Telecommunications, Media And Technology (TMT) Law Update – Volume 18
Key developments arising during February and March 2018 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.
Gaming machines not misleading or unconscionable
On 2 February 2018, the Federal Court of Australia ruled that casino operator Crown Melbourne Limited and electronic gaming machine (EGM) manufacturer Aristocrat Technologies had not engaged in misleading and deceptive or unconscionable conduct by misinforming the public as to their odds of winning when playing a particular machine, Dolphin Treasure: Guy v Crown Melbourne Limited (No 2)  FCA 36. The applicant’s claim for false and misleading conduct under section 18 of the Australian Consumer Law was based on the fact that the electronically depicted spinning reels did not spin at an even pace, the number of matching symbols was not equally represented on each reel, and the advertised “total theoretical return” was incorrectly represented. The unconscionability claim under sections 20 and 21 of the Australian Consumer Law was based on the potential for these features to cause vulnerable persons to become addicted to gambling. The section 18 claim was dismissed by Justice Mortimer, essentially on the basis that a hypothetical gambler probably lacked a “sufficient understanding of probability theory” to be influenced by these features of the game, adding as a general observation that in her opinion, people who gamble on machines are more focussed on securing some form of pleasure or entertainment than on how the machine works, and that most individuals who gamble realise that “the machine will always come out ahead”. In relation to the section 20 and 21 claims, Her Honour concluded that the applicant had not proven any victimisation or exploitation, or any conduct on behalf of the respondents, necessary to make out statutory unconscionability”.
"Commercial-in-confidence" does not necessarily equate with "confidential"
On 7 February 2018 the Administrative Appeals Tribunal followed well-established confidentiality principles when it ruled, in the context of a freedom of information claim, that the label “commercial-in-confidence” does not necessarily imbue information with the necessary quality of confidentiality for the purposes of qualifying for the confidentiality exemption under section 45 of the Freedom of Information Act 1982 (Cth): Kung Fu Wushu Australia Limited and Australian Sports Commission  AATA 157. The applicant was seeking to overturn an earlier decision of the respondent which ordered the release of certain documents. The Tribunal was not satisfied that the documents in question qualified for an exemption because it would not have been possible for the applicant to prevent disclosure under the general law. If the information does not in fact satisfy the requirements in equity for the protection of confidentiality, the mere labelling of it as 'confidential" will not solve the problem. In making its finding, the Tribunal followed the relevant principles laid down in Corrs Pavey Whiting Byrne v Collector of Customs (Vic) 14 FCR 434.
Confidential information can be accessed by employer
On 13 February 2018, the Supreme Court of Victoria ruled that an employer had no obligation to maintain the confidentiality of information relating to a third party competitor which had come into its possession during the audit of an employee’s laptop: Integrated Global Partners Pty Ltd v Hyde & Ors  VSC 45. An employee had been undertaking unpaid work for the competitor in breach of her contractual obligations to the plaintiff. The employee’s computer was subject to the plaintiff’s IT System Acceptable Use Policy which allowed the plaintiff to audit its networks and systems and to examine content stored on company computers. The court ruled in favour of the employer on the basis that it had been exercising its lawful right of audit and the confidential information in question had not been obtained as a consequence of any breach of confidence. The Court acknowledged the observation of Gleeson CJ in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199 that the use of information innocently or accidently acquired could be restrained in circumstances where it had been “improperly or surreptitiously obtained”, but in this instance there was no evidence that the employer had acted improperly.
No presumption of confidentiality in council tenders
On 15 February 2018, the NSW Civil and Administrative Tribunal ruled that a tender submission was not confidential and could be released in redacted form under the Government Information (Public Access) Act 2009 (NSW): South Coast Hunters Club v Eurobodalla Shire Council  NSWCATAD 42. Relevant to the Tribunal’s finding’s was the fact that there was no statement on the tender that the submission was “confidential”. The Tribunal was of the view that in the absence of some indication from the applicant that it had requested its tender to remain confidential, there was no basis to infer that the document was submitted in confidence. The Tribunal rejected the applicant’s submission that the tendering guidelines indicated the document would be treated as confidential, concluding that the guidelines only indicated that documents “provided in confidence” would be treated confidentially. The guidelines did not, in the Tribunal’s opinion, create any presumption that material submitted with a tender was provided in confidence.
Confidentiality designation must be read in context
On 28 February 2018, the Federal Court held that the incorrect description in a contract of certain information as “confidential” may not affect a contractual restriction on its use: Career Step, Inc v TalentMed Pty Ltd (No 2)  FCA 132. The applicant asserted that the respondent had infringed its copyright, and breached contractual restrictions, when utilising its course materials for the purpose of developing a competing course. The court concluded that the applicant’s copyright in part of the material had been infringed, and then turned its attention to the applicant’s contract claim. The contract provided that the applicant’s software and instructional materials were “proprietary and confidential” and constituted trade secrets, and then imposed a restriction on the use of “such confidential information”. The respondent argued that the information was not “confidential” and therefore the restriction had no effect. Robertson J concluded that it was not relevant whether the material was in fact confidential because the purpose of the description was to identify material which was the subject of the restriction. He ruled that the reference to confidential information “does not impose a superadded requirement that the proprietary software and instructional materials be confidential, but is descriptive of the software and instructional materials the subject of the clause”.
Password protection may be evidence of confidentiality
On 9 March 2018, the Full Court of the Federal Court of Australia observed that a company’s password protection of its information was evidence that it regarded the information as confidential and not available to the general public: Digital Central Australia (Assets) Pty Ltd v Stefanowski (No 2)  FCA 1000. The proceedings were brought by a franchisor who asserted that a former franchisee had breached a restraint of trade clause in the franchise agreement, as well as an equitable duty of confidentiality, by attempting to compete with another franchise business. On the question of confidentiality, the respondents argued that the information was not confidential due to a lack of uniqueness, an argument rejected on the facts by the court which observed that although some of the information was in the public domain, collectively it contained information reflecting sufficient evidence of ingenuity and novelty to satisfy the test for confidentiality. The court further took into account the steps taken by the franchisor to alert the franchisee to the fact that the information was being imparted in confidence, placing significance on the fact that the information was held in a password protected area on the franchisor’s website.
NSW ticketing system breaches privacy
On 15 February 2018, the NSW Civil and Administrative Tribunal ruled that the State’s electronic (Opal) ticketing system contravened the Privacy and Personal Information Protection Act 1998 (NSW): CNS v Transport for NSW  NSWCATAD 4. The basis of the decision was that the system, in contravention of Information Privacy Principle 1, collected personal information which was not reasonably necessary for the functioning of the system. The system removed the ability of concession entitlement holders to travel anonymously, tracking registered users who passed through a transport hub on any given day. The Tribunal rejected arguments that the information was not “personal information” and further held that the question of consent was not relevant to IPP1. The Tribunal recommended that the Respondent “seek technical, privacy, IT design and possibly legal advice” to render the system compliant.
Netgear to provide remedies and refunds to customers for misleading representations about warranties
Netgear is in the business of supplying network connection devices, such as modems and routers. On 27 February 2018, the ACCC announced that Netgear had given various undertakings flowing from representations it made to customers from June 2016 to the effect that unless they were covered by Netgear's manufacturer's warranty or "purchased" a technical support contract, they were not entitled to any remedies for faulty products. Those representations were misleading because under the Australian Consumer Law (ACL), a supplier of goods or services cannot exclude, restrict or modify the consumer guarantees. The consumer guarantees always operate in addition to any arrangements otherwise existing between a supplier and a consumer. Netgear also acknowledged that its packaging did not comply with section 102 of the ACL, which requires certain prescribed wording to be used in relation to warranties against defects. Netgear gave undertakings to review the relevant contracts and to provide remedies to customers who were entitled to remedies under the ACL, to establish an Australian Consumer Rights webpage on its website for a month, to establish a Consumer Hotline for affected customers to make complaints, and to review each complaint to determine the customer's entitlement to a remedy under the ACL. Netgear also undertook to update its policies and procedures to and to implement a compliance program.
GPS failure does not render a motor vehicle “defective”
On 28 February 2018, the Victorian Civil and Administrative Tribunal dismissed a claim by a consumer for the refund of the purchase price of a car, rejecting the consumer’s argument that a faulty GPS rendered the car unacceptable: Russell v NGP Melbourne Pty Ltd (Civil Claims)  VCAT 301. The applicant produced evidence that the GPS failed to provide satisfactory navigational advice in the outer suburbs of Melbourne. The Tribunal observed that the hardware underpinning the system was not faulty, but rather there was a problem with the dissemination of mapping data in that part of Melbourne. The Tribunal noted that under section 262 of the Australian Consumer Law, goods could be rejected by a consumer only within a period during which it would be reasonable to expect the relevant failure to become apparent. As the applicant had been aware of the deficiency for nearly two years, the rejection period had expired. Furthermore, flaws in GPS mapping data did not render the car unacceptable for the purposes of the consumer guarantee contained in section 54 of the Australian Consumer Law.
Surveillance devices legislation does not create a right of privacy, nor a right of free speech
On 18 March 2018, the Western Australian Court of Appeal delivered a judgement which analysed the role of the Surveillance Devices Act 1988 (WA): Australian Broadcasting Corporation v SAWA Pty Ltd  WASCA 29. The court rejected an application by the ABC for the release on "public interest" grounds of video footage allegedly depicting animal cruelty which had previously been tendered in court proceedings. The court reaffirmed the view expressed in Channel Seven Perth Pty Ltd v S in 2007 that the Act does not establish a general right to privacy in respect of private conversations and activities, but rather its objective is to restrict the use of covert means to obtain such information. The court went on to reject the application, in particular dismissing the ABC’s contention that, in assessing the public interest in release of the video, it should be inferred that the legislation did not intend to encroach on the right to freedom of speech. In this regard, the court observed that ”to give presumptive preference to freedom of speech [on the question of public interest] and thus to publication would subvert the structure and intent of the Act”.
Whistleblower protection to be strengthened in Victoria
The Integrity and Accountability Legislation Amendment (Public Interest Disclosures, Oversight and Independence) Bill 2018 (Vic) had its second reading in the Victorian Parliament on 7 February 2018. The legislation will amend the Protected Disclosure Act 2012 (Vic) with the intention of strengthening the State’s whistleblower protection system. In Australia, whilstleblowing legislation largely focuses upon the public sector, with state and territory legislation operating in every jurisdiction in addition to the Public Interest Disclosure Act 2013 (Cth) which operates at Commonwealth level. The objective of the legislation is to provide a mechanism whereby an individual can breach what would otherwise be obligations of confidentiality and privacy in order to report certain conduct to a higher authority. The new Victorian legislation will expand and clarify the types of public sector improper conduct that a person can disclose, facilitate the process for making disclosures and protect disclosers from legal costs.
Incentive for Australian filmmakers streamlined
On 14 February 2018, the Commonwealth Arts Minister issued the PDV Offset Rules 2018 pursuant to sub-sections 376 – 260(2) and (3) of the Income Tax Assessment Act 1997 (Cth). The Post Digital Visual Effects (PDV) offset applies to Australian expenditure incurred in making films. The offset is an incentive to attract post production and visual effects work to Australia on productions, regardless of where they are shot. A certificate for the PDV offset entitles the applicant company to a 30% tax rebate on the company’s qualifying Australian production expenditure to the extent that it relates to PDV. The new Rules provide a framework for companies to apply for a provisional or final certificate for the offset, sets out procedures by which the Film Certification Advisory Board will consider applications, and specifies how applications for certificates are to be made. The new Rules replace the PDV Offset Rules 2008 which were due to sunset on 1 April 2018.
Legislation targets intimate images on social media
On 15 February 2018, the amended Enhancing Online Safety (Non-consensual Sharing of Intimate Images) Bill 2017 (Cth) was introduced into the House of Representatives. The Bill had previously been tabled in the Senate on 6 December 2017 and subsequently amended and passed by the Senate on 14 February 2018. The Bill amends the Enhancing Online Safety Act 2015 to prohibit the posting of, or threatening to post, intimate images without consent on a social media service, relevant electronic service or designated internet service. The Bill establishes a complaints and objection system to be administered by the eSaftey Commissioner and provides the Commissioner with powers to issue removal notices or remedial directions. The legislation introduces a civil penalty regime to be administered by the Commissioner, and enables the Commissioner to seek a civil penalty order from a relevant court, issue an infringement notice, obtain an injunction, enforce an undertaking or issue a formal warning.
Australian Signals Directorate to become an independent agency
On 15 February 2018, the Senate referred the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Bill 2018 (Cth) to the Senate Foreign Affairs, Defence and Trade Legislation Committee for enquiry and report. The Bill implements the recommendations of an earlier review to establish the Australian Signals Directorate (ASD) as an independent statutory agency within the Defence portfolio. The ASD is Australia’s national signals intelligence authority with responsibility for collecting intelligence, supporting the military and undertaking cyber security operations through the application of advanced technologies. In a related move, the Computer Emergency Response Team (CERT), which was established in 2010 as the National Computer Emergency Response Team and which is the primary government contact point for major Australian businesses in relation to matters involving cyber security, will also be transferred from the Attorney General’s Department to ASD.
Telecommunications carriers to provide additional information in interception capability plans
On 16 February 2018, the Commonwealth government issued the Interception Capability Plan Determination 2018 (No 1) in anticipation of the sunsetting on 1 April 2018 of the Interception Capability Plan Determination 2008 (No 1). The Determinations are made under Part 5-4 of the Telecommunications (Interception and Access) Act 1979 (Cth) which requires all licensed telecommunications carriers and certain carriage service providers to submit an annual interception capability plan. The new determination, which is in terms identical to the expiring determination, implements section 195(2) of the Act and requires the plans to include the carrier’s policies and strategies relating to interception, the location of interception points on their networks and a list of employees with responsibility for interception matters. The determination also requires the carriers to describe the arrangements in place to maintain their interception capability in Australia and under the control of persons holding appropriate national security clearances. There is also an obligation to protect information gained from interceptions, and to provide reasonable interception assistance to national security and law enforcement agencies.
Mandatory data breach reporting introduced
From 22 February 2018, amendments to the Privacy Act 1988 (Cth) came into effect which require the mandatory reporting of certain data breaches. The amendments are contained in the new Part IIIC of the Privacy Act 1988 (Cth), introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017 on 22 February 2017. We earlier reported on the passage of this legislation in Volumes 10 and 11 of this Update. The obligation is imposed upon entities currently regulated by the Act – that is, Commonwealth public sector agencies, private sector businesses with an annual turnover in excess of $3m and certain other entitles which do not qualify for exemption as small businesses. The reporting obligation is restricted to breaches which are likely to result in serious harm to the individual. Notification must be provided to the individual and to the office of the Australian Information Commissioner. A breach of the notification obligation can attract, under the general penalty provisions in the Act, a fine of up to $420,000 for individuals and $2.1m for corporations.
Government Department can disclose personal information in connection with Australian Honours System
On 14 March 2018, the Australian Information Commissioner issued a Public Interest Determination (PID) to the effect that the Department of Home Affairs can disclose certain information in connection with the assessment of proposals for awards under the Australian Honours System: Privacy (Australian Honours System) Temporary Public Interest Determination 2018. Specifically, the PID allows the Department to disclose information to the Office of the Official Secretary to the Governor-General and to the Department of the Prime Minister and Cabinet for the purpose of verifying the Australian citizenship or permanent residency status of individuals who are the subject of a nomination. An application had been made to the Commissioner by the Department over concerns that the disclosure of information in response to verification requests might involve the use of personal information for purposes inconsistent with the original reason for collection, thus breaching Australian Privacy Principle 6. The Commissioner concluded that it was not appropriate or practicable to seek the consent of the individuals concerned, and that the public interest in maintaining the integrity of the honours system outweighed the public interest in adherence to the relevant Australian Privacy Principles. The PID, which the Commissioner is empowered to issue under section 80A(2) of the Privacy Act 1988, removes the potential impasse.
Legislation contemplates restrictions on gambling promotion
On 12 February 2018, the Senate Environment Communications Legislation Committee recommended the passage of the Communications Legislation Amendment (Online Content Services and other Measures) Bill 2017 (Cth). The Bill had been referred to the Committee by the Senate on 7 December 2017 on the recommendation of the Selection of Bills Committee. The Bill will, if passed, amend the Broadcasting Services Act 1992 (Cth) to create a regulatory framework to be used by the Australian Communications and Media Authority (ACMA) to impose gambling promotion restrictions on online content service providers. The legislation will insert a new schedule 8 into the Act to allow ACMA to make online content service provider rules which set out the gambling promotion restrictions.