Adsense HTML

New Californian Privacy Law: CPRA to effectively replace CCPA

On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA revises and expands the California Consumer Privacy Act (CCPA), creating new industry requirements, consumer privacy rights and enforcement mechanisms. 

The CPRA's new obligations for businesses will come into effect on 1 January 2023.  At that time, the CPRA will effectively replace the CCPA.  In the meantime, the CPRA requires that a new California privacy agency be established and that it adopts implementing regulations.

Telstra ordered to help identify critic of doctor

Posting anonymous reviews to defame someone is risky.

Telstra has been ordered to provide documents to a doctor so that the doctor can assist identify someone who supposedly defamed him.

See this recent Federal Court decision:  Colagrande v Telstra Corporation Limited [2020] FCA 1595

Telstra did not appear at this court hearing.

This is similar to this case against Google:  http://www.cyberspac.com/2020/03/google-sued-again-for-identity-of-users.html and also these cases:

Kukulka v Google LLC [2020] FCA 1229

Kabbabe v Google LLC [2020] FCA 126 

Titan Enterprises (Qld) Pty Ltd v Cross [2016] FCA 1241 (patent attorney ordered to hand over file)

Titan Enterprises (Qld) Pty Ltd v Cross [2016] FCA 890 (written by Justice Edelman, now on the High Court)


Defamation for Facebook posts

A wedding planner has won a 'landmark' court case against consumers who made defamatory comments about her business on social media.

Tristan Moy, 33, from Brisbane, moved to Indonesia in 2014 to run a business arranging weddings in Bali for Australian tourists. 

But she suffered 'hurt and humiliation' when two Australian women began posting salacious comments about her and her business on Facebook in 2017.

They included accusations Ms Moy was unprofessional, bullied her clients and would try ruin her client's weddings.

https://www.dailymail.co.uk/news/article-8948725/Two-trolls-ordered-pay-150k-defamatory-comments-Facebook.html

See also this old Fordham article

New Domain Name Rules for Australia

A new set of rules for .au domain names will come into effect on 12 April 2021.

auDA, the domain name regulator, states:  "This new licensing framework helps maintain trust in the .au ccTLD, offers clearer guidance for registrants and registrars, and enhances auDA’s role as the guardian of a key piece of Australia’s digital infrastructure."

The new rules consolidate the more than 30 policies and guidance notes that currently govern the .au domain and consist of two key documents:

.au Domain Administration Rules: Licensing - The terms and conditions for .au domain name licences including the complaints and dispute resolution processes.

.au Domain Administration Rules: Registrar - Rules for companies providing .au domain name registration services that have been accredited by auDA.

The new licensing rules are based closely on the current rules but contain some changes that may impact a small number of registrants. You can read about these changes on our new website.  These new rules were not reviewed by the Policy Review Panel.

Launch dates are yet to be set for id.au namespace, .au namespace and Internationalised Domain Names.

APRA's cybersecurity strategy

APRA is stepping up its focus on CPS234 in 2021.  This is not a surprise.  The Australian government has a strong focus on cybersecurity (and Defence, and foreign influence).

https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

Fraudulent Invoice Scams

A Sydney hedge fund has collapsed after a cyber attack saw its trustee and administrator mistakenly approve $8.7 million in fraudulent invoices.  Scammed by a fake Zoom invite.

The scam, the latest in a series of strikes by offshore criminal gangs against Australian fund managers, has also ensnared ANZ after the bank failed to stop almost $800,000 being withdrawn from an account linked to the cyber criminals.

 

https://www.afr.com/companies/financial-services/fake-zoom-invite-cripples-aussie-hedge-fund-with-8m-hit-20201122-p56f9c

Comparison Website that made money from Affiliate referrals was Misleading

Trivago, a price comparison, recent lost an appeal in Australia regarding how it ordered the listings on its affiliate program website.  Trivago's conduct was held to be misleading, and therefore illegal, in Australia.

See ACCC media release:  https://www.accc.gov.au/media-release/trivago-loses-appeal-after-misleading-consumers-over-hotel-ads

Judgment is here:  Trivago N.V. v Australian Competition and Consumer Commission [2020] FCAFC 185

Sharing User IDs

Can you give your User ID to someone else to use your account?  And what if that someone then uses your account for a purpose not allowed by the user agreement?  Are you responsible?  This is the subject of a possible lawsuit against CoreLogic in Australia.

See BCI Media Group Pty Ltd v Corelogic Australia Pty Ltd [2020] FCA 1556 https://www.judgments.fedcourt.gov.au/judgments/Judgments/fca/single/2020/2020fca1556


AI Action Plan for Australia

In addition to the privacy review, the government is conducting an AI review.

"The Australian Government recognises that accelerating the development, adoption and adaption of artificial intelligence (AI) will have profound social and economic outcomes for all Australians. We have an opportunity and a responsibility to strive for a better future. A future where Australians develop and use AI to solve national problems, build competitive businesses and increase our collective wellbeing.
 
To achieve this vision, the Australian Government will need a plan. To inform this plan, the Department of Industry, Science, Energy and Resources has released a discussion paper that seeks public input to an AI Action Plan for Australia."
 
You can read the discussion paper and have your say at: 
https://consult.industry.gov.au/digital-economy/ai-action-plan
 
Submissions close on Friday, 27th November 2020, two days before submissions close for the privacy law consultation.

Freedom from Lawsuits or Freedom of Speech?

 Section 230 of the Communications Decency Act is supposedly being reviewed.  From the NY Times:

Chief executives from Google, Facebook and Twitter appeared before a Senate hearing on a law that protects internet companies from liability for much of what their users post, and on how they moderate content.

Democrats focused on misinformation and extremism. They also accused Republicans of holding the hearing to benefit President Trump.

Republicans accused the executives of selective censorship, questioning Twitter’s Jack Dorsey, above, on how the company handled specific tweets. “Mr. Dorsey, who the hell elected you and put you in charge of what the media are allowed to report and what the American people are allowed to hear?” Senator Ted Cruz said.

Australian Privacy Act - government review

The Australian Government is undertaking a complete review of The Australian Privacy Act.

Unfortunately, after a year of work, the government is only giving 4 weeks to make submissions in respect of a very detailed issues paper.

One topic for consideration is whether to legislate and create a privacy tort in Australia.

Further information available here.

Is your mobile safe from the police?

How Police Can Crack Locked Phones—and Extract Information

A report finds 50,000 cases where law enforcement agencies turned to outside firms to bypass the encryption on a mobile device.

Read in WIRED: https://apple.news/Av8HKmpc-SIyx8vccKTIF2w

Using Covid registration data for marketing is alleged privacy breach

It was only a matter of time.  The restaurant chain Wagamama has been reported to the UK Information Commissioner’s Office (ICO) for allegedly using contact details provided for Covid track and trace to send surveys to customers.

See The Times

Arrested for giving a bad review

An American who complained on TripAdvisor that a resort hotel in Thailand wanted to charge him a $15 corkage fee for bringing his own bottle of gin to the restaurant was arrested this month and spent a weekend in jail. If convicted of criminal defamation, he faces up to two years in prison. So don't write anything bad about the Sea View Koh Chang resort, which had the charges brought.

After a backlash, the resort had some regrets. “We agree that using a defamation law may be viewed as excessive for this situation,” the hotel acknowledged.

Newspaper head to High Court regarding liability for users' Facebook comments

The newspapers are appealing the decision of the NSW Court of Appeal that decided that media companies can be held responsible for defamatory comments under stories they post on Facebook.

Guardian Article, and discussion of appeal here.   The newspapers are appealing to the High Court.

The Court of Appeal decision is not surprising.  Compare prior cases:

http://www.cyberspac.com/2012/07/smirnoff-responsible-for-comments-of.html

https://www.accc.gov.au/media-release/firm-fined-for-testimonials-by-facebook-fans-and-tweeters

Is Facebook carrying on business in Australia

 A recent decision in Australia, concerning whether Facebook could be served in California, was decided by the Federal Court of Australia.  This case arises out of a privacy action brought against Facebook by ACMA in relation to the Cambridge Analytics issues.

"It might be added that the means by which entities carry on business are constantly evolving. Much of the case law in which the concept has been discussed was decided long before the technological advances which underpin many modern forms of commerce. Ultimately, the question whether a particular entity carries on business, and does so in a particular place, is determined by reference to the particular facts. 

The Commissioner submitted that she had established a prima facie case that Facebook Inc carried on business in Australia through a combination of two matters: first, through the agency of Facebook Ireland; and secondly, through certain activities for which Facebook Inc was directly responsible in Australia. ...

Rather, the evidence on this application suggests that, to the extent Facebook Ireland carried on business in Australia, it was carrying on its own businessThe evidence adduced on this application and the inferences available to be drawn do not sufficiently allow for a possible conclusion that Facebook Ireland was also carrying on Facebook Inc’s business to warrant permitting service out of the jurisdiction.

However, for the reasons given next, the Commissioner has established a sufficient prima facie case to warrant exposing Facebook Inc to litigation in Australia on the basis that Facebook Inc directly carried on business in Australia. On its case, a part of Facebook Inc’s business was to provide services to Facebook Ireland, including the processing activities referred to earlier. I am satisfied that there is a prima facie case that Facebook Inc carried out sufficient activity in Australia in its business of providing services to Facebook Ireland for a conclusion to be available that Facebook Inc carried on business in Australia within the meaning of s 5B(3)(b) of the Privacy Act. ...

I am satisfied that the Commissioner has established a prima facie case, in the required sense, that Facebook Inc carried on business in Australia within the meaning of s 5B(3)(b). In summary, the Commissioner has established a sufficient prima facie case that Facebook Inc carried on business in Australia which included providing services to Facebook Ireland."

Australian Information Commissioner v Facebook Inc (No 2) [2020] FCA 1307

Customer does not have property in a telephone number

A recent dispute between two taxi companies confirms that a telephone number is not property and is not owned by the telco customer.

"Relevantly, the terms confirm that the customer does not own or have any legal interest or goodwill in any telephone number issued to the customer. The terms also permit the customer to transfer a telephone number to another person with the prior consent of Telstra."

Manly Warringah Cabs (Trading) Co-operative Limited v Sydney Taxis Pty Ltd, in the matter of Sydney Taxis Pty Ltd (No 2) [2020] FCA 1336

Compare this domain name decision:  Multi-National Concepts Pty Ltd v. 1300 Directory Pty Ltd

Data law released in Australia

The Office of the National Data Commissioner has released an exposure draft of the Data Availability and Transparency Bill for public comment. - https://www.abc.net.au/news/2020-09-16/government-draft-law-share-personal-data-between-agencies/12666792)

 More information and the draft bill is available here: https://www.datacommissioner.gov.au/exposure-draft/dat

 

The objects of this law are to:

(a)  promote better availability of public sector data; and

(b)  enable consistent safeguards for sharing public sector data; and

(c)  enhance integrity and transparency in sharing public sector data; and

(d)  build confidence in the use of public sector data; and

(e)  establish institutional arrangements for sharing public sector data.

The impact of AI on IP

The UK Intellectual Property Office has announced a call for views on artificial intelligence and intellectual property. In particular, the UK IPO wants to hear about the implications that AI might have for IP policy, and, likewise, what impact IP might have on AI. 

See the full consultation: https://www.gov.uk/government/consultations/artificial-intelligence-and-intellectual-property-call-for-views

The consultation closes on 11 November 2020.

Targeting Social Media Users

On Monday September 7, 2020, the European Data Protection Board (EDPB) issued draft Guidelines 8/2020 on the targeting of social media users.

The Draft Guidelines have far-reaching implications for social media platforms, advertisers, and adtech companies, as they will result in a clarification of the roles and responsibilities of the key stakeholders, and establish rules for consent.

Article here.

Defamation By Liking

STOLTENBERG V BOLTON; LODER V BOLTON [2020] NSWCA 45 (20 MARCH 2020) (MACFARLAN JA AT [1], GLEESON JA AT [2], BRERETON JA AT [250])

The New South Wales Court of Appeal dismissed an appeal in respect of a first instance decision of the Supreme Court that found a series of posts and comments about the former Mayor of the Narrabri Shire Council made on a Facebook page were defamatory. 

The trial judge found that a comment endorsing a defamatory post was sufficient to attract liability as a secondary publisher of the defamatory post. 

On Appeal, the court agreed that the principles of secondary publication are well established, and refused leave to appeal.

Fake Reviews!

Online odd jobs platform Service Seeking has been fined $600,000 for falsely representing that reviews on its platform were written by customers when in fact they were written by the businesses themselves.



Queensland Privacy Review and Law Reform Report

Today, the Queensland Law Reform Commission published a final report, Report No 77Review of Queensland’s laws relating to civil surveillance and the protection of privacy in the context of current and emerging technologies.

The Report includes a draft bill:  DRAFT SURVEILLANCE DEVICES BILL 2020

Facebook in Australia?

Facebook claims it can’t be sued by Aussie privacy watchdog

In a court hearing on Friday, 26 June 202, US-based Facebook has argued that it does not carry on business in Australia despite users in Australia accessing its website, calling for the dismissal of action brought by the Australian Information Commissioner over alleged privacy breaches and Cambridge Analytics.

French High Court Overrules Takedown Law

The French Constitutional Council struck down critical provisions of a law passed by France’s parliament last month to combat online hate speech.

The law had put the onus for analysing content solely on tech platforms such as Facebook without the involvement of a judge, within a very short time frame, and with the threat of hefty penalties.

Decision (in French of course)

NY Times article

Software Applications Hard to Patent in Australia

The decision today of the Full Court in Commissioner of Patents v Rokt  further clarifies the position in relation to whether a computer implemented method can be patentable in Australia.  

The decision follows a series of decisions considering similar issues, which each focus on whether particular software can be the subject of a patent.  In summary, the Full Court finds that the software in question in this case, which related to a method of presenting targeted advertising to a consumer, was not a patentable invention, as it was merely a method for using the well known and understood functions of a computer.

The decision reinforces the fact that a method which gets a computer to do something it has not done before is not patentable – to be patentable the method would have to enable the computer to do something which it was previously unable to do. 

The law of patentable subject matter in Australia is illogical and discriminates against inventors who implement their inventions in software.

Electronic Signing of Agreements and Deeds for Companies in Australia

This article highlights the changes to the law in Australia regarding electronic signing of documents by companies.  COVID-19 brought about these changes, that will stay in place once the Covid is gone.

https://www.kwm.com/en/au/knowledge/insights/signing-contracts-electronically-just-got-easier-for-companies-20200506

UK Financial Regulator Publishes Insights from the Cyber Coordination Groups

A UK financial regulator has published a report regarding cybersecurity risks.

"CCG members also noted the development of cloud security as an emerging risk area, and that data held in cloud environments should be encrypted and protected by appropriate intrusion detection/prevention controls. In some cases, it may be advisable to include “kill switch” technology, which allows for immediate disconnection to manage the risk of a cyber attack having a more widespread impact."

See
https://www.ropesgray.com/en/newsroom/alerts/2020/03/UK-Financial-Conduct-Authority-Publishes-Insights-from-the-Cyber-Coordination-Groups

May The Fourth Be With Disney

When Disney asked “Star Wars” fans to share their favorite memories of the franchise using the hashtag #MayThe4th, it said responses would fall under its terms of use agreement. Social media users were scathing.

See NY Times Article: https://www.nytimes.com/2020/04/28/business/star-wars-may-the-fourth-disney.html


Google liable for defamation based on search results

A recent Australian case concerning defamation and Google:
Defteros v Google LLC [2020] VSC 219 (30 April 2020)
http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/vic/VSC//2020/219.html

"Google submitted that it could not be liable as a secondary publisher, because its search engine is fully automated and does not intend the communication of any particular words or images, including any third party webpage to which a user might navigate. I do not accept this submission....
As the law stands in Australia, the common law casts the publication net wide. The liability of publishers is then limited by a range of common law and statutory defences. In particular, the common law ‘defence’ of innocent dissemination operates to limit the potential liability of search engine providers. Later in this judgment, I also consider the application of the statutory defence of qualified privilege to Google search results."

Facebook in Court over Cambridge Analytics

This recent Australian judgment concerns substituted service on Facebook.  It relates to Cambridge Analytics breach.  Interestingly, it discusses COVID-19.  Facebook did not appear in court.
Australian Information Commission v Facebook Inc [2020] FCA 531

Instagram can sublicense your photos

When you make a public post on Instagram, you allow Instagram to sublicense you photo to anyone using the Instagram API.

One professional photographer found out about this the hard way.

"Unquestionably, Instagram’s dominance of photograph- and video-sharing social media, coupled with the expansive transfer of rights that Instagram demands from its users, means that Plaintiff’s dilemma is a real one. But by posting the Photograph to her public Instagram account, Plaintiff made her choice. This Court cannot release her from the agreement she made."

See Sinclair v. Ziff Davis and Mashable

Google sued again for identity of users

Melbourne brothel wants order compelling Google to release info on anonymous reviewers
Google has been served with a third preliminary discovery lawsuit in Australia seeking the identity of online reviewers, this time by a Melbourne brothel and escort service seeking to eliminate 11 one-star reviews from the search engine.

Facebook in Court

In a surprising move, the Australian Information Commissioner has sued Facebook in Australia over giving access to personal information of thousands of Australians to Cambridge Analytica.

https://www.abc.net.au/news/2020-03-09/facebook-privacy-oaic-information-commissioner/12039642

https://www.businessnewsaus.com.au/articles/australian-information-commissioner-takes-facebook-to-court.html

"We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed," says Australian Information Commissioner and Privacy Commissioner Angelene Falk.

Musicians Create Every Melody in Existence to Avoid Copyright Infringement

Two programmers who are musicians have supposedly created every possible MIDI melody in existence, saved this to a hard drive, copyrighted the whole thing, and then released it all to the public in an attempt to stop musicians from getting sued for copyright infringement.

Vice Article

Whether this actually accomplishes what they want to do is uncertain.

Using small snippets of public available music (or computer code) to create a work, that is the same as a well-known larger work, may still be copyright infringement.  It depends on whether the creator knew of and had access to the well-known larger work.

See Dais Studios case, where Ben Petro copied public Java script to create a larger computer program.  See also AFR Article

This also has relevance to AI programs and how they are trained.

US-China spat ramps up over key UN post

The United Nations intellectual property agency (WIPO) is the latest front in the US-China trade war.

http://www.theage.com.au/world/sad-ambassador-slams-us-attack-on-chinese-bid-for-wipo-20200226-p544tg.html?btis

Australian Francis Gurry is the outgoing head of the UN World Intellectual Property Organisation.


Domain Name Study - Which Domain Names don't get renewed

Research uncovered some interesting results, such as:
·     Only 29.79% of all domains are renewed after one year
·     New GTLDs (like .XYZ) have far higher churn rates than .COM, .NET, .ORG etc

https://www.whoishostingthis.com/blog/2019/12/05/domain-study

How should damages be assessed for privacy and cybersecurity breaches

Listen to this podcast where I discuss how damages should be assessed in privacy and cybersecurity lawsuits. The Lawyers Weekly Show host J...