Patentable Subject Matter in Australia

The Federal Court of Australia has sided with the Patents Office and upheld a rejection of a patent application for an invention that improves the timeliness and accuracy of risk information.  It was decided by the judge that the claimed invention was merely a business method or scheme for sharing and completing work place health and safety documents, and was thus unpatentable.

See Repipe Pty Ltd v Commissioner of Patents (No 3) [2021] FCA 31  https://jade.io/article/783336

Amazon's patent rejected in Australia

Amazon was refused a patent in Australia on the grounds that the invention was not patentable subject matter.

See Amazon Technologies, Inc. [2021] APO 7  https://jade.io/article/785911

The patent application was directed to the field of computer resource virtualization.  Providers, such as Amazon, manage large-scale computing resources that can be accessed on demand by their many customers via virtual machines.  This allows various computing resources to be efficiently and securely shared by multiple customers. 

New European Data Breach Notification Guidelines

The European Data Protection Board (EDPB) has recently published guidelines with examples for data breach notification under the GDPR.

The Guidelines set out common types of data breaches, such as ransomware, lost or stolen devices, social engineering attacks and the like, and set out case studies to clarify notification and remediation obligations.

See https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_202101_databreachnotificationexamples_v1_en.pdf

Did Facebook overpay in privacy settlement to protect Zuckerberg?

According to Reuters, Facebook Inc may have paid $4.9 billion more than the maximum penalty it faced under a settlement agreement with regulators related to allegations it mishandled user privacy, according to a recent court ruling.

The U.S. court cited a paper by Gibson Dunn attorneys when directing Facebook to turn over documents to shareholders who are trying to determine if Facebook overpaid to protect Zuckerberg.

“The documents already produced provide no insight into why Facebook would pay more than its (apparently) maximum exposure to settle a claim,” said the court.

See https://www.reuters.com/article/us-facebook-settlement-idUSKBN2AB01P

Can an AI machine be an inventor?

The Australian Patents Office has decided that an AI machine cannot be an inventor for the purposes of granting a patent.

"Section 15(1) is inconsistent with an artificial intelligence machine being treated as an inventor, since it is not possible to identify a person who can be granted a patent."

Further, the person who operated the AI machine was also not an inventor:

"I have considered the alternative option that Dr Thaler is the inventor.  It seems clear that Dr Thaler asserts that he did not devise the invention but merely acquired knowledge of the invention from the artificial intelligence machine.  In the light of JMVB Dr Thaler would not be the inventor."

See Stephen L. Thaler [2021] APO 5

FTC priorities under Biden Administration

U.S. law firm Wilson Sonsini has a good summary of likely FTC priorities.

See https://www.wsgr.com/en/insights/acting-ftc-chairwoman-slaughter-previews-potential-ftc-priorities-under-new-administration.html

Potential key priorities:

• Requirements in privacy and data security consent orders that represent a departure from the FTC's typical approach to consumer notice and disgorgement, including requirements that companies "disgorge" the data and benefits that they amassed through their allegedly wrongful behavior, and provide notice to consumers of the FTC settlement and the conduct at issue in the settlement; and
• Increased FTC scrutiny of health apps, facial recognition technology, algorithms and AI, and other issues related to the pandemic and racial equity, particularly where those issues fall under the purview of the FCRA or ECOA.

Section 230

Opinion | The Constitution Can Crack Section 230
Tech companies think the statute allows them to censor with impunity. The law is seldom so simple.

Read in The Wall Street Journal: https://apple.news/AykpuzRwHQJeQWQoc3GPxyg 

APRA's focus on cybersecurity

APRA speech by Geoff Summerhayes in late 2020 on APRA’s current focus on cybersecurity: https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services

Flight Centre's Privacy Act breach

Flight Centre organised a hack-a-phon in 2017, and gave those participating access to real customer data.  This resulted in a breach of the Privacy Act.

Decision here: https://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/AICmr/2020/57.html

New Californian Privacy Law: CPRA to effectively replace CCPA

On U.S. Election Day, 3 November 2020, voters in the State of California overwhelmingly voted in favour of Proposition 24—a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA revises and expands the California Consumer Privacy Act (CCPA), creating new industry requirements, consumer privacy rights and enforcement mechanisms. 

The CPRA's new obligations for businesses will come into effect on 1 January 2023.  At that time, the CPRA will effectively replace the CCPA.  In the meantime, the CPRA requires that a new California privacy agency be established and that it adopts implementing regulations.