Key developments during February 2017 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.

JUDGMENTS

Penalties imposed on telcos and director for unconscionable conduct. In our recent update, we commented on the decision in Australian Competition and Consumer Commission v Harrison [2016] FCA 1543 in which the Federal Court made findings of unconscionable conduct against a number of telecommunications services companies and the sole director who controlled them. Findings were made against the companies under sections 21 and 50 of the Australian Consumer Law, and the director was found to have been "involved" in the contraventions in accordance with section 2(1). The conduct revolved around the transfer of contracts between companies without the knowledge or consent of the customers, followed by demands for payments of cancellation or early termination fees. Penalties have now been imposed by the Court: Australian Competition and Consumer Commission v Harrison (no 2) [2017] FCA 182. The various companies received civil penalties ranging from $12,500 to $50,000 each, whilst the director was ordered to pay $50,000 and was disqualified from managing corporations for a period of 3 years. The companies were further ordered to refund cancellation or termination fees to customers whose contracts were transferred without their written consent. Moshinsky J took account of the fact that the conduct in question was "serious, deliberate and extended over a period of about two to three years", and that the director was "hands on in managing [the companies'] day-to-day operations and was intimately involved in their conduct".

Federal Court makes further orders in an ongoing software and firmware dispute. On 16 March 2017, the Federal Court made further orders for relief in a copyright and breach of confidence dispute following on from two earlier decisions: IPC Global Pty Ltd v Pavetest Pty Ltd (No 4) [2017] FCA 260. We reported on those two earlier decisions in our December 2016 and March 2017 updates. In the first decision, the Court made initial orders for relief in relation to the respondents' infringement of the applicant's copyright in its firmware (the respondents conceded liability during the trial). The second decision contained the Court's reasons for finding that the respondents also infringed the applicant's copyright in its software and misused the applicant's confidential information. In the most recent decision, the Court considered a number of orders for relief including declaratory relief, injunctions and costs. The Court had earlier held that the first respondent gained a substantial "springboard" benefit by misusing the applicant's confidential information in its software and related protocol documentation in developing the first respondent's software products. The applicant sought a springboard injunction (a form of relief designed to in effect restore the parties to the positions they would have been in without the relevant breach of confidence having taken place) of 18 months but the Court determined the first respondent's springboard benefit was only 6 months on the basis that it would have taken the first respondent 3 years to develop its software had it not misused the applicant's confidential information. As the first respondent had in fact taken 2.5 years to develop its software, the benefit it had obtained by misusing that information was, as a result, 6 months. The Court did not grant a springboard injunction, however, because by the time of the decision, the period of the springboard benefit had already passed. Instead, the Court made orders for an inquiry to be held for the quantification of damages or an account of profits to be paid to the applicant.

NEW LEGISLATION AND GUIDELINES

New Do Not Call Register Regulations introduced. On 17 March 2017, the Do Not Call Register Regulations 2017 replaced the Do Not Call Register Regulations 2006. The Regulations are made under section 46 of the Do Not Call Register Act 2006 which, amongst other things, prohibits the making of telemarketing calls and sending marketing faxes to numbers on the Do Not Call Register without the consent of the relevant account-holder of the number or their nominee. The act allows for regulations to deem certain types of calls not to be "telemarketing calls", and provides for certain individuals to be deemed "nominees" of the account-holder. The new Regulations do not materially change the 2006 Regulations and largely implement changes to reflect current drafting practice. Specifically, the Regulations continue to specify that product recall calls, fault rectification calls, appointment rescheduling calls, appointment reminder calls, calls relating to payments and solicited calls are in each case deemed not to be "telemarketing calls". The new Regulations no longer exempt, however, a voice call which is answered by an answering service or by a third party – such calls are now subject to the prohibitions contained in the Act.

New bill foreshadows criminal offence of online procurement. On 30 March 2017, the Criminal Code Amendment (Protecting Minors Online) Bill 2017 (Cth) was tabled in the House of Representatives. If passed, the Bill will amend the Criminal Code Act 1995 and the Telecommunications (Interception and Access) Act 1979 so as to address the online procurement of children for exploitation purposes. A new section 474.25C of the Criminal Code Act will make it an offence punishable by up to 10 years' imprisonment to use a carriage service for the purpose of preparing or planning to cause harm to, engage in sexual activity with, or procure for sexual activity, a person under the age of 16 years. A consequential amendment to the Telecommunications (Interception and Access) Act section 5D(3B) ensures that the new offence is classified as a "serious offence" which means that interception agencies are able to apply for a warrant to intercept communications to support their investigations. As a telecommunications offence, the new offence will attract "Category A" jurisdiction under the Criminal Code Act, meaning that a suspected offender can be prosecuted even if the conducted was initiated outside Australia. The Explanatory Memorandum emphasises that the privacy of an individual's communications will be taken into account before a warrant is issued, and that any compromise of a person's privacy by law enforcement agencies will be "reasonable, necessary and proportionate".

POLICIES, REPORTS AND ENQUIRIES

Victorian Privacy Commissioner challenges government on cabinet privacy and secrecy claims. The Victorian Privacy Commissioner has formally expressed concern in a written report that the Victorian government has incorrectly claimed "cabinet confidentiality" in respect of an explanation for the basis of the premier's authority to undertake a forensic audit of the mobile phones of cabinet members and other public servants in order to determine the source of a "leak": Forensic Audit of Mobile telephone Records, 13 March 2017. In response to an initial request for information by the Privacy Commissioner in December 2016, the government issued a certificate under section 79(3) of the Privacy and Data Protection Act 2014 (Vic). The Privacy Commissioner described this response as "unsophisticated and unhelpful". A subsequent, and similar, response to a request by the Privacy Commissioner in January 2017 for information regarding the engagement of an auditor was described by the Commissioner as "evasive, non-co-operating and misleading". The Commissioner also objected to the government asserting a secrecy claim under section 120 of the Act. The Commissioner concluded that he was left with various options, including issuing a compliance notice or seeking a declaration that the certificates were wrongly given.

HEALTH PRIVACY ISSUES

University absolved of health privacy breach allegations. A university has been absolved from responsibility by the New South Wales Civil and Administrative Appeals Tribunal for breaching the Health Privacy Principles contained in the Health Records and Information Privacy Act 2002 (2002): CEU v University of Technology Sydney [2017] NSWCATAD 79. A student nurse asserted that the university had breached several privacy principles by passing details of her medical condition from one administrative unit to another. Specifically, the student alleged that diary entries containing particulars of alcohol dependence had been collected in an excessive and unnecessary fashion in breach of HPP 2, retained despite its inaccuracy in breach of HPP 9, and disclosed by a university psychologist to the university's Special Needs Unit in breach of HPP 11. In dismissing the claim, the Tribunal found that the information had been voluntarily supplied by the applicant to the university psychologist at the suggestion of a university Disability Support Officer, listing issues which the applicant wanted to raise with the psychologist; the information, which was subsequently assessed by a GP contracted to the university, and which formed the basis of the GP's recommendation to the university's Special Needs Service, was accurate; there had been no "disclosure" for the purposes of HPP 11 because the information had at all times been retained within the one organisation; and any disclosure would in any event be consistent with the primary or a secondary purpose of collection.