Key developments arising during February and March 2018 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.
Gaming machines not misleading or unconscionable
On 2 February 2018, the Federal Court of Australia ruled that casino operator Crown Melbourne Limited and electronic gaming machine (EGM) manufacturer Aristocrat Technologies had not engaged in misleading and deceptive or unconscionable conduct by misinforming the public as to their odds of winning when playing a particular machine, Dolphin Treasure: Guy v Crown Melbourne Limited (No 2)  FCA 36. The applicant’s claim for false and misleading conduct under section 18 of the Australian Consumer Law was based on the fact that the electronically depicted spinning reels did not spin at an even pace, the number of matching symbols was not equally represented on each reel, and the advertised “total theoretical return” was incorrectly represented. The unconscionability claim under sections 20 and 21 of the Australian Consumer Law was based on the potential for these features to cause vulnerable persons to become addicted to gambling. The section 18 claim was dismissed by Justice Mortimer, essentially on the basis that a hypothetical gambler probably lacked a “sufficient understanding of probability theory” to be influenced by these features of the game, adding as a general observation that in her opinion, people who gamble on machines are more focussed on securing some form of pleasure or entertainment than on how the machine works, and that most individuals who gamble realise that “the machine will always come out ahead”. In relation to the section 20 and 21 claims, Her Honour concluded that the applicant had not proven any victimisation or exploitation, or any conduct on behalf of the respondents, necessary to make out statutory unconscionability”.
"Commercial-in-confidence" does not necessarily equate with "confidential"
On 7 February 2018 the Administrative Appeals Tribunal followed well-established confidentiality principles when it ruled, in the context of a freedom of information claim, that the label “commercial-in-confidence” does not necessarily imbue information with the necessary quality of confidentiality for the purposes of qualifying for the confidentiality exemption under section 45 of the Freedom of Information Act 1982 (Cth): Kung Fu Wushu Australia Limited and Australian Sports Commission  AATA 157. The applicant was seeking to overturn an earlier decision of the respondent which ordered the release of certain documents. The Tribunal was not satisfied that the documents in question qualified for an exemption because it would not have been possible for the applicant to prevent disclosure under the general law. If the information does not in fact satisfy the requirements in equity for the protection of confidentiality, the mere labelling of it as 'confidential" will not solve the problem. In making its finding, the Tribunal followed the relevant principles laid down in Corrs Pavey Whiting Byrne v Collector of Customs (Vic) 14 FCR 434.
Confidential information can be accessed by employer
On 13 February 2018, the Supreme Court of Victoria ruled that an employer had no obligation to maintain the confidentiality of information relating to a third party competitor which had come into its possession during the audit of an employee’s laptop: Integrated Global Partners Pty Ltd v Hyde & Ors  VSC 45. An employee had been undertaking unpaid work for the competitor in breach of her contractual obligations to the plaintiff. The employee’s computer was subject to the plaintiff’s IT System Acceptable Use Policy which allowed the plaintiff to audit its networks and systems and to examine content stored on company computers. The court ruled in favour of the employer on the basis that it had been exercising its lawful right of audit and the confidential information in question had not been obtained as a consequence of any breach of confidence. The Court acknowledged the observation of Gleeson CJ in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199 that the use of information innocently or accidently acquired could be restrained in circumstances where it had been “improperly or surreptitiously obtained”, but in this instance there was no evidence that the employer had acted improperly.
No presumption of confidentiality in council tenders
On 15 February 2018, the NSW Civil and Administrative Tribunal ruled that a tender submission was not confidential and could be released in redacted form under the Government Information (Public Access) Act 2009 (NSW): South Coast Hunters Club v Eurobodalla Shire Council  NSWCATAD 42. Relevant to the Tribunal’s finding’s was the fact that there was no statement on the tender that the submission was “confidential”. The Tribunal was of the view that in the absence of some indication from the applicant that it had requested its tender to remain confidential, there was no basis to infer that the document was submitted in confidence. The Tribunal rejected the applicant’s submission that the tendering guidelines indicated the document would be treated as confidential, concluding that the guidelines only indicated that documents “provided in confidence” would be treated confidentially. The guidelines did not, in the Tribunal’s opinion, create any presumption that material submitted with a tender was provided in confidence.
Confidentiality designation must be read in context
On 28 February 2018, the Federal Court held that the incorrect description in a contract of certain information as “confidential” may not affect a contractual restriction on its use: Career Step, Inc v TalentMed Pty Ltd (No 2)  FCA 132. The applicant asserted that the respondent had infringed its copyright, and breached contractual restrictions, when utilising its course materials for the purpose of developing a competing course. The court concluded that the applicant’s copyright in part of the material had been infringed, and then turned its attention to the applicant’s contract claim. The contract provided that the applicant’s software and instructional materials were “proprietary and confidential” and constituted trade secrets, and then imposed a restriction on the use of “such confidential information”. The respondent argued that the information was not “confidential” and therefore the restriction had no effect. Robertson J concluded that it was not relevant whether the material was in fact confidential because the purpose of the description was to identify material which was the subject of the restriction. He ruled that the reference to confidential information “does not impose a superadded requirement that the proprietary software and instructional materials be confidential, but is descriptive of the software and instructional materials the subject of the clause”.
Password protection may be evidence of confidentiality
On 9 March 2018, the Full Court of the Federal Court of Australia observed that a company’s password protection of its information was evidence that it regarded the information as confidential and not available to the general public: Digital Central Australia (Assets) Pty Ltd v Stefanowski (No 2)  FCA 1000. The proceedings were brought by a franchisor who asserted that a former franchisee had breached a restraint of trade clause in the franchise agreement, as well as an equitable duty of confidentiality, by attempting to compete with another franchise business. On the question of confidentiality, the respondents argued that the information was not confidential due to a lack of uniqueness, an argument rejected on the facts by the court which observed that although some of the information was in the public domain, collectively it contained information reflecting sufficient evidence of ingenuity and novelty to satisfy the test for confidentiality. The court further took into account the steps taken by the franchisor to alert the franchisee to the fact that the information was being imparted in confidence, placing significance on the fact that the information was held in a password protected area on the franchisor’s website.
NSW ticketing system breaches privacy
On 15 February 2018, the NSW Civil and Administrative Tribunal ruled that the State’s electronic (Opal) ticketing system contravened the Privacy and Personal Information Protection Act 1998 (NSW): CNS v Transport for NSW  NSWCATAD 4. The basis of the decision was that the system, in contravention of Information Privacy Principle 1, collected personal information which was not reasonably necessary for the functioning of the system. The system removed the ability of concession entitlement holders to travel anonymously, tracking registered users who passed through a transport hub on any given day. The Tribunal rejected arguments that the information was not “personal information” and further held that the question of consent was not relevant to IPP1. The Tribunal recommended that the Respondent “seek technical, privacy, IT design and possibly legal advice” to render the system compliant.
Netgear to provide remedies and refunds to customers for misleading representations about warranties
Netgear is in the business of supplying network connection devices, such as modems and routers. On 27 February 2018, the ACCC announced that Netgear had given various undertakings flowing from representations it made to customers from June 2016 to the effect that unless they were covered by Netgear's manufacturer's warranty or "purchased" a technical support contract, they were not entitled to any remedies for faulty products. Those representations were misleading because under the Australian Consumer Law (ACL), a supplier of goods or services cannot exclude, restrict or modify the consumer guarantees. The consumer guarantees always operate in addition to any arrangements otherwise existing between a supplier and a consumer. Netgear also acknowledged that its packaging did not comply with section 102 of the ACL, which requires certain prescribed wording to be used in relation to warranties against defects. Netgear gave undertakings to review the relevant contracts and to provide remedies to customers who were entitled to remedies under the ACL, to establish an Australian Consumer Rights webpage on its website for a month, to establish a Consumer Hotline for affected customers to make complaints, and to review each complaint to determine the customer's entitlement to a remedy under the ACL. Netgear also undertook to update its policies and procedures to and to implement a compliance program.
GPS failure does not render a motor vehicle “defective”
On 28 February 2018, the Victorian Civil and Administrative Tribunal dismissed a claim by a consumer for the refund of the purchase price of a car, rejecting the consumer’s argument that a faulty GPS rendered the car unacceptable: Russell v NGP Melbourne Pty Ltd (Civil Claims)  VCAT 301. The applicant produced evidence that the GPS failed to provide satisfactory navigational advice in the outer suburbs of Melbourne. The Tribunal observed that the hardware underpinning the system was not faulty, but rather there was a problem with the dissemination of mapping data in that part of Melbourne. The Tribunal noted that under section 262 of the Australian Consumer Law, goods could be rejected by a consumer only within a period during which it would be reasonable to expect the relevant failure to become apparent. As the applicant had been aware of the deficiency for nearly two years, the rejection period had expired. Furthermore, flaws in GPS mapping data did not render the car unacceptable for the purposes of the consumer guarantee contained in section 54 of the Australian Consumer Law.
Surveillance devices legislation does not create a right of privacy, nor a right of free speech
On 18 March 2018, the Western Australian Court of Appeal delivered a judgement which analysed the role of the Surveillance Devices Act 1988 (WA): Australian Broadcasting Corporation v SAWA Pty Ltd  WASCA 29. The court rejected an application by the ABC for the release on "public interest" grounds of video footage allegedly depicting animal cruelty which had previously been tendered in court proceedings. The court reaffirmed the view expressed in Channel Seven Perth Pty Ltd v S in 2007 that the Act does not establish a general right to privacy in respect of private conversations and activities, but rather its objective is to restrict the use of covert means to obtain such information. The court went on to reject the application, in particular dismissing the ABC’s contention that, in assessing the public interest in release of the video, it should be inferred that the legislation did not intend to encroach on the right to freedom of speech. In this regard, the court observed that ”to give presumptive preference to freedom of speech [on the question of public interest] and thus to publication would subvert the structure and intent of the Act”.
Whistleblower protection to be strengthened in Victoria
The Integrity and Accountability Legislation Amendment (Public Interest Disclosures, Oversight and Independence) Bill 2018 (Vic) had its second reading in the Victorian Parliament on 7 February 2018. The legislation will amend the Protected Disclosure Act 2012 (Vic) with the intention of strengthening the State’s whistleblower protection system. In Australia, whilstleblowing legislation largely focuses upon the public sector, with state and territory legislation operating in every jurisdiction in addition to the Public Interest Disclosure Act 2013 (Cth) which operates at Commonwealth level. The objective of the legislation is to provide a mechanism whereby an individual can breach what would otherwise be obligations of confidentiality and privacy in order to report certain conduct to a higher authority. The new Victorian legislation will expand and clarify the types of public sector improper conduct that a person can disclose, facilitate the process for making disclosures and protect disclosers from legal costs.
Incentive for Australian filmmakers streamlined
On 14 February 2018, the Commonwealth Arts Minister issued the PDV Offset Rules 2018 pursuant to sub-sections 376 – 260(2) and (3) of the Income Tax Assessment Act 1997 (Cth). The Post Digital Visual Effects (PDV) offset applies to Australian expenditure incurred in making films. The offset is an incentive to attract post production and visual effects work to Australia on productions, regardless of where they are shot. A certificate for the PDV offset entitles the applicant company to a 30% tax rebate on the company’s qualifying Australian production expenditure to the extent that it relates to PDV. The new Rules provide a framework for companies to apply for a provisional or final certificate for the offset, sets out procedures by which the Film Certification Advisory Board will consider applications, and specifies how applications for certificates are to be made. The new Rules replace the PDV Offset Rules 2008 which were due to sunset on 1 April 2018.
Legislation targets intimate images on social media
On 15 February 2018, the amended Enhancing Online Safety (Non-consensual Sharing of Intimate Images) Bill 2017 (Cth) was introduced into the House of Representatives. The Bill had previously been tabled in the Senate on 6 December 2017 and subsequently amended and passed by the Senate on 14 February 2018. The Bill amends the Enhancing Online Safety Act 2015 to prohibit the posting of, or threatening to post, intimate images without consent on a social media service, relevant electronic service or designated internet service. The Bill establishes a complaints and objection system to be administered by the eSaftey Commissioner and provides the Commissioner with powers to issue removal notices or remedial directions. The legislation introduces a civil penalty regime to be administered by the Commissioner, and enables the Commissioner to seek a civil penalty order from a relevant court, issue an infringement notice, obtain an injunction, enforce an undertaking or issue a formal warning.
Australian Signals Directorate to become an independent agency
On 15 February 2018, the Senate referred the Intelligence Services Amendment (Establishment of the Australian Signals Directorate) Bill 2018 (Cth) to the Senate Foreign Affairs, Defence and Trade Legislation Committee for enquiry and report. The Bill implements the recommendations of an earlier review to establish the Australian Signals Directorate (ASD) as an independent statutory agency within the Defence portfolio. The ASD is Australia’s national signals intelligence authority with responsibility for collecting intelligence, supporting the military and undertaking cyber security operations through the application of advanced technologies. In a related move, the Computer Emergency Response Team (CERT), which was established in 2010 as the National Computer Emergency Response Team and which is the primary government contact point for major Australian businesses in relation to matters involving cyber security, will also be transferred from the Attorney General’s Department to ASD.
Telecommunications carriers to provide additional information in interception capability plans
On 16 February 2018, the Commonwealth government issued the Interception Capability Plan Determination 2018 (No 1) in anticipation of the sunsetting on 1 April 2018 of the Interception Capability Plan Determination 2008 (No 1). The Determinations are made under Part 5-4 of the Telecommunications (Interception and Access) Act 1979 (Cth) which requires all licensed telecommunications carriers and certain carriage service providers to submit an annual interception capability plan. The new determination, which is in terms identical to the expiring determination, implements section 195(2) of the Act and requires the plans to include the carrier’s policies and strategies relating to interception, the location of interception points on their networks and a list of employees with responsibility for interception matters. The determination also requires the carriers to describe the arrangements in place to maintain their interception capability in Australia and under the control of persons holding appropriate national security clearances. There is also an obligation to protect information gained from interceptions, and to provide reasonable interception assistance to national security and law enforcement agencies.
Mandatory data breach reporting introduced
From 22 February 2018, amendments to the Privacy Act 1988 (Cth) came into effect which require the mandatory reporting of certain data breaches. The amendments are contained in the new Part IIIC of the Privacy Act 1988 (Cth), introduced by the Privacy Amendment (Notifiable Data Breaches) Act 2017 on 22 February 2017. We earlier reported on the passage of this legislation in Volumes 10 and 11 of this Update. The obligation is imposed upon entities currently regulated by the Act – that is, Commonwealth public sector agencies, private sector businesses with an annual turnover in excess of $3m and certain other entitles which do not qualify for exemption as small businesses. The reporting obligation is restricted to breaches which are likely to result in serious harm to the individual. Notification must be provided to the individual and to the office of the Australian Information Commissioner. A breach of the notification obligation can attract, under the general penalty provisions in the Act, a fine of up to $420,000 for individuals and $2.1m for corporations.
Government Department can disclose personal information in connection with Australian Honours System
On 14 March 2018, the Australian Information Commissioner issued a Public Interest Determination (PID) to the effect that the Department of Home Affairs can disclose certain information in connection with the assessment of proposals for awards under the Australian Honours System: Privacy (Australian Honours System) Temporary Public Interest Determination 2018. Specifically, the PID allows the Department to disclose information to the Office of the Official Secretary to the Governor-General and to the Department of the Prime Minister and Cabinet for the purpose of verifying the Australian citizenship or permanent residency status of individuals who are the subject of a nomination. An application had been made to the Commissioner by the Department over concerns that the disclosure of information in response to verification requests might involve the use of personal information for purposes inconsistent with the original reason for collection, thus breaching Australian Privacy Principle 6. The Commissioner concluded that it was not appropriate or practicable to seek the consent of the individuals concerned, and that the public interest in maintaining the integrity of the honours system outweighed the public interest in adherence to the relevant Australian Privacy Principles. The PID, which the Commissioner is empowered to issue under section 80A(2) of the Privacy Act 1988, removes the potential impasse.
Legislation contemplates restrictions on gambling promotion
On 12 February 2018, the Senate Environment Communications Legislation Committee recommended the passage of the Communications Legislation Amendment (Online Content Services and other Measures) Bill 2017 (Cth). The Bill had been referred to the Committee by the Senate on 7 December 2017 on the recommendation of the Selection of Bills Committee. The Bill will, if passed, amend the Broadcasting Services Act 1992 (Cth) to create a regulatory framework to be used by the Australian Communications and Media Authority (ACMA) to impose gambling promotion restrictions on online content service providers. The legislation will insert a new schedule 8 into the Act to allow ACMA to make online content service provider rules which set out the gambling promotion restrictions.
Key developments during February 2017 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.
New South Wales Supreme Court upholds contractual restraint of trade.
On 30 January 2017, the New South Wales Supreme Court upheld the validity of a 12 month post-employment restraint on a computer engineer: Thinkstorm Pty Ltd v Farah  NSWSC 11. The employer was engaged in the business of providing IT personnel to clients. The defendant, who had expertise in the use of a particular workforce management software system, had worked for over five years, at the direction of the employer and pursuant to three successive employment contracts, for Queensland Health. The defendant resigned his employment with the plaintiff and then continued to provide the same services to Queensland Health through an alternative employer, notwithstanding a 12 month contractual restraint on working for the plaintiff's customers. Lindsay J considered that in general "12 months appears to be the outer limits of what would be a restraint of reasonable duration" but nevertheless acknowledged that restraints of 6 to 12 months were not uncommon in the IT industry. In concluding that the restraint in this instance was reasonable, his honour took account of the fact that the defendant had agreed, in each of three successive employment engagements with the plaintiff, to restraints of 12 months, agreeing in each instance that the restraint was reasonable to protect the plaintiff's legitimate interests.
Federal Court finds two ex employees' company responsible for copyright infringement and breach of confidence.
On 10 February 2017, the Federal Court found that a company formed by two former employees of an equipment manufacturer infringed the employer's copyright in its proprietary software by launching competing software products which were substantially similar: IPC Global Pty Ltd v Pavetest Pty Ltd (No 3)  FCA 82. The court noted that parts of the respondents' software were identical or similar to the applicant's software, and that the copied code played a functionally significant role in the operation of the applicant's software as a whole. Moshinsky J emphasised that the test for infringement involved a qualitative rather than a quantitative assessment of substantiality. The court further found that the applicant's source code and protocol documents comprised confidential information which had been misused by the respondents and that Pavetest had gained a "springboard" benefit (relevant to the question of damages) as a result of the considerable development time it had saved by copying the applicant's material.
Federal Court rules on misleading advertising about rival apps.
On 13 February 2017, the Federal Court delivered a judgement in which it held that Fairfax Media engaged in misleading or deceptive conduct in breach of sections 18 and 29 of the Australian Consumer Law by publishing certain advertisements comparing an app which was operated by a wholly owned subsidiary, with an app which was operated by the applicant: REA Group Limited v Fairfax Media Limited  FCA 91. Some advertisements were found to be clear "puffery" and others were found to have a legitimate basis. Of particular interest was the court's approach to identifying the class of persons to whom the advertisements were directed, being an essential step in determining whether the conduct was likely to mislead or deceive. Murphy J noted the advertisements were directed at a broad cross-section of the public and were primarily aimed at motivating the reader to download the app, more specifically, real estate agents and members of the public with an interest in the property market. His honour considered it was relevant that as the app was free and its use could be discontinued at will, people were less likely to pay attention to claims in the advertisements. Apps were "ubiquitous" in modern life and real estate agents, in particular, would approach claims in such advertisements with "a high level of caution or scepticism". An unfounded claim that the respondent's app had more listings than any comparable product was held to be false or misleading, but not claims such as "the best property listings in Melbourne" or "the #1 property app in Australia".
New South Wales Supreme Court finds company and a director misled investors over value of software company. The New South Wales Supreme Court has ruled that a software company breached its share issues agreement, and a director engaged in misleading or deceptive conduct in contravention of section 18 of the Australian Consumer Law, by overstating the potential value of the business to prospective investors: Ebbsfleet Pty Ltd v Semantic Software Asia Pacific (No 3)  NSWSC 78. The plaintiff purchased 6.5 million shares in the defendant company in reliance upon an express contractual warranty by the company, and representations by the director, that the shares would triple in value within two years. The warranty and representations revolved around the anticipated future value of existing software patents and additional technology then under development. In relation to the finding of breach of contract, Stevenson J disregarded a clause which limited the warranties to 12 months' duration as this would have had the unintended effect of destroying the effect of the warranty that the shares would triple in value in two years. In relation to the director's misrepresentations, his honour disregarded a contractual acknowledgement by the investors that they had not been induced to enter the agreement by any representation or warranty, and a contractual disclaimer of liability for damages, on the basis that such clauses cannot insulate a party from the operation of the Australian Consumer Law. The court concluded that but for the warranties and the director's representation, the plaintiff would not have invested their funds in the company.
Mandatory data breach reporting legislation passed.
The Privacy Amendment (Notifiable Data Breaches) Bill 2016 was passed on 13 February 2017. The legislation, which will come into effect on 22 February 2018 (12 months after Royal Assent), implements the recommendations of a Parliamentary Joint Committee on Intelligence and Security, as well as the Australian Law Reform Commission, by requiring government agencies and private sector organisations to notify the Australian Information Commissioner and affected individuals in the event that they suffer an eligible data breach. The legislation was previously tabled in the House of Representatives in October 2016. As mentioned in our last update, a Regulatory Impact Statement released by the Attorney-General's Department on 11 January 2017 was supportive of a mandatory reporting scheme. The essence of the new scheme is that an entity will be required to comply with specific notification obligations as soon as practicable after becoming aware of reasonable grounds for believing it has been the subject of an "eligible data breach". An eligible data breach will occur if personal information about one or more individuals held by the entity is subject to unauthorised access or disclosure, or is lost in circumstances in which unauthorised access or disclosure is likely to occur, and a reasonable person would conclude that such access or disclosure is likely to result in serious harm to any such individual.
The current children's online safety legislative scheme will be expanded to embrace older Australians.:
On 7 February 2017, the Enhancing Online Safety for Children Amendment Bill 2017 was introduced in the House of Representatives. The Bill will amend the Enhancing Online safety for Children Act 2015 (in the process re-naming it the Enhancing Online Safety Act 2015) by broadening the functions of the Children's eSafety Commissioner (changed to simply the "eSafety Commissioner") and emphasising, in particular, that the functions of the Commissioner in fact go beyond the online safety of children and embrace assistance to adults who are victims of illegal or offensive online content or "revenge porn", or who simply seek general advice about managing technology risks and online safety. The principal objective of the amendments is to make it clear to the public that the Commissioner can be a source of assistance and advice in relation to a range of online safety issues, irrespective of the age of the enquirer. The Second Reading Speech emphasised the government's commitment to "bridging the digital divide" and ensuring older Australians have the skills and confidence to participate in the modern digital economy.
Northern Territory and ACT energy and water utilities may disclose credit information to credit reporting bodies.
On 23 February 2017, the Privacy Amendment (Energy and Water Utilities) Regulation 2017 was passed. The Regulation enables electricity, gas and water utilities in the Northern Territory and the ACT to continue disclosing credit information about individuals to credit reporting bodies until 1 January 2018, by which time it is anticipated that legislation will have been enacted to enable the utilities to participate in recognised external dispute resolution schemes in those jurisdictions. Section 21D(2)(a)(i) of the Privacy Act 1988 requires a credit provider to be a member of a recognised external dispute resolution scheme unless regulations provide otherwise. Utilities are considered to be "credit providers" under the Act. Legislation is required in order to enable the recognition of EDR schemes in the Northern Territory and the ACT, and the purpose of the Regulation is to enable utilities in those jurisdictions to continue interacting with credit reporting bodies until such legislation has been implemented.
ACT privacy legislation recognises equivalence of Victorian and New South Wales privacy laws.
On 27 February 2017, the Australian Capital Territory passed the Information Privacy Amendment Regulation 2017 (No 1), effectively recognising the Privacy and Data Protection Act 2014 (Vic) and the Privacy and Personal Information Protection Act 1998 (NSW) as offering privacy protection equivalent to the Information Privacy Act 2014 (ACT). Under section 21(1) of the ACT Act, a Territory agency must include a provision in its contracts requiring contractors to comply with the Territory Privacy Principles or a "corresponding privacy law". Under section 21(4), a "corresponding privacy law" means the Privacy Act 1988 (Cth) or the law of any other jurisdiction prescribed by regulation. The effect of the new regulation is that in future ACT government agencies will not be required to mandate compliance by contractors with ACT privacy laws if the contractor is already bound to comply with Victorian or New South Wales privacy laws, thus avoiding the need for dual compliance. The regulation recognises that the ACT, Victorian and New South Wales Acts offer similar privacy frameworks.
Senate committee reports on data re-identification bill.
On 7 February 2017, the Senate's Legal and Constitutional Affairs Legislation Committee delivered its report on the Privacy Amendment (Re-identification Offence) Bill 2016. As mentioned in a previous update, the Bill was referred to the Committee on 10 November 2016. The legislation is designed to prohibit conduct related to the re-identification of de-identified personal information published or released by Commonwealth entities, and will have retrospective effect to 29 September 2016, being the date upon which the Attorney-General initially issued a media release advising of the government's intention to introduce the new criminal offence. The Committee concluded that despite concerns raised in relation to the introduction of a criminal offence, a reverse onus of proof and retrospective application, on balance the legislation represented a "necessary and proportionate response" to the challenge of striking a balance between the potential benefits of research involving open data and any consequent threat to individual privacy.