Key developments during September 2016 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.

JUDGMENTS

Queensland Supreme Court refuses access to documents
On 9 September 2016, the Supreme Court of Queensland rejected an application for a review of a decision by Queensland Police and the Crime and Corruption Commission to deny access to an individual of records allegedly in their possession: Millar v Right to Information and Privacy Unit, Public Safety Business Agency [2016] QSC 206. The complaint concerned the conduct of police officers who the Applicant alleged were untruthful in giving evidence in Magistrates' Court proceedings in 2014. The Court noted that pursuant to section 13 of the Judicial Review Act 1991 (Qld), an application for a statutory order of review must be dismissed where there is provision under other legislation entitling an applicant to a review of the same complaint. In this regard, the Court concluded that there was "an appropriate and easily accessible review mechanism" available under the Information Privacy Act 2009 (Qld). The Court considered it would in any event be more advantageous for the applicant to seek a review under the Information Privacy Act which placed the onus on an agency to prove the decision under review was correct rather the onus being on the applicant to prove that it was not. The interests of justice would be served if this course were pursued as it would represent "a more appropriate, less expensive means of attending to the Applicant's grievance".

Federal Court rejects claim of unlawful interception of a telephone call
The Federal Court of Australia has rejected a contention that the recording of a private telephone discussion amounted to an infringement of the Telecommunications (Interception and Access) Act 1979 (Cth): Furnari v Ziegert [2016] FCA 1080. The Court accepted that one or other of the two Respondents had recorded a telephone conversation with the Applicant, without the Applicant's knowledge or consent, and uploaded the recording to YouTube. Murphy J did not, however, consider that a prima facie case had been made out that this amounted to the "interception" of a communication for the purposes of section 7(1) of the Act. There was no evidence as to how the Respondents had made the recording and, according to His Honour, it was possible that the recording had been made by using a recording device (such as another mobile telephone held up to the telephone) or by some other means. The Court considered that it was "critical" for the Applicant to establish how the recording had been made in order for a breach of section 7(1) to be established. It was a requirement pursuant to section 6 that the interception occurred during the "passage" of a communication over the telecommunications system, emphasising that the legislation was "not intended to cover the field in relation to the recording of telephone conversations". The intention of the Act was not to protect the privacy of a communication as such, but rather to protect private communications against the intervention of a third party seeking to record that communication.

NEW LEGISLATION AND GUIDELINES

New privacy guidelines for broadcasters
On 9 September 2016, the Australian Communications and Media Authority (ACMA) updated its privacy guidelines for broadcasters. The guidelines were initially issued in 2005 and were last updated in 2011. The updated version includes case studies which have emerged over the past 5 years together with an increased emphasis on obligations relating to consent, material in the public domain, and children's privacy. The guidelines provide an overview of how ACMA assesses complaints by listeners or viewers which allege breaches of the privacy provisions in registered codes. The general principle underpinning the guidelines, and the codes, is that personal information relating to an individual's personal or private affairs, and information invading a person's privacy or intruding into their private life, should not be published without consent, unless it is in the public interest to do so. The guidelines and case studies give particular attention to the concepts of "consent" and "public interest".

New Australian standard for website accessibility
On 9 September 2016, Standards Australia announced that it would create an Australian Standard on ICT accessibility, being a means of assisting the employability of disabled persons. Visually impaired internet users have traditionally been disadvantaged in accessing goods and services over the internet, or engaging in employment involving use of the internet. In 2010, the Australian government announced that it would adopt WCAG 2.0 being the Web Content Accessibility Guidelines published by the World Wide Web Consortium in December 2008. The government released a national transition strategy in June 2010, requiring government agencies to convert to WCAG by the end of 2014. Standards Australia will now go one step further, adopting its own standard consistent with WCAG 2.0 and embarking upon a process of public consultation. Once adopted, it will be a requirement for the Australian ICT accessibility standard to be used in connection with the acquisition of goods and services by the Australian government in accordance with the Commonwealth Procurement Rules.

Amendment to Privacy Act foreshadowed by Commonwealth Attorney-General
On 28 September 2016, the Commonwealth Attorney-General announced that the Privacy Act 1988 will be amended to improve the protection of anonymised data sets published by the government. The initiative reflects the ongoing implementation of the Australian Government Public Data Policy Statement which refers to the benefits – and challenges – of sharing and analysing public data. This latest announcement emphasises the need to balance the exploitation of opportunities for research involving anonymised data with the need to maintain personal privacy. The new amendments to the Privacy Act will highlight the need for all government data to be de-identified before publication, and will create a new criminal offence of re-identifying de-identified government data.

POLICIES, REPORTS AND ENQUIRIES

Draft guidelines for drone operators
On 15 September 2016, the Civil Aviation Safety Authority (CASA) released a draft advisory circular for public consultation in relation to the operation of "drones": AC101 – 01, Remotely Piloted Aircraft Systems – Licensing and Operations. Advisory circulars provide advice and guidance to illustrate a means of complying with relevant regulations, and the purpose of AC101-01 is to provide guidance to operators, remote crew, manufacturers and maintainers of Remotely Piloted Aircraft (RPAs) in relation to their safe and legal operation in all classes of airspace. Significantly, the draft noted that CASA does not consider privacy concerns when issuing approvals. Instead, it "strongly recommends" that operators include relevant privacy provisions in their operations manuals and it further observed that the Office of the Australian Information Commissioner has published various generic privacy checklists whilst the Queensland Information Commissioner published specific privacy recommendations in relation to drone usage in May 2016.

New South Wales considering "revenge porn" legislation
On 15 September 2016, the New South Wales government commenced consultation on plans to criminalise "revenge porn". A discussion paper issued by the government referred to the fact that technological advancements had contributed to the rise in the non-consensual sharing of images, particularly with the use of mobile phones as recording devices and the widespread use of social media. The report referred to the violation of personal privacy and the apprehension of mental harm arising from such activities. The discussion paper referred to a Senate Committee report in February 2016 which had recommended Commonwealth government legislation supplemented by uniform or consistent State and Territory legislation. There has been no Commonwealth response as yet, but South Australia and Victoria have already criminalised "revenge porn" and the Northern Territory and Western Australian governments have announced an intention to legislate in this area. The NSW discussion paper is seeking feedback on the form of new criminal offences to be introduced in NSW.

Australian National Audit Office audits the use of confidentiality provisions in government contracts.
On 27 September 2016, the Australian National Audit Office released the results of a performance audit of the use by Commonwealth government departments of confidentiality clauses to restrict the disclosure of information to the public. The report proceeded on the principle that parliamentary and public access to government contract information should not be prevented or restricted through the use of confidentiality provisions unless there were sound reasons to do so. The audit focused on confidentiality provisions in contracts valued at $100,000 or more. The audit concluded that whilst it remained a concern that confidentiality provisions in government contracts could impede accountability and transparency in government purchasing, the use of confidentiality provisions across all entities in 2015 was the lowest proportion of contracts (3%) since the commencement of such reviews in 2001. Nevertheless, it was observed that contractual confidentiality provisions were on occasion incorrectly used. Specifically, the audit found that in the sample of contracts, 48% involved the inappropriate use of confidentiality provisions for one reason or another.

Independent report assesses Australia's cyber security practices.
A report published by the International Cyber Policy Centre in September 2016 placed Australia fourth amongst countries in the Asia-Pacific region in relation to the sophistication of its cyber security measures. The report was the third edition of an annual report examining cyber security trends across the Asia-Pacific, encompassing 23 countries in all. Countries were rated according to a "cyber maturity metric" methodology to assess the various facets of their cyber capability. "Maturity" was assessed by reference to the presence, effective implementation and operation of cyber related structures, policies, legislation and organisations. The assessment concluded that the top 5 countries in the region for effective cyber security measures were, in descending order, the United States of America, South Korea, Japan, Australia and Singapore.

Australia placed 4th amongst Asia-Pacific countries for cyber security sophistication.
A report published by the International Cyber Policy Centre in September 2016 placed Australia fourth amongst countries in the Asia-Pacific region in relation to the sophistication of its cyber security measures. The report was the third edition of an annual report examining cyber security trends across the Asia-Pacific, encompassing 23 countries in all. Countries were rated according to a "cyber maturity metric" methodology to assess the various facets of their cyber capability. "Maturity" was assessed by reference to the presence, effective implementation and operation of cyber related structures, policies, legislation and organisations. The assessment concluded that the top 5 countries in the region for effective cyber security measures were, in descending order, the United States of America, South Korea, Japan, Australia and Singapore.

Open government in New South Wales
On 28 September 2016, the New South Wales government published its ICT Metrix Report 2014-2015. The report assessed the government's progress in implementing its 2012 ICT Strategy which involved agencies becoming more transparent and innovative in the way they conduct their business. The report revealed that by 2014, the amount of information published by the government online had more than doubled, with 55,000 datasets available on Data.NSW through 348 data collections; an increase of 33% in the number of agencies conducting customer satisfaction surveys; and a 61% increase in submissions received from the public online. The report also noted a 26% increase in government expenditure on ICT facilities, primarily due to increased hardware costs. Outsourcing activity increased by 2.6%, with applications outsourcing accounting for 58.6% and end user infrastructure accounting for 8.6%.

HEALTH PRIVACY ISSUES

Health privacy complaint against disability support provider not upheld.
In considering a complaint brought against the Respondent in respect of its compliance with the terms of settlement reached at a mediation, the Victorian Civil and Administrative Tribunal found that the Health Privacy Principles contained in schedule 1 of the Health Records Act 2001 (Vic) had not been infringed: MTD v Lifestyle Solutions (Aust) Pty Ltd (Human Rights) [2016] VCAT 2605. The Complainant was, however, successful in establishing a breach of the terms of settlement on other grounds. The Complainant unsuccessfully contended that the Respondent had breached HPP2 by disclosing health information for a purpose other than the primary purpose of collection. The Respondent managed a facility and was responsible for providing the Complainant with day to day care. The parents of the Complainant expressed concern about the disclosure by the Respondent of pharmaceutical information to a treating specialist without their prior knowledge, and also about the fact that the Respondent had arranged for a dietitian to review the Complainant and produce a report without their consent. The Tribunal concluded that as the Respondent was responsible for the care of the Complainant, including the Complainant's attendance at appointments when the parents were unavailable, there was at least implied, if not express, consent to disclosures of this nature. There was no evidence demonstrating that the Respondent had provided health information to a party unconnected with the Complainant's medical care and treatment.