacy Principle if, and only if, it is contrary to, or inconsistent with, that principle.

  1. It is not disputed that the Respondents have responsibilities under the Privacy Act. The Respondents are organisations as defined in s.6C of the Privacy Act and therefore each is an “APP entity”,[38] and is required to comply with the Australian Privacy Principles (APPs) in relation to collection of personal information from the Employees.[39] It is also not disputed that the direction provides for the Respondents to collect personal information of employees for inclusion in a record, and that the information is sensitive information as defined in the Privacy Act.[40]

  1. The Full Bench in Mt Arthur Coal set out the following summary of the relevant Privacy Act provisions which I adopt. 

[207]     … An APP entity ‘collects’ personal information ‘only if the entity collects the personal information for inclusion in a record or generally available publication’.  A ‘record’ includes a document or an electronic or other device.  An APP entity must collect personal information only by fair and lawful means. 

[208]     APP 3.3 provides that an APP entity that is an organisation must not collect ‘sensitive information’ about an individual unless the individual consents and the information is reasonably necessary for one or more of the organisation’s functions or activities. ‘Sensitive information’ includes health information about an individual, which would include information about a person’s vaccination status. The requirement to have consent to the collection of sensitive information in APP 3.3. is subject to the exceptions in APP 3.4, which include:

·where the collection of the information is required or authorised by an Australian law.  This could include where required under public health orders or directions,  and

·where the APP entity is an organisation, and a permitted general situation exists in relation to the collection of information by the APP entity.  This includes where the APP entity reasonably believes that the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

[209] ‘Consent’ in APP 3.3. means ‘express or implied consent’. The Australian Privacy Principles Guidelines issued by the Australian Information Commissioner under s.28(1) of the Privacy Act explain:

‘… The four key elements of consent are:

•           the individual is adequately informed before giving consent

•           the individual gives consent voluntarily

•           the consent is current and specific, and

•           the individual has the capacity to understand and communicate their consent.’

  1. The Full Bench in Mt Arthur Coal also set out the following guidance issued by the Office of the Australian Information Commissioner on COVID-19 vaccinations and privacy obligations explains:

“Consent to collecting vaccination status information must be freely given and constitute valid consent. You must make sure that your employees understand why you need to collect this information, what you will use it for, and give them a genuine opportunity to provide or withhold consent. You should exercise caution in seeking consent in these circumstances given the imbalance of power in the employment relationship that may cause employees to feel pressured or obligated to provide their consent.

Public health advice will be useful to inform what information, including vaccination status information, is reasonably necessary to prevent or manage COVID-19. Applicable workplace laws and contractual obligations will also influence whether the collection of vaccination status information would be considered reasonably necessary for your activities or functions.

Where you have provided a lawful and reasonable direction to your employee to be vaccinated, you can also ask your employee to provide evidence of their vaccination if you are satisfied that this is reasonably necessary and you have obtained the employee’s consent.”

CFMMEU and CEPU submissions

  1. The Respondents have said they are not content to simply sight, but not collect, employees’ vaccination status. The CFMMEU and the CEPU submit that the document published by the Respondents on 6 January 2021 entitled “COVID-19 Digital Vaccination Certificate Verification” (Vaccination Verification Document), ostensibly directed at the second method of verification, makes apparent that the material sought to be collected by the Respondents travels beyond whether the employee is vaccinated. The Respondents also seek vaccine type, both vaccine dose dates and document number.

  1. Both methods available to employees to verify vaccination status require the collection by the employer of sensitive information. Both methods purportedly require employees to consent to the collection of their sensitive information.  Putting to one side the question of reasonable necessity, the CFMMEU and CEPU contend that the direction falls at the first hurdle and that any consent an employee may supply is vitiated by the threat that, if they do not consent, they may be disciplined or have their employment terminated.[41]  Reference is made to the decision of a Full Bench of the Commission in Lee v Superior Wood[42] where a Full Bench of the Commission found that a direction in relation to the provision of sensitive information was unlawful and unreasonable because it was contrary to the Privacy Act and stated that any consent by the employee in that case would likely have been vitiated by the threat of termination of his employment.  

  1. Applying this conclusion to the present case, the CFMMEU and the CEPU contend that it can hardly be described as valid consent in circumstances where an employee (who wishes to convey vaccination status) has no alternative available to verify vaccination status that does not involve the collection of sensitive information.

  1. The CFMMEU and CEPU pose the rhetorical question as to why the “show the green tick” method of establishing vaccination status is good enough for the State of Queensland when a coal miner enters the Blackwater Hotel, but not good enough for BHP when a coal miner enters the Blackwater Mine?  The CFMMEU and CEPU submit that these curious methods of verifying vaccination status invite consideration of whether the test of “reasonable necessity” in APP 3.3 is met. Importantly, APP 3.3 is not concerned with whether the vaccination requirement is reasonably necessary, but rather, whether the collection of sensitive information is reasonably necessary.

  1. The CFMMEU and CEPU submissions set out various forms of Vaccination Verification Document which may be utilised and assert that there are suitable alternatives that are open to the Respondents and which would comply with the Privacy Act. These include, at least, the “Check in Queensland” app and the presentation of an employee’s COVID – 19 Digital Certificate which does not contain sensitive information.  According to the CFMMEU and the CEPU, the mere availability of these alternative methods demonstrates that the methods nominated by the Respondents are not reasonably necessary.

  1. Insofar as the Respondents assert that they need to collect the sensitive information in order to interrogate its accuracy, that argument fails for three reasons.  Firstly, one should not presume that employees will engage in vaccine certificate fraud, which would be serious misconduct if not a criminal offence.  Secondly, given the nature of the information, it is not as if the provision of the additional sensitive information (which is presumably no less susceptible to fraud) would in practical terms enable the Respondents to take any real steps to interrogate its accuracy: an employer can hardly ask an employee’s doctor whether they gave a particular patient a particular vaccine on a particular date.  Thirdly, most importantly, there are other and more effective means of addressing this concern: an employer with a proper basis to doubt the information provided could direct an employee to provide better evidence of their vaccination status (without directing the collection of sensitive information), for example, by the employee obtaining an appropriately worded medical certificate.

  1. The CFMMEU and CEPU’s position is that the two methods of verifying vaccination status that are embedded within the direction are not fit for purpose. The concerns go to the information sought (more than whether vaccinated) and the way in which it must be provided (collected not sighted).  The CFMMEU and CEPU submit that these methods do not comply with the Privacy Act in respect of consent nor in respect of reasonable necessity. They are in that sense unlawful which means the direction cannot be a lawful one. It is therefore also unreasonable.

  1. Further, the CFMMEU and CEPU submit that a vaccinated employee who wishes to demonstrate their vaccination status to their employer, but who does not consent to the employer collecting their sensitive information, is left in an invidious position.  They are unable to comply with the direction as articulated.  This unfair and absurd situation is another reason why the direction is unreasonable.  Similarly, the direction is unreasonable for such an employee because it involves “substantial danger”[43] to the employee, namely the risk of their sensitive information being misused after it is collected, for example identity fraud. 

  1. In oral submissions the CFMMEU and the CEPU confirmed that for the purpose of the hearing and the Recommendation sought, the health and safety rationale that goes behind the SAR and the direction is not disputed but reserve their position in relation to whether those matters may be disputed in other proceedings.  Notwithstanding this concession, it was contended that the Respondents had not established any cogent reason why the collection and storage of information would enable them to manage their COVID – 19 situation.  The SAR is about site access and not the collection of information to service the requirement. 

  1. The Respondents have also not established how alternative methods of implementing the SAR would cause unjustifiable hardship.  The Respondents are well resourced organisations.  There is no suggestion that gates to the sites are unmanned and the CFMMEU’s proposal for checking vaccination status visually, only applies to those employees who do not consent to the collection of sensitive information in relation to their vaccination status.  Further, the impost on the Respondents of the methods proposed as an alternative to the SAR, is not outweighed by the primacy of the employees’ statutory right to privacy, including their right to withhold consent to the provision of their sensitive information.

  1. In relation to the Respondents’ assertion that the information is necessary to prevent fraud, the CFMMEU and the CEPU submit that justification on this basis is premature, and the Respondents have ample means to deal with this issue if fraud is suspected and does not require to pre-emptively collect information before fraud arises.  The Respondents’ submission that the information will assist checking the vaccination register, proceeds on a false premise as it is the understanding of the CFMMEU and CEPU that an employer or third party cannot search the Australian Immunisation Register.   If there is a sound, defensible or well-grounded suspicion that an employee’s certificate is fraudulent, the employee can substantiate vaccination by taking steps including providing a certificate from the medical practitioner who administered the vaccination.  In response to a question from me, Mr Tiley agreed that the issue the CFMMEU and the CEPU raise is that the information could be sighted by the Respondents but not recorded and that there should be no collection of any vaccination data, other than by consent.

  1. In response to the assertion that the concerns raised in the CFMMEU and CEPU submissions are hypothetical, it is stated that there are three categories of employees whose views are relevant to the privacy issue:  those who are vaccinated and willing to consent to the collection of their data; employees who are vaccinated and have consented under protest to their data being collected and employees who are vaccinated and do not consent to their data being collected.  The two latter categories are real people with a real problem and their circumstances are far from hypothetical.

  1. It was also contended that the argument is not that consent is vitiated by duress because of threat of termination, but rather that there is no consent in such circumstances.  While there is no express threat of termination if consent is not provided, if employees want to access the workplace and work, and if they do not want to be treated as unvaccinated, they must waive their rights to privacy.  On any view, employees in such circumstances cannot be described as making a choice.  In this regard, reliance is placed on the decision of a Full Bench of the Commission in Lee v Superior Wood[44] and the Respondent’s assertion that the passage cited by the CFMMEU and the CEPU is obiter should not be accepted. 

  1. It was also submitted that if the Commission is against the CFMMEU and the CEPU on the requirements in s. 16A(1)(a) of the Privacy Act about obtaining consent of employees being unreasonable or impracticable, the Respondents have not made out the requirement in (b) that the entity reasonably believes that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.  This requires more than a threat of fraud or that it would be convenient for employees to provide the requested information. 

  1. The CFMMEU and the CEPU maintain that the Full Bench in Mt Arthur Coal did not decide the privacy issue, and half-hearted attempts by the Respondents to suggest otherwise, should not be accepted.  Finally, in relation to the consequences of failure to comply with the Privacy Act, it is submitted that the availability of a cause of action for a breach is not required before there would be a breach in the requisite sense and whether a provision of an Act is enforceable by way of a civil penalty or not, makes no difference in relation to unlawfulness.  The question is whether there is a legal obligation that is not being met.  The CFMMEU and CEPU further submit that in Mt Arthur Coal the Full Bench found that a failure to comply with a statutory obligation to consult about the direction made it unreasonable.  In the present case, the direction is both unlawful and unreasonable, but even if unlawfulness is unable to be made out in the way contended for by the Respondents, the direction is still unreasonable, and this is sufficient to render it invalid.

  1. In relation to the Respondents’ obligations under the CMSH Act, the CFMMEU and the CEPU submit that while that CMSH Act may have much to say about the necessity or otherwise of certain measures to address the risk presented by disease, and one of them may be vaccination, this does not address how it is necessary to collect sensitive information to manage that risk.  

AMWU Submissions

  1. The AMWU submits that in Mt Arthur Coal the Full Bench was unable to reach a concluded view about whether the Respondent had breached its privacy obligations.  After setting out the relevant provisions of the Privacy Act and APPs, the AMWU referred to information provided by the OAIC as set out by the Full Bench in Mt Arthur Coal[45] and additional advice from that source that:

·  Employers can only collect information about employee’s vaccination status in particular circumstances where the employee consents and the collection is reasonably necessary for your workplaces’ functions and activities.

·  You must have clear and justifiable reasons for collecting employee vaccination status information for it to be reasonably necessary. If you do not have clear and justifiable reasons, you should not collect vaccination status information.

·  You can collect vaccination status information without consent only in circumstances where the collection is required or authorised by law (including a state or territory public health order or direction).

·  Only the minimum amount of personal information reasonably necessary to maintain a safe workplace should be collected, used or disclosed.

·  Vaccination status information should only be used or disclosed on a ‘need-to-know’ basis.

·  You must inform employees about how their vaccination status information will be handled.

·  Ensure you take reasonable steps to keep employee vaccination status and related health information secure.[46]

  1. The AMWU also submits that to be voluntary, an individual must have a genuine opportunity to provide or withhold consent and consent will not be voluntary where there is duress, coercion or pressure that could overpower the person’s will.[47]  The following factors are relevant to deciding whether consent is voluntary:

·  the alternatives open to the individual, if they choose not to consent

·  the seriousness of any consequences if an individual refuses to consent

·  any adverse consequences for family members or associates of the individual if the individual refuses to consent.”

  1. The AMWU also referred to the decision in Lee v Superior Wood Pty Ltd[48] (Lee), where the Full Bench found that any “consent” given for the purposes of APP 3.3, where an individual is faced with the prospect of discipline or dismissal, would likely have been vitiated by the threat of discipline or dismissal and would not have been genuine,[49] and submitted that this approach should be applied in the present case.

  1. The AMWU contends that the practical effect of the SAR, is that employees must consent to the collection of sensitive information about their vaccination status or face the threat of dismissal or disciplinary action. The consequences of the refusal of consent and the attendant loss of employment for these workers are serious and may include loss of income, dignity and self-worth. The AMWU’s position is that any “consent” for the purposes of the statutory scheme of the Privacy Act and APP 3.3, having regard to the APP Guidelines and Lee, cannot therefore be voluntary.

  1. In relation to whether the collection of sensitive information is “reasonably necessary” the AMWU refers to the APP Guidelines which relevantly provide:

“B.114 The ‘reasonably necessary’ test is an objective test: whether a reasonable person who is properly informed would agree that the collection, use or disclosure is necessary. It is the responsibility of an APP entity to be able to justify that the particular collection, use or disclosure is reasonably necessary.

B.115 The test must be applied in a practical sense. For example, under APP 3 if an entity cannot in practice effectively pursue a function or activity without collecting personal information, the collection would usually be considered reasonably necessary for that function or activity. However, a collection, use or disclosure of personal information will not usually be considered reasonably necessary if there are reasonable alternatives available, for example, if de-identified information would be sufficient for the function or activity.

B.116 An APP entity cannot rely solely on normal business practice in assessing whether a collection, use or disclosure is reasonably necessary. The primary issue is whether, in the circumstances of a particular entity, a collection, use or disclosure is reasonably necessary for a particular function or activity.”[50]

  1. The AMWU submits that the Respondents have not justified how it is reasonably necessary for one or more of their functions or activities to collect the sensitive information that is employees’ vaccination status. The AMWU further submits that no statute, public health order or direction requires the vaccination of these employees or the collection of their vaccination status.

  1. The AMWU’s position is that there are reasonable alternatives to the collection of sensitive information available, in use in many other contexts currently, which would not involve the collection of sensitive information – for example, displaying a vaccine certificate at entry, but no collection or record being created, as is presently required in Queensland to access a bar or café.  The AMWU submits that mere apprehensions about potential fraud[51], do not render the collection of sensitive information reasonably necessary.

  1. In relation to subclause 3.4 of the APP Principles, the AMWU submits that no exception has been invoked by the Respondents, nor does one apply.  No “Australian law” (which excludes contracts) requires or authorises the collection of the sensitive information. The AMWU also submits that the circumstance is not otherwise one where is it unreasonable or impracticable to obtain consent (as evinced by the Respondents purporting to seek consent) from workers. In light of the obvious alternatives to the collection proposed, merely that it is convenient to the Respondents to collect sensitive information, is not an adequate basis for a reasonable belief that the collection is necessary.[52]

  1. In relation to the lawfulness of the SAR, the AMWU submits that if the Respondents have not acted in accordance with the Privacy Act, consistent with the decision in Lee, the direction is not a lawful one.[53]  It is a direction which involves illegality.  Further, the AMWU contends that this plainly weighs significantly against the reasonableness of the direction.

  1. In oral submissions, Mr Turner for the AMWU also confirmed that it did not seek to contest other matters in the present proceedings but reserved its rights to do so in other proceedings. In relation to the issue of consent, the AMWU submits that the Respondents’ submissions conflate the issue of vitiation of consent for the purposes of establishing the tort of battery and violation of the person’s bodily integrity, with the content of what is a statutory requirement that consent be obtained from a person before their sensitive information is collected for the purposes of APP 3.3 in Schedule 1 of the Privacy Act. The passages in Mt Arthur Coal referred to by the Respondents deal with these issues and not the issue of consent for the purposes of the Privacy Act.  

  1. It is clear that a person who does not consent to have their sensitive information collected by the Respondents will face termination.  The AMWU contends that in the workplace there is little greater pressure that could be exerted on a person and in that context, it cannot be concluded that a person is given a genuine opportunity to agree or disagree.  Whether or not it is concluded that consent is vitiated, it is certainly not voluntary. 

  1. The AMWU urges that the Commission follow the Full Bench decision in Lee and submits that nothing can be inferred about the correctness of that decision from the decision in Mt Arthur Coal.  Further, the AMWU submits that the Respondents have rejected the reasonable suggestion that they simply sight a certificate on entry rather than collect sensitive information of workers and that this is now a practice which is a feature of public life in Queensland.  In relation to the Respondents’ claim that this would be onerous, the AMWU contends that it is difficult to see how this could be so given that it is used in other facets of public life.  In relation to the Respondents’ claim that the collection of sensitive information is necessary to prevent fraud, it is difficult to conceive of fraud that could not be identified by sighting a certificate on entry.  If the document did not appear real, the person tendering it could easily be pulled aside and dealt with, by commencing an investigation. 

  1. In response to the Respondent’s assertion that it would not be practical to sight a certificate on each occasion an employee enters a mine site or other workplace, the AMWU contends that employees enter through a limited number of gates, and such alternative arrangements would only need to be implemented for those who did not provide consent to the collection of their sensitive information.   The Respondents have not considered a third option for such employees and their options are provide the information or get the sack.  The AMWU also submits that convenience for the Respondents does not make it reasonably necessary for employees to be required to provide sensitive information. 

  1. In response to the assertion that expectations concerning health and safety in the workplace entail that there will be some intrusion into the privacy of employees, and the Respondents’ reliance on Briggs v AWH Pty Ltd[54] and Grant v BHP Coal Pty Ltd[55], the AMWU submits that neither decision considered or touched upon APP 3.3 or dealt with the provisions of the Privacy Act more generally.  Both decisions were also decided before the Full Bench decision in Lee and neither is authority for the proposition that APP 3.3 is somehow overridden by broader workplace health and safety duties that do not directly override the provisions of the Privacy Act more generally. 

  1. The AMWU also submits that the collection of sensitive information is not reasonably necessary for the operation or management of a system to manage risk for the purposes of meeting the Respondents’ obligations under the CMSH Act and there are other reasonable alternatives to the collection of that information that are sufficient to address the safety risk.  Further, the AMWU submits that the Full Bench in Mt Arthur Coal was not ruling out that a breach of the Privacy Act might render a direction unlawful.  Further, whether or not it is concluded in the present case that the direction is unlawful because it breaches the Privacy Act, it is certainly unreasonable on that basis. 

Respondents’ submissions

  1. The Respondents submit that the Commission should conclude that the SAR does not contravene APP 3.3.  The Respondents’ primary position is that collection of the information in question – being information by which the Respondents verify employees’ vaccination status – is permitted by APP 3.3(a), because:

·   The Respondents only receive the information from employees who expressly consent to its provision, and who take positive steps to provide the information to the Respondents through one of two specified processes; and

·   The information is reasonably necessary for the implementation of the SAR.

  1. The Respondents also submit that they do not collect the information in question without employees’ express consent.  However, if it is held (contrary to the Respondents’ submissions) that employees’ express consent is vitiated, then APP3.3(b) applies, and a ‘permitted general situation’[56] would then exist, permitting the Respondents’ collection of information relevant to the SAR under APP 3.4(b) and section 16A of the Privacy Act, because:

  • It is unreasonable or impracticable to obtain employees’ consent (this assumes that the Commission considers “consent” to require something different to that which is presently being provided by employees) to the collection, use or disclosure; and

  • The Respondents reasonably believe that the collection is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety.

  1. Further, the Respondents submit that the Commission should conclude that, even if the Applicants establish a breach of APP 3.3, any such breach does not render the SAR unlawful.  As to the requirements of the Privacy Act, the Respondents contend that the only way that they can effectively apply and enforce the SAR is by requiring employees to disclose information by which their vaccination status can reliably be verified.  Analogously, the requirement to provide proof of vaccination is also a feature of the various public health orders that State governments have imposed.[57]

  1. With respect to the two means by which employees can provide information demonstrating their vaccination status, in either case, the employee needs either their COVID-19 digital certificate issued by the Federal Government (Vaccination Certificate) or their immunisation history statement.  An employee will only have a Vaccination Certificate if they have received two doses of an approved COVID-19 vaccine.  If they have only received a single dose, they will instead have access to an immunisation history statement. In both cases employees are asked whether they give their express consent to the collection of the information via a consent notice.  The document ID is not the employee’s Individual Health Identifier number and does not enable that number to be identified.  Where the employee elects to upload the information via the portal, the employee also attaches a copy of either their Vaccination Certificate or their immunisation history statement.  All information is provided by employees voluntarily and without indicating agreement by ticking the box on the Vaccination Form, the employee will not be able to submit through the Vaccination Portal and therefore no record is created in the Vaccination Portal or Cority.

  1. The Respondents submit that the Vaccination Form also explains (as is the case) that the purpose of collecting the Vaccination Information is to keep the employee and the workforce safe and healthy, including to:

·     Plan for the future and escalate or de-escalate COVID – 19 controls; and

·     Enable decisions about workplace and site access to protect employees against COVID-19 infection risk.

  1. The Consultation Hub document “FAQs Vaccination – how to upload and data use”[58] states further that (as is the case) the Vaccination Information is necessary so that the Respondents can:

·     Plan and make informed decisions relating to the COVID-19 controls framework (including the escalation and de-escalation of COVID-19 controls);

·     Introduce the SAR, which has been implemented to lessen or prevent a serious threat to the life, health and safety of individuals on site and to public health and safety; and

·     Administer its work health and safety obligations.

  1. The Applicants do not challenge the truth of these explanations, and there is no basis on which they could do so.  The Respondents’ view is that they should be accepted as correct.  The Vaccination Form advises employees that without access to the Vaccination Information, BHP may assume that they have not received the COVID – 19 vaccine, including for the purpose of site access.[59]

  1. The Respondents confirm that once an employee has completed the Vaccination Form the Vaccination Information is reviewed by an authorised BHP Health Team member.  The Health Team member will input only[60] the Vaccination Information into a database on a separate software platform called Cority. No record is made or kept of any information other than the Vaccination Information.

  1. Cority is an environmental, health and safety database used by BHP to record health and hygiene data. Only authorised Health Team personnel can access Cority, for example, paramedics, health specialists, and health administrators.[61] All such personnel have completed data privacy training.[62] The Respondents explained that that users are only given access to the parts of Cority that are necessary for them to complete their role.  The Vaccination Certificate or immunisation record is not retained by the Respondents after the Vaccination Information is verified. Currently, all Vaccination Certificates and immunisation history statements uploaded to the Vaccination Portal are deleted within 28 days.[63]

  1. The Respondents submit that express consent is sought and received in each case before the Vaccination Form is completed in the Vaccination Portal.  If consent is not given, an employee is treated as unvaccinated for the purpose of the SAR. Consent is also necessarily implicit in the process, in that the Vaccination Information is provided to the Respondents by the act of the employees.

  1. In relation to the assertion that employees’ consent is vitiated by reason that, should they choose not to provide the vaccination information, they will be assumed not to have been vaccinated, the Respondents submit that the argument seems to be that the economic and social pressure identified in Mt Arthur Coal at [222] and [223] coerces the employees’ free will or choice so as to render their consent legally ineffective.  The Respondents submit that the argument fails for two reasons.  First, it is entirely abstract and no employee has given evidence of being overborne. Second, the Applicants’ argument was expressly and authoritatively rejected in Mt Arthur Coal. The Respondents also referred to the judgment of Leeming JA in Kassam v Hazzard[64] where it was stated at [170] that “…free choice” is a label which disguises the fact that many choices commonly made by people are influenced by incentives and burdens, which are not uncommonly put in place for the express purpose of altering behaviour.”

  1. The Applicants’ contrary argument depends on Lee.[65] The Respondents submit that the Applicant there argued successfully that the employer’s direction to provide a biometric fingerprint on entry to the workplace was not lawful, because the employer did not comply with the requirements of the Privacy Act. The non – compliance was, relevantly, soliciting the collection of sensitive information without consent.[66]   In that case, consent was not actually given, and the fingerprint information not collected. However, the Full Bench said in obiter dicta at [58]: “…we consider that any “consent” that he might have given once told that he faced discipline or dismissal would likely have been vitiated by the threat. It would not have been genuine consent.

  1. The SAR is intended to operate as part of a COVID – 19 Controls Framework now and in the future.  In this regard, the sensitive information the Respondents seek to collect, is intended to assist in planning for the future including the escalation or de-escalation of COVID – 19 controls and to enable decisions to protect employees.  Further, the information is necessary to inform decisions about the COVID – 19 controls framework itself.

  1. The facts found by the Full Bench in Mt Arthur Coal and subsequent developments, evidence that both the virus and its effects are evolving rapidly.   It is logical that knowledge of the vaccination types that employees have received and the dates on which those vaccines were given, would inform decisions to mitigate and manage these effects.  For example, if a new strain of the virus emerged, which was more responsive to a particular type of vaccine, the Respondents would be positioned to assess the risks to employees based on this information.  Similarly, if restrictive conditions on intrastate travel or movements were imposed, the Respondents would be in a position to establish the vaccination status of its employees quickly and conclusively and to assess the likely impact of such restrictions.   

  1. I also accept that the information required by the Respondents is necessary to manage fraud, both actual and potential.  It is uncontentious that any fraudulent activity would be undertaken by persons who are not vaccinated and who seek to falsify evidence for the purpose of establishing that they are vaccinated.  The Respondents assert that they have identified four cases of suspected provision of fraudulent information and two confirmed cases.  Such cases can only be identified if the vaccination information sought in the direction is available to the Respondents. 

  1. As the Full Bench in Mt Arthur Coal found, unvaccinated persons are more likely to acquire COVID – 19 from another unvaccinated person, and this may occur outside the workplace.  Once an infected and unvaccinated person enters the workplace, COVID – 19 is a significant hazard, in circumstances where workers interact or use the same common spaces.  In the Queensland coal industry, such interaction is not limited to workplaces and can extend to accommodation facilities and facilities in local communities where workers gather for social and recreational purposes and interact with other members of those communities.  These risks are actual, rather than hypothetical and I accept that the collection of the information required by the direction will provide a mechanism to manage and mitigate this risk by ensuring that the SAR can be effectively implemented and operated in a manner consistent with its objectives.

  1. I am also of the view that the information that is sought to be collected to verify the vaccination status of employees is reasonably necessary to ensure that the Respondents and employees comply with their obligations under the Coal Mining Safety and Health Act 1999 (Qld) (CMSH Act). The objects of the CMSH Act are set out in s 6 and include protecting the health and safety of persons at coal mines and requiring that the risk of injury or illness resulting from coal mining operations be at an acceptable level.

  1. Section 33(1) provides, relevantly:

33       Obligations for safety and health

(1)    Coal mine workers or other persons at coal mines or persons who may affect safety and health at coal mines or as a result of coal mining operations, have obligations under division 2 (safety and health obligations).

  1. A “coal mine worker” is defined in the Dictionary to the CMSH Act as an individual who carries out work at a coal mine and includes an employee of the coal mine operator. Section 34 of the CMSH Act provides that a “person on whom a safety and health obligation is imposed must discharge the obligation”, and sets out maximum penalties for contravention of the section.  Section 39 relevantly provides:

39       Obligations of persons generally

(1)    A coal mine worker or other person at a coal mine or a person who may affect the safety and health of others at a coal mine or as a result of coal mining operations has the following obligations—

(a)     to comply with this Act and procedures applying to the worker or person that are part of a safety and health management system for the mine;

(b)    if the coal mine worker or other person has information that other persons need to know to fulfil their obligations or duties under this Act, or to protect themselves from the risk of injury or illness, to give the information to the other persons;

(c)     to take any other reasonable and necessary course of action to ensure anyone is not exposed to an unacceptable level of risk.

(2)    A coal mine worker or other person at a coal mine has the following additional obligations—

(a)     to work or carry out the worker’s or person’s activities in a way that does not expose the worker or person or someone else to an unacceptable level of risk;

(b)    to ensure, to the extent of the responsibilities and duties allocated to the worker or person, that the work and activities under the worker’s or person’s control, supervision, or leadership is conducted in a way that does not expose the worker or person or someone else to an unacceptable level of risk;

(c)     to the extent of the worker’s or person’s involvement, to participate in and conform to the risk management practices of the mine;

(d)    to comply with instructions given for safety and health of persons by the coal mine operator or site senior executive for the mine or a supervisor at the mine;

(e)     to work at the coal mine only if the worker or person is in a fit condition to carry out the work without affecting the safety and health of others;

(f)   not to do anything wilfully or recklessly that might adversely affect the safety and health of someone else at the mine.

  1. The expression “acceptable level of risk” is defined in s 29 of the CMSH Act as requiring coal mining operations to be carried out so that the level of risk is within acceptable limits and as low as reasonably achievable. Under s 18(1) and (2), a “risk” is the risk of injury or illness to a person arising out of a hazard and is measured in terms of consequences and likelihood. Section 19 provides that a “hazard” is a thing or a situation with potential to cause injury or illness to a person.

  1. Division 3 of the CMSH Act deals with the obligations of holders, coal mine operators, site senior executives and others. Section 42(a) provides, relevantly that a site senior executive for a coal mine has the obligations in relation to the safety and health of persons who may be affected by coal mining operations to ensure the risk to persons from coal mining operations is at an acceptable level.

  1. When those obligations and responsibilities are considered in light of the findings of fact made by the Full Bench in Mt Arthur Coal in relation to COVID – 19, including findings about the risks of infection and transmission and the effectiveness of vaccination as a control to reduce those risks, it is obvious that information about the vaccination status of employees, is integral to the functions and activities of the Respondents in relation to complying with their obligations under the CMHS Act. 

  1. The potential for transmission of COVID – 19 is a hazard as defined in s. 19 of the CMSH Act.  In the current environment, it is difficult to conceive of a greater or more immediate hazard, or more serious consequences and risks, than those associated with the transmission of a virus that can cause serious illness and possibly death.  The risk of illness arising out of that hazard is higher or more likely if unvaccinated persons are permitted to enter the Respondent’s work sites and acquire and/or spread the virus to other workers or persons, both vaccinated and unvaccinated, at those sites or in accommodation facilities related to the sites or the communities where the mines are located.  There is also a significant risk that coal mine workers who do not live in areas close to the mines will contract the virus while at work and transmit it when they travel to their homes.     

  1. The proposal advanced by the Unions as an alternative measure to implement the SAR, is that workers who do not wish to provide the vaccination information sought by the Respondents use the “green tick” method to verify their vaccination status and access work sites.  The Unions maintain their objection to the Respondents collecting any data on the vaccination certificates which are uploaded by employees to the QR check in app which generates the green tick.  The Unions also maintain that even the fact that the employee has such a certificate and/or a green tick on their QR check in app, cannot be recorded and must be verified on each occasion that the employee accesses a mine site. 

  1. It is immediately apparent that the alternative proposal advanced by the Unions is counter intuitive.  On the one hand it is implicitly accepted that persons who enter the workplace may reasonably be required to show evidence of having been vaccinated, while on the other hand it is contended that it is unreasonable for the Respondents to record even the existence of the evidence of vaccination.

  1. It is trite that a hazard cannot be managed unless it can be measured.  The effective implementation of mechanisms to control hazards, requires that inputs and outputs are measured.  The approach proposed by the Unions is completely inconsistent with the Respondents’ approach of establishing a COVID – 19 Framework to manage present and future hazards and with accepted norms for managing such hazards. At the risk of repeating the obvious, even with high vaccine rates in the community, COVID – 19 is, and will remain, a significant hazard, in workplaces where people interact.  Vaccination is the most effective and efficient control available to combat the hazards posed by COVID – 19.  

  1. As a matter of practicality, the proposal advanced by the Unions as an alternative means for the implementation of the SAR is unworkable.  Leaving aside other workplaces operated by the Respondents in Queensland, the mines operate continuously over 24 hours a day, 7 days a week and 365 days a year.  There are multiple access points and employees arrive at those points by a variety of means and from numerous locations which may include from camp accommodation which they share with other workers. 

  1. To implement the SAR in the manner proposed by the Unions, the Respondents would be required to station persons at every access point to the mine to check the mobile telephones of employees or a hard copy of whatever document the employee wished to produce to verify vaccination.  Even if the information on documents is not “collected” because it is not recorded, it would be open to the Respondents to require documentation that establishes vaccination status, by indicating the type of vaccination received and when it was given, provided the requirement was lawful and reasonable.  Showing documentation to a person stationed by an employer at an entrance to a worksite, is not caught by the Privacy Act and there is no material before me to indicate that this requirement would be unlawful on some other basisGiven my earlier finding that the documentation sought by the Respondents is reasonably necessary for their functions and activities, my view is that it would also be reasonable for the Respondents to require that it be shown on entry to its sites.

  1. Even if the Respondents accepted the “green tick” as evidence of vaccination (which it could arguably continue to refuse), the entry process proposed by the Unions would be at best unworkable and at worst, chaotic.  For the purposes of illustrating this point, I accept the following propositions advanced by the Unions in their oral submissions:

·   40% of the Respondents’ workforce at a mine site have not consented to having their sensitive information collected to establish their vaccination status;

·   There are two entry points at most mine sites;

·   Entry is obtained by each employee using a swipe card; and

·   The respondent would station persons at each gate to view the green tick or other method of establishing vaccination status.

  1. It is also the case that the groups of employees who have or have not provided consent for the collection of information evidencing their vaccination status could alter, as employees opt in and out of those groups.  There is every likelihood that employees would opt out if producing the information was not required.  Regardless of the numbers involved, on each shift worked at the Mine a group of employees would approach the gate to access the mine.  The group would comprise some employees who have consented to the collection of information to verify their vaccination status and some who have not consented.  The persons charged with checking the vaccination status of persons seeking to access the mine site would have no way of knowing which members of group have verified the vaccination status and which members of the group have not.  If all members of the group have a swipe card to access the mine site, the verification process is dependent for its integrity on persons who have not verified their vaccination status doing so voluntarily, on each occasion they access the mine site. 

  1. The fact that employees have swipe cards would not assist to streamline this process. If swipe cards can be programmed so that those who have verified their vaccination status in accordance with the SAR have automatic access to the mine site and those who are required to verify their vaccination status on each occasion do not, a manual intervention would be required to allow persons whose vaccination status was required to be established on each occasion, to access the mine site.  If swipe cards could not be programmed in this way, then either all cards would need to be deactivated or remain as they are, with the risk that unvaccinated workers could skip the queue and enter the mine site.   If employees were permitted to access the mine site via their swipe cards and then verify their vaccination status inside the gate, the risk of error or fraud increases.

  1. It is only necessary to attempt to document this process, to envisage the scene that would ensue.  On the numbers provided by the Unions, if 100 workers approached a gate at a mine, 40 would be required to submit to having their vaccination status checked manually while 60 would enter the gate using their swipe cards.  It is not difficult to envisage a queue of frustrated mine workers waiting for their vaccination status to be checked, being consequently late for work, despite the best intentions of all concerned.  The 40 workers whose status was checked manually would then have to enter using a different process, probably with manual assistance from the persons who had checked their status.  The whole situation would be further complicated because as the industrial instruments covering the mine workers indicate, different rosters may be worked by different employees with varying start times.  It is also the case that employees may have a range of reasons for not starting work at the designated shift start times, such as compliance with fatigue management policies or attendance at training.  Essentially, the Respondents would be required to have staff at access points constantly throughout each day.

  1. In the present case, the repercussions of a single unvaccinated person slipping through the net are catastrophic if that person is infected with COVID – 19.  This can be contrasted with the factual circumstances in Lee.  In that case, the evidence about the safety related aspect of the direction to supply his fingerprint was that it would have allowed the employer to ascertain whether Mr Lee was on the site in the event of an emergency.  In that context, Mr Lee’s refusal to provide his fingerprint data could only have directly affected the safety of Mr Lee and could have had no impact on other employees who had complied with the request.  It was also not unreasonable for Mr Lee to use a manual system by writing in an attendance book to record his presence at the site given that he was the only employee in the workplace who had objected to using the fingerprint scanner. Further, there was evidence that the manual attendance recording system remained in place after Mr Lee was dismissed, further indicating that Mr Lee’s fingerprint data was not reasonably necessary for the employer’s functions or activities. 

  1. In the present case, 60% of employees have agreed to the provision of information and 40% have not, and it is unclear whether the basis of their present position is a concern about privacy of sensitive information or about vaccination itself. The alternative system is not a reasonable alternative and would cause significant disruption to the Respondents, the employees who have complied with the direction and those who have not complied.  It would also place all persons at the worksite at risk. 

  1. The process proposed by the Unions would be more susceptible to human error than that proposed by the Respondents.  I also accept the Respondent’s argument that if no record could be made of the fact that information verifying a worker’s vaccination status had been sighted and found to be correct and sufficient, then the Respondents would be unable to satisfy themselves that the site access requirement had been met, notwithstanding the acceptance by all parties that it has a safety critical justification.  In those circumstances, the SAR ceases to be a framework to manage the hazards posed by the COVID – 19 pandemic and becomes an exercise in in putting out bushfires. 

  1. I also share the view advanced by Mr Neil for the Respondents in answer to the hypothetical question as to why the “green tick approach” is acceptable at the Blackwater Hotel and not the Blackwater Mine.  Mine sites are not hotels, they are workplaces under the Respondents’ control and in respect of which there are a broad range of statutory and common law obligations to ensure the health and safety of all persons who access them.  It is not neither safe nor reasonable to require that a coal mine operator use an access system for verifying vaccination status that is designed for hospitality and retail establishments.

  1. Accordingly, I find that the requirement in APP 3.3 (a)(i) is met and that the vaccination information is reasonably necessary for one or more of the Respondents’ functions or activities.  It follows that the exclusion in APP 3.3 is established and the SAR and the direction do not contravene the Privacy Act and are not unlawful on this basis.  For the same reasons, I am satisfied that the SAR and direction in relation to verification of vaccination status, is not unreasonable either, considered either alone, or in combination with the bodily integrity issue.

General permitted situation and other matters

  1. Given my findings in relation to the bodily integrity issue and the Privacy Act issue, it is not necessary that I consider whether a general permitted situation exists as provided in APP 3(b), 3.4(b) and s. 16A of the Privacy Act.  It is also not necessary that I consider the arguments advanced by the Respondents in relation to the effect of a breach of the Privacy Act on the lawfulness and reasonableness of the SAR.  Further, in circumstances where the parties have agreed that I make a Recommendation rather than arbitrating the dispute, it is not appropriate that I consider these matters.

Conclusion

  1. For these reasons, I conclude that the answer to the question is: Yes, the Site Access Requirement is a lawful and reasonable direction having regard to the Privacy Act and the right to bodily integrity.

DEPUTY PRESIDENT

Appearances:

Mr L Tiley for the CFMMEU and CEPU.

Mr P Turner for the AMWU.

Mr I Neil SC and Ms H Blattman of Counsel instructed by Mr M Coonan for the Respondents.

Hearing details:

11 January 2022.

By Video.


[1] [2021] FWCFB 3 December 2021.

[2] Document 25, State Consultation Group Minutes and Q&A – 21 December 2021; Document 30, Peak Downs Consultation Meeting – 21 December 2021 – minutes and QA; Document 31, Goonyella GM Consultation Meeting – 22 December 2021

[3] Document 47, COVID-19 vaccination Health and Safety basis and rationale, 6 January 2022.

[4] Document 39, FAQs Vaccination – how to upload and data use, page 1

[5] Page 6-8 of the document that is annexed to these submissions and marked Attachment 1

[6] Page 8 of the document that is annexed to these submissions and marked Attachment 1

[7] Page 8 of the document that is annexed to these submissions and marked Attachment.

[8] 45 Document 39, FAQs Vaccination – how to upload and data use, page 1.

[9] State Consultation Group Minutes and Q&A – 21 December 2021, paragraph 4, page 2.

[10] Frequently Asked Questions about COVID-19 Vaccination, paragraph 608, page 29.

[11] [2021] FWCFB 6059 at [67].

[12] (1938) 60 CLR 601.

[13] (1996) 70 FCR 16,

[14] (1996) 70 FCR 16 per Finn J at [21].

[15] [2021] FWCFB 6059 at [259].

[16] Secretary, Department of Health and Community Services (NT) v JWB and SMB (Marion’s Case) 175 CLR 218 at 233.

[17] McManus v Scott-Charlton (1996) 70 FCR 16, Finn J at 21.

[18] [2021] FWCFB 6059 at [220].

[19] Ibid at [223].

[20] [2021] FWCFB 6059 at [218]

[21] [2021] FWCFB 6059 at [216], citing Secretary, Department of Health and Community Services (NT) v JWB and SMB (Marion’s Case) (1992) 175 CLR 218 at 233.

[22] [2021] FWCFB 6059 at [215].

[23] [2021] FWCFB 6059 at [218].

[24] [2021] FWCFB 6059 at [222].

[25] see Favelle Mort Ltd v Murray (1976) 133 CLR 580 at [21].

[26] ANF v Alcheringa Hostel Incorporated PR951805 at [48]; Construction, Forestry, Mining and Energy Union v New Oakleigh Coal Pty Ltd[2012] FWAFB 5107 at [55]; see also [128]-[129]; Construction, Forestry, Mining, and Energy Union v Queensland Bulk Handling Pty Ltd[2012] FWAFB 7551 at [22]

[27] See Four Aviation Security Service Employees v Minister of COVID-19 Response [2021] NZHC 3012 at [125].

[28] [2021] FWCFB 6059 at [218].

[29] Kassam v Hazzard; Henry v Hazzard [2021] NSWCA 299 at [56], [95], [96], [97], [99].

[30] Tomlinson v Ramsey Food Processing Pty Ltd (2015) 256 CLR 507 at [25]-[26], and, by analogy, Snyder v Helena College Council, Inc. t/as Helena College[2019] FWCFB 815 at [24].

[31] [2021] FWCFB 6059 at [85].

[32] [2021] FWCFB 6059 at [223].

[33] [2021] FWCFB 6059 at [223].

[34] [2021] FWCFB 6059 at [252]; see also [253].

[35] [2017] FCAFC 42 at [89] to [90].

[36] [2021] FWCFB 6059 at [253].

[37] cf [2021] FWCFB 6059 at [224].

[38] Privacy Act, s.6.

[39] Privacy Act, s.15.

[40] Privacy Act, s.6.

[41] Lee v Superior Wood Pty Ltd[2019] FWCFB 2946 (Lee v Superior Wood)

[42] Lee v Superior Wood

[43] R v Darling Island Stevedoring & Lighterage Co Ltd; Ex parte Halliday (1938) 60 CLR 601 per Dixon J.

[44] [2019] FWCFB 2946.

[45] OAIC - Coronavirus (COVID-19) Vaccinations: Understanding your privacy obligations to your staff. Link: Coronavirus (COVID-19) Vaccinations: Understanding your privacy obligations to your staff. Link:

[47] Australian Privacy Principle Guidelines, B. 43, page 11.

[48] [2019] FWCFB 2946.

[49] Lee v Superior Wood at [58].

[50] Australian Privacy Principle Guidelines, B.114 to B.116, page 24.

[51] Frequently Asked Questions about COVID-19 Vaccination, paragraph 608, page 29.

[52] Australian Privacy Principle Guidelines, C.8, page 4.

[53] Lee v Superior Wood at [58].

[54] [2013] FWCFB 3316.

[55] [2017] FCAFC 42.

[56] APP 3.4(b); Privacy Act section 16A, Item 1

[57] In Queensland, for example, the Public Health and Social Measures linked to vaccination status Direction (No. 2)

[58] Document 39, FAQs Vaccination – how to upload and data use, page 1.

[59] Document 45, Frequently Asked Questions about COVID-19 vaccination. page 25

[60] Document 39, FAQs Vaccination – how to upload and data use, page 1.

[61] Document 39, FAQs Vaccination – how to upload and data use, page 1

[62] Document 39, FAQs Vaccination – how to upload and data use, page 1, Document 45, Frequently Asked Questions about COVID-19 vaccination, page 29 question 608

[63] Document 46, State Consultation Group Meeting – 6 January – Minutes and QA, page 1

[64] [2021] NSWCA 299.

[65] [2019] FWCFB 2946.

[66] [2019] FWCFB 2946 at [46] to [48].

[67] [2021] FWCFB 6059 at [212].

[68] [2021] FWCFB 6059 at [85].

[69] [2013] FWCFB 3316

[70] [2013] FWCFB 3316 at [3]

[71] (2017) 247 FCR 295 at [79]-[90]; particularly at [89] to [90]

[72] Document 39 and document 45 on the Consultation Hub.

[73] [2020] FWC 3324.

[74] [2020] FWC 3324 at [83] to [84], [92].

[75] [2021] FedCFamC2G 337.

[76] Mt Arthur Coal at [85], [266].

[77] Ibid at [222] citing the judgment of Beech-Jones CJ at CL in Kassam v Hazzard [2021] NSWSC 1320.

[78] Transcript of proceedings PN394 – 395.

[79]  Pacific Access Pty Ltd v CPSU (1998) 83 IR 323 at 333 per Giudice P, McBean SDP and Lewin C.

[80] [2021] FWCFB 6059 at [215].

[81] (1992) 175 CLR 218 (Marion’s case).

[82] Ibid at 233.

[83] Ibid.

[84] [2021] FWCFB 6059 at [218].

[85] Ibid at [223].

[86] Kassam v Hazzard; Henry v Hazzard [2021] NSWCA 299 per Leeming JA at paragraphs 168 – 172.

[87] [2019] FWCFB 2946.

[88] Ibid at [58].

[89] Ibid at [58].

[90] Lee v Superior Wood Pty Ltd [2020] FWCFB 1301.

[91] Ibid at [66].

[92] [2021] NSWCA 299 at 1320.

[93] Crescendo Management Pty Ltd v Westpac Banking Corporation (1988) 19 NSWLR 40 at 46 per McHugh J (with whom Samuels and Mahoney concurred).

Printed by authority of the Commonwealth Government Printer

<PR737577>

SCHEDULE A

CFMMEU APPLICATIONS

No. Matter Agreement
1. C2021/8213 – CFMMEU v BHP Coal Pty Ltd T/A BHP Billiton Mitsubishi Alliance BMA Enterprise Agreement 2018
2. C2021/8230 – CFMMEU v Hay Point Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA Hay Point Services Pty Ltd Enterprise Agreement 2020
3. C2021/8223 – CFMMEU v Broadmeadow Mine Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA Broadmeadow Mine Enterprise Agreement 2020
4. C2021/8221 – CFMMEU v Central Queensland Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA South Walker Creek Mine Enterprise Agreement 2018
5. C2021/8218 – CFMMEU v Central Queensland Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA BMA Daunia Mine Enterprise Agreement 2019
6. C2021/8217 – CFMMEU v Central Queensland Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA BMA Caval Ridge Mine Enterprise Agreement 2018
7. C2021/8215 – CFMMEU v BHP Mitsui Coal Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA BHP Billiton Mitsui Coal Pty Ltd Poitrel Mine Enterprise Agreement 2019

AMWU APPLICATIONS

No. Matter Agreement
1. C2021/8414 – AMWU v BHP Billiton Mitsui Coal Pty Ltd T/A BHP Mitsui Coal Pty Ltd BHP Billiton Mitsui Coal Pty Ltd Poitrel Mine Enterprise Agreement 2019
2. C2021/8415 – AMWU v Central Queensland Services Pty Ltd T/A Central Queensland Services Pty Ltd South Walker Creek Mine Enterprise Agreement 2021
3. C2021/8416 – AMWU v Central Queensland Services Pty Ltd T/A Central Queensland Services Pty Ltd BMA Daunia Mine Enterprise Agreement 2019
4. C2021/8380 – AMWU v BHP Coal Pty Ltd T/A BHP Coal Pty Ltd BMA Enterprise Agreement 2018
5. C2021/8377 – AMWU v Central Queensland Services Pty Ltd T/A Central Queensland Services Pty Ltd BMA Caval Ridge Mine Enterprise Agreement 2018
6. C2021/8381 – AMWU v Broadmeadow Mine Services Pty Ltd Broadmeadow Mine Enterprise Agreement 2020

CEPU APPLICATIONS

No. Matter Agreement
1. C2021/8463 – CEPU v BHP Coal Pty Ltd T/A BHP Billiton Mitsubishi Alliance BMA Enterprise Agreement 2018
2. C2021/8467 – CEPU v Central Queensland Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA BMA Caval Ridge Mine Enterprise Agreement 2018
3. C2021/8470 – CEPU v Central Queensland Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA BMA Daunia Mine Enterprise Agreement 2019
4. C2021/8471 – CEPU v Central Queensland Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA South Walker Creek Mine Enterprise Agreement 2021
5. C2021/8475 – CEPU v Broadmeadow Mine Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA Broadmeadow Mine Enterprise Agreement 2020
6. C2021/8477 – CEPU v Hay Point Services Pty Ltd T/A BHP Billiton Mitsubishi Alliance / BMA Hay Point Services Pty Ltd Enterprise Agreement 2020

Areas of Law

  • Employment & Labour Law

Legal Concepts

  • Consultation on major workplace change

  • Site Access Requirement

  • Privacy Act

  • Right to bodily integrity

  • Consent

  • Coercion or duress