Key developments during August 2016 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.
Telstra's "Go to Rio" advertising campaign and related advertisements get the green light from the Federal Court
The Federal Court has dismissed an application brought by the Australian Olympic Committee in relation to Telstra's Rio Olympics-themed advertising campaign: Australian Olympic Committee Inc v Telstra Corporation Limited  FCA 857. Channel Seven was granted the exclusive right to broadcast and exhibit the Rio Olympic Games in Australia in June 2014. This included the right to sell sponsorships and advertising in connection with the broadcast and exhibition. Telstra had been an Australian Olympic team sponsor up until 2012. In June 2016, Telstra entered into an agreement with Channel Seven under which Telstra agreed to sponsor Channel Seven's broadcast of the Games. Telstra was granted permission to use certain designations relating to Seven's broadcast. Telstra launched an extensive advertising campaign relating to the Games. The AOC brought an application in the Federal Court alleging Telstra had engaged in misleading or deceptive conduct by wrongly suggesting it was a sponsor of a relevant Olympic body and that it had contravened the Olympic Insignia Protection Act 1987 (Cth), by engaging in unlicensed use of protected Olympic expressions (such as the word "Olympics") in circumstances where such use suggested the existence of some form of sponsorship of a relevant Olympic body. The Court dismissed the AOC's application. In the opinion of the Court, Telstra had not suggested that it sponsored or was otherwise affiliated with a relevant Olympic body.
Merial, Inc. v Intervet International B.V.: In-house counsel granted access to confidential information of direct competitor
The Federal Court has granted the in-house counsel at Merial, Inc. with access to a number of unredacted confidential product development reports of its direct competitor, Intervet International B.V., in an appeal against a decision of the Commissioner of Patents concerning a patent application filed by Intervet: Merial, Inc. v Intervet International B.V.  FCA 1047. Intervet indicated it intended to rely on the reports during the appeal but argued they were confidential and could not be disclosed to Merial's counsel. Merial successfully persuaded the Court that its counsel should have access to the information. The Court noted that the in-house counsel was not involved in Merial's patent drafting and prosecution efforts.
NSW Civil and Administrative Tribunal lacked jurisdiction to hear student's privacy complaint at University of Sydney
The New South Wales Civil and Administrative Tribunal has dismissed an application by a student at the University of Sydney in which it was asserted the University had disseminated personal information in breach of the Information Protection Principles contained in the Privacy and Personal Information Protection Act 1988 (NSW): CJN v University of Sydney  NSWCATAD 173. Section 55 of the Act gives the Tribunal jurisdiction in circumstances where a person is aggrieved by the outcome of an internal review of a privacy complaint. In this instance, the Tribunal concluded that there had been in fact been no internal review of a "privacy complaint". Rather, the complaint lodged by the student focused on allegations of harassment and discrimination and did not raise allegations of a breach of privacy. The Tribunal acknowledged that the student's allegations did raise issues which could be dealt with under the Act but this was not the context in which an internal review had been sought. The Tribunal also removed a university professor as a party to the matter on the basis that the Act only regulates the activities of public sector agencies, not individuals employed by public sector agencies.
NSW Civil and Administrative Tribunal lacked jurisdiction to hear teacher's privacy complaint at University of Sydney
On 16 August 2016, the New South Wales Civil and Administrative Tribunal concluded that it lacked jurisdiction to hear an appeal over the outcome of a review of a complaint by a university employee that her employer had misused personal information about her: CCM v University of Western Sydney  NSWCATAP 185. The Appellant was employed as an Associate Professor at the University of Western Sydney and was aggrieved by the content of an internal email. Whilst the matter was under consideration by the University, the Applicant applied under section 55 of the Privacy and Personal Information Protection Act 1998 (NSW) for an administrative review of the Respondent's conduct. The Tribunal noted that pursuant to section 55 of the Act, it was an essential prerequisite that the Appellant had made an application for internal review under section 53. The Tribunal concluded that the Applicant had not made an application for internal review under the Act and that, whilst no particular formality is required to satisfy this threshold, there had been no reference to the privacy legislation or any reference to a remedy being sought in the correspondence which passed between the parties. Accordingly, the application was dismissed.
Data Sharing Bill tabled in South Australia
On 4 August 2016, the Public Sector (Data Sharing) Bill 2016 was tabled in the South Australian House of Assembly. The object of the legislation is to expedite the sharing of public sector data between government agencies for the purpose of facilitating government policy making, program management and service planning and delivery. The bill stipulates five "trusted access principles" which must be applied when data is shared for this purpose – the principles fall into the categories of safe projects, safe people, safe data, safe settings and safe outputs. The legislation is similar in its intent to the Data Sharing (Government Sector) Act 2015 (NSW) but differs from the Commonwealth's Data-matching Program (Assistance and Tax) Act 1990 which regulates the sharing of personal information with a view to addressing welfare fraud.
Gene Technology Bill tabled in Queensland
A Bill has been tabled in Queensland relating to the regulation of gene technology activities in that state by Queensland state government agencies, higher education institutions and sole traders: Gene Technology (Queensland) Bill 2016 (Qld).
- Gene technology activities are currently regulated at both the Federal and State/Territory levels.
- Queensland state government agencies, higher education institutions and sole traders are covered by the Queensland state regime.
- Private sector corporations and federal agencies are covered by the Commonwealth regime.
A 2013 review concluded that efficiencies would be gained by applying Commonwealth laws as Queensland laws. The new Bill aims to achieve that objective by replacing Queensland's existing legislation with a "lock-step" arrangement under which Commonwealth laws are applied as laws of Queensland, subject to Queensland retaining the right to "opt-out" of particular Commonwealth amendments which are not in Queensland's interests (this is expected to be used rarely). The Bill is designed to assist in the creation of a nationally consistent gene technology regulatory regime in Australia (which was the subject of the 2001 Intergovernmental Gene Technology Agreement) and it is expected to increase administrative efficiencies in Queensland and provide greater certainty and clarity for Queensland state government agencies, higher education institutions and sole traders.
Queensland Counter-Terrorism legislation enhances access to information
On 29 August 2016, the Queensland Parliament passed the Counter-Terrorism and Other Legislation Amendment Act 2016 which, amongst other changes, introduced amendments to the Public Safety Preservation Act 1986. The legislation enables the "emergency commander" to issue an "emergency situation certificate" which in turn enables the emergency commander to require a person to provide information considered necessary to manage or resolve an emergency situation where it is not otherwise practicable to obtain the information through conventional channels. The effect of the legislation is that, for example, persons designated under the Hospital and Health Boards Act 2011 or persons responsible for biometric identifications systems may be required to hand over information in circumstances where a law enforcement officer does not have time to return to the local police station to complete a written notification requirement. Under the legislation, persons will be required to provide clear images or written versions of electronic documents in a format capable of being accessed by the emergency commander or police officer – for example, a digital file of CCTV footage which is able to be played on a computer. Failure to comply with an information requirement will attract significant penalties.
ACT legislation permits disclosure of certain "reportable conduct"
The ACT has passed the Reportable Conduct and Information Sharing Legislation Amendment Act 2016. The Act amends the Children and Young People Act 2008, the Ombudsman Act 1989 and the Working with Vulnerable People (Background Checking) Act 2011. The legislation introduces the concept of "reportable conduct information", which is specifically defined in relation to each amended Act and which, in broad terms, encompasses information relevant to the protection of a child and the conduct of an individual responsible for the ill-treatment or neglect of a child. Disclosure of information in accordance with the amended legislation is in effect exempted from legal consequences and, specifically, will not constitute a breach of confidence, ethics or professional conduct.
ACCC to conduct a market study concerning the communications sector
The Australian Competition and Consumer Commission (ACCC) undertakes market studies from time to time to support the various functions which it performs. Market studies assist the ACCC to develop knowledge and understanding about different market sectors. In response to the increasing technological and structural changes facing the Australian communications sector, the ACCC has announced that its next market study will concern that sector. The study will aim to identify current and emerging trends and issues which are likely to have an effect on efficiency and competition over the next three to five years, including in relation to the transition to a fixed line market in which the NBN Co is the wholesale provider of services, the growth in the use of mobile network services and data and "over the top" platforms (including in relation to the Internet of Things) as well as with respect to core and aggregation network services (such as cloud and data centres) and the increased use of bandwidth and data. The market study will also consider investment incentives and whether increased regulation is warranted. Draft findings are expected to be released for comment next year.
ACT Government recommends review of Civil Surveillance
A report issued by the ACT Government, which is now calling for public input, has recommended that the Listening Devices Act 1992 (ACT) be renamed the Surveillance Act and amended to include restrictions on other forms of surveillance activity, including visual observation, tracking and data collection. Surveillance would be permitted only where necessary to protect a public interest and where the surveillance activity was necessary or proportionate. Prohibitions on surveillance would not, however, extend to the inadvertent observation of a private activity, such as through the use of drones and other unmanned aerial vehicles. GPS tracking of individuals would not be permissible without that person's consent. Courts would retain a discretion to admit evidence obtained through the use of surveillance devices but only where the recording was intended at the time of recording to be used to protect a person's lawful interests.
Ashley Madison under investigation – Privacy Commissioners criticize dating website's privacy and personal data security practices
On 24 August 2016, the results of a joint investigation by the Australian and Canadian Privacy Commissioners into the Ashley Madison data breach were published. The investigation was conducted in accordance with the Privacy Act 1988 (Cth) and the Canadian Personal Information Protection and Electronics Act, with the collaboration being made possible by the participation of the Australian and Canadian regulators in the Asia-Pacific Economic Cooperation Cross-border Privacy Enforcement Arrangement. The report was highly critical of the Ashley Madison website's privacy and personal data security practices. The investigation followed an incident in August 2015 when Ashley Madison's parent company was the target of a data breach involving the theft of details of approximately 36 million Ashley Madison user accounts. The report emphasised the risks to businesses which do not have a dedicated risk management process in place and emphasised that an appropriate privacy regime includes not only IT security but also the need for appropriate training, policies, documentation, oversight and clear lines or authority.
Supreme Court protects patient names from disclosure in civil proceedings
The Supreme Court of Victoria has refused to allow a plaintiff access to the names of a doctor's patients: Tikiri Pty Ltd (trading as Bundoora Family Clinic) v Dr Siauw (Susan) Fung  VSC 460. The plaintiff operated the Bundoora Family Clinic where the defendant previously worked as a doctor. The defendant had moved her practice to a new general medical practice. The plaintiff alleged she had misused its confidential information at the new practice. The plaintiff sought access to a document which the defendant had filed at the Court on a confidential basis, which outlined the names of her current patients. The Court determined that the information was protected from disclosure on the basis of section 28(2) of the Evidence (Miscellaneous Provisions) Act 1958 (Vic), which prevents a doctor from divulging in any civil suit or proceeding, without consent, any information which he or she acquires in attending a patient and which was "necessary" for him or her to prescribe or act for the patient. The Court added, however, that the information would not have been protected from disclosure by the Health Records Act 2001 (Vic) or by the privacy protections contained in the Charter of Human Rights and Responsibilities Act 2006 (Vic), because any disclosure would have occurred by Court order and therefore would have been authorised or permitted by or under law.
Release of trove of de-identified health information by the Commonwealth Department of Health for research purposes
We recently wrote about the increasing use of Big Data in Australia and the New South Wales Government's 2016 Open Data Policy. A further example of this trend is the recent release by the Commonwealth Department of Health of de-identified Medicare and Pharmaceutical Benefits Scheme (PBS) health information relating to approximately three million Australians. The information has been made available on the website www.data.gov.au. A number of steps and measures will help to address the associated privacy risks and issues, including the use of encryption and perturbation and by excluding rare events. The release has been welcomed by the Consumers' Health Forum, which said the data will help researchers address questions, including about the interaction between health providers and resulting prescriptions, which will in turn assist in identifying effective treatments and practices.