A blog relating to Internet legal issues by Professor John Swinson, University of Queensland
The European Data Protection Board (EDPB) has recently published guidelines with examples for data breach notification under the GDPR.
The Guidelines set out common types of data breaches, such as ransomware, lost or stolen devices, social engineering attacks and the like, and set out case studies to clarify notification and remediation obligations.
The Australian Patents Office has decided that an AI machine cannot be an inventor for the purposes of granting a patent.
"Section 15(1) is inconsistent with an artificial intelligence machine being treated as an inventor, since it is not possible to identify a person who can be granted a patent."
Further, the person who operated the AI machine was also not an inventor:
"I have considered the alternative option that Dr Thaler is the inventor. It seems clear that Dr Thaler asserts that he did not devise the invention but merely acquired knowledge of the invention from the artificial intelligence machine. In the light of JMVB Dr Thaler would not be the inventor."
U.S. law firm Wilson Sonsini has a good summary of likely FTC priorities.
Potential key priorities:
Read in The Wall Street Journal: https://apple.news/AykpuzRwHQJeQWQoc3GPxyg
APRA speech by Geoff Summerhayes in late 2020 on APRA’s current focus on cybersecurity: https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services
Flight Centre organised a hack-a-phon in 2017, and gave those participating access to real customer data. This resulted in a breach of the Privacy Act.
Decision here: https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/57.html
On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA revises and expands the California Consumer Privacy Act (CCPA), creating new industry requirements, consumer privacy rights and enforcement mechanisms.
The CPRA's new obligations for businesses will come into effect on 1 January 2023. At that time, the CPRA will effectively replace the CCPA. In the meantime, the CPRA requires that a new California privacy agency be established and that it adopts implementing regulations.
Posting anonymous reviews to defame someone is risky.
Telstra has been ordered to provide documents to a doctor so that the doctor can assist identify someone who supposedly defamed him.
See this recent Federal Court decision: Colagrande v Telstra Corporation Limited [2020] FCA 1595
Telstra did not appear at this court hearing.
This is similar to this case against Google: http://www.cyberspac.com/2020/03/google-sued-again-for-identity-of-users.html and also these cases:
Kukulka v Google LLC [2020] FCA 1229
Kabbabe v Google LLC [2020] FCA 126
Titan Enterprises (Qld) Pty Ltd v Cross [2016] FCA 1241 (patent attorney ordered to hand over file)
Titan Enterprises (Qld) Pty Ltd v Cross [2016] FCA 890 (written by Justice Edelman, now on the High Court)
A wedding planner has won a 'landmark' court case against consumers who made defamatory comments about her business on social media.
Tristan Moy, 33, from Brisbane, moved to Indonesia in 2014 to run a business arranging weddings in Bali for Australian tourists.
But she suffered 'hurt and humiliation' when two Australian women began posting salacious comments about her and her business on Facebook in 2017.
They included accusations Ms Moy was unprofessional, bullied her clients and would try ruin her client's weddings.
See also this old Fordham article
Listen to this podcast where I discuss how damages should be assessed in privacy and cybersecurity lawsuits. The Lawyers Weekly Show host J...