Federal Court finds Google misled Android purchasers
On 16 April 2021, the Federal Court ruled that Google LLC and Google Australia Pty Ltd had contravened the Australian Consumer Law by misleading consumers about personal location data collected through Android mobile devices between January 2017 and December 2018: Australian Competition and Consumer Commission v Google LLC (No 2)  FCA 367. The ACCC's principal contention was that when consumers created a new Google Account during the initial set-up process of their Android device, Google misrepresented that the "Location History" setting was the only Google Account setting that affected whether Google collected, kept or used personally identifiable data about their location, when in fact another Google Account setting titled "Web & App Activity" also enabled Google to collect, store and use such data when it was turned on, and that setting was turned on by default. Thawley J ruled that ACCC had partially made out a case under section 18 of the Australian Consumer Law (misleading and deceptive conduct), noting that Google's conduct would not have misled all reasonable users but it would have misled some, adding that the "number or proportion of reasonable users who were misled, or were likely to have been misled, does not matter for the purposes of establishing contraventions". His Honour also concluded that the ACCC had also partially succeeded in establishing contraventions of sections 29(1)(g) (relating to false or misleading representations that goods or services have certain performance characteristics) and 34 (misleading conduct as to the nature of services).
Federal Court awards Apple temporary stay in Fortnite battle
Epic Games, Inc (Epic) distributes the popular game Fortnite which is played by around 3 million iOS users in Australia alone. This dispute arose when Epic updated the game to give iOS users the option of paying for in-app purchases using its own payment processing system as an alternative to Apple Inc (Apple)'s payment processing system. This breached the agreement between Epic and Apple. Apple responded by preventing iOS users from downloading or updating Fortnite. Epic commenced the proceedings in the Federal Court alleging that Apple's conduct in forcing developers to (a) distribute iOS apps to Australian users through Apple's Australian App Store, and (b) only use Apple's payment processing system for in-app purchases, contravenes the Competition and Consumer Act (2010) and amounts to unconscionable conduct in contravention of the Australian Consumer Law. Apple sought a permanent stay of the Federal Court proceedings because the agreement between the parties provides that any dispute "relating to" it must be litigated in the Northern District of California: Epic Games, Inc v Apple Inc (Stay Application)  FCA 338. Perram J determined that Epic's claims do relate to the agreement because there was a "logical and causal connection" between them. His Honour granted Apple a temporary (3 month) stay. If Epic fails to commence a proceeding in the Northern District within this period, the stay will become permanent. If Epic does do so, but the District Court declines to hear the dispute, then Epic may apply to lift the stay and continue its Federal Court claim against Apple.
Apple ordered to pay compensation to individual consumer
On 23 April 2021, the Victorian Civil and Administrative Tribunal awarded damages against Apple Pty Ltd for false or misleading conduct in connection with the sale of an iPhone to an individual consumer: Croskell v Apple Pty Ltd  VCAT 384. The applicant entered into a 24-month plan to purchase the iPhone. At the time of purchase, the applicant stated that she specifically required the iPhone to perform all internet functions through its cellular data as she did not have, and did not intend to acquire, a fixed internet service such as NBN (Wi-Fi) at home. According to the evidence, the applicant was assured that the iPhone met these criteria and on that basis she proceeded to enter the purchase plan. As it transpired, the phone was unable to perform all these functions, specifically because the applicant needed fixed internet Wi-Fi to be able to perform the functions which she wanted to perform. Section 18 of the Australian Consumer Law provides that a person must not, in trade or commerce, engage in conduct which is misleading or deceptive or which is likely to mislead or deceive. The Tribunal found that the applicant had relied on the sales representations and that she would not have purchased the iPhone had she known it would require Wi-Fi. The Tribunal concluded that the applicant was entitled to damages of $1,200, being the cost of the iPhone (without having to return the phone), but rejected her claim for additional damages to cover the cost of installing Wi-Fi.
Tribunal upholds software developer's claim for payment
On 27 April 2021, the Victorian Civil and Administrative Tribunal handed down a decision in which the express and implied responsibilities of parties to a software development contract were analysed: Austech Applications Pty Ltd v Oz Wide Trading Group Pty Ltd  VCAT 345. Austech, the developer, was seeking payment for software development services which the customer, Oz Wide, was resisting on the basis that the development was delayed and of unsatisfactory quality. The developer succeeded. The customer asserted that the Agile methodology adopted Austech, pursuant to which all details of the project are not identified and documented at the outset, was unsuitable, but the Tribunal concluded on the basis of expert evidence that it was appropriate for this project. The contract was silent as to which party was responsible for developing the functional design, but the Tribunal concluded that it was the implicit responsibility of the customer in this instance and, further taking into account Oz Wide's failure to provide requested information in a timely manner, that the customer was responsible for any delay. The customer also complained of deficiencies in various modules supplied by the developer, but the Tribunal considered that this was inherent in the Agile methodology which invariably involved "frequent changes, feedback, instructions and other issues arising during development", noting further that "the modules released during this process could in no way be seen to be the final or complete versions". In addition, the Tribunal rejected the customer's complaints of excessive bugs, taking into account the fact that "the software being developed was a relatively complex piece of software, comprising a number of different modules for different areas of Oz Wide's business", and further taking account of expert evidence that some of the bugs were actually functionality adjustments.
POLICIES, REPORTS & ENQUIRIES
Discussion paper released relating to the review of Australia's defamation laws
On 7 April 2021, a Discussion Paper relating to Stage 2 of the Review of Model Defamation Provisions was released by the New South Wales Attorney-General as part of a national review of Australia's defamation laws. One of the drivers behind the paper was the Digital Platforms Inquiry Final Report published by the Australian Competition and Consumer Commission in 2019, which made various recommendations regarding the functions of digital platforms. Part A of the Discussion Paper addresses the question of internet intermediary liability in defamation for the publication of third-party content, suggesting options for reform that reflect the potential spectrum of liability for internet intermediaries. The Paper observes that "there are a number of potential policy grounds for a range of internet intermediaries having some responsibility in defamation law for the publication of third-party content where they have created systems or online environments to enable and promote the publication and dissemination of user-generated content", adding that, unlike traditional hard copy publishers, "often (but not always) the internet intermediary is in the best position to address the harm (for example, by removing content)". The closing date for submissions is 19 May 2021.
Federal Government responds to Senate Committee report on "cyberbullying" offences
On 15 April 2021, the Australian Government delivered a long-awaited response to a Senate Legal and Constitutional Affairs References Committee report on the Adequacy of Existing Offences in the Commonwealth Criminal Code and of State and territory Criminal Laws to Capture Cyberbullying. The Committee's report was tabled on 28 March 2018 and contained nine recommendations. In its response, the Government unconditionally supported three, namely, that the various Australian jurisdictions should develop a clear definition of "cyberbullying", that there should be no increase in penalties for cyberbullying offences committed by minors beyond the provisions already in place, and that the Australian Government should consider increasing the maximum penalty for using a carriage service to menace, harass, or cause offence under section 474.17 of the Criminal Code Act 1995 from three years' imprisonment to five years' imprisonment. The Australian Government supported the other recommendations "in principle", including a recommendation that consideration be given to expanding the operation of the Enhancing Online safety Act 2015 relating to the role of the eSafety Commissioner and increasing the basic online safety requirements for social media services.
Federal Government releases new cyber and critical technology strategy
On 21 April 2021, the Australian Government released Australia's International Cyber and Critical Technology Engagement Strategy. The Strategy seeks to implement the government's stated vision for a "safe, secure and prosperous Australia, Indo-Pacific and world enabled by cyberspace and critical technology", proposing a national approach to shaping cyberspace and "critical technology" in line with the country's interests. "Critical technologies" are defined as "those technologies with the capacity to significantly enhance, or pose risks to, Australia's national interests, including our prosperity, social cohesion and national security", and include Artificial Intelligence, 5G, Internet of Things, quantum computing and synthetic biology. The strategy contemplates international cooperation, focussing on the Indo-Pacific region and engaging with multilateral forums such as the East Asia Summit, the ASEAN Regional Forum and the Pacific Islands Forum. The Strategy will also leverage existing bilateral initiatives, such as the Australia-India Framework on Cyber and Cyber Enabled Critical Technologies Cooperation.
ACCC releases second interim report on its digital platform services inquiry
On 27 April 2021, the Australian Competition and Consumer Commission (ACCC) published its second Digital Platform Services Inquiry Interim Report. The ACCC's Digital Platforms Branch is conducting a five-year inquiry into markets for the supply of digital platform services in Australia and their impacts on competition and consumers, following a direction from the Treasurer. This report, addressing app marketplaces, is the second produced under this direction. The report focuses on the two key app marketplaces used in Australia: the Apple App Store (the App Store) and the Google Play Store (the Play Store), noting that these two app marketplaces dominate mobile app distribution in Australia, with minimal use by Australians of rival app marketplaces and other alternatives. The report identifies a number of issues which the ACCC's consider "warrant attention", including: the market power of each of Apple and Google; the terms of access to app marketplaces for app developers, including payment arrangements; the effectiveness of self-regulation, including arrangements to deal with harmful apps and consumer complaints; and concerns with alleged self-preferencing and the use of data. The ACCC considers that these issues "affect competition with potentially significant impacts for both app developers and consumers". Specifically, Apple and Google's ability to set and enforce the rules governing access to the App Store and the Play Store can, according to the ACCC, harm competition and negatively impact app developers and/or consumers.
Commonwealth Ombudsman releases report on the use and administration of telecommunications data powers
On 28 April 2021, the Commonwealth Ombudsman released a report on the Australian Federal Police's use and administration of telecommunications data powers between 2010 and 2020. The report is the outcome of the Ombudsman's own motion investigation into the AFP's use and administration of telecommunications data powers under Chapter 4 of the Telecommunications (Interception and Access) Act 1979. In particular, the investigation focussed on access to and use of one type of telecommunications data—location-based services (LBS), colloquially known as 'pings'. The report concluded that many of the authorisations made by ACT Policing (the AFP's community policing arm) for access to telecommunications data between 13 October 2015 and 2019 were not properly authorised; there was a possibility that some LBS were obtained unlawfully and used for prosecutorial purposes, breaching the privacy of individuals in the process; it was possible that the scope of the breaches had not been fully identified; and the AFP and ACT Policing missed a number of opportunities to identify and address the unauthorised accessing of data. The report includes eight recommendations to assist the AFP in addressing these issues and implementing processes to prevent recurrence of similar issues.
Senate Committee tables report on new Bills for a proposed public sector data sharing scheme
On 29 April 2021, the Senate Finance and Public Administration Legislation Committee tabled a report entitled Data Availability and Transparency Bill 2020 [Provisions] and Data Availability and Transparency (Consequential Amendments) Bill 2020 [Provisions]. As we have previously reported, the Senate referred the Data Availability and Transparency Bill 2020 and the Data Availability and Transparency (Consequential Amendments) Bill 2020 to the Committee on 4 February 2021. The Bills, which were introduced to the House of Representatives on 9 December 2020, establish a new data sharing scheme which is intended to serve as a "pathway and regulatory framework" for sharing public sector data for specified purposes, subject to certain safeguards and enforcement mechanisms. The report makes three recommendations, namely, that appropriate oversight mechanisms are implemented by agencies to manage potential security risks; that national security risks affecting the Australian higher education and research sector are specifically taken into account; and that consideration be given to amendments (or at least clarification) regarding privacy protections, particularly in relation to the de-identifying of personal data that may be provided under the bill's data-sharing scheme.
HEALTH PRIVACY ISSUES
Tribunal finds alteration of personal medical record contravened health records legislation
On 13 April 2021, the Victorian Civil and Administrative Tribunal ruled that a medical practitioner infringed the Health Records Act 2001 by failing to properly annotate the deletion of certain health information from a patient's health record: EXW v Mulroney  VCAT 322. Health Privacy Principle (HPP) 4.3 provides that a health service provider who deletes health information from a record must make a written note of the name of the individual to whom the health information related, the period covered by it and the date on which it was deleted. The respondent altered the complainant's medical history in a letter to an insurance company by deleting a reference to "Major Depressive Disorder" and substituting "Generalised Anxiety Disorder". The Tribunal considered that whilst the alteration may have better reflected the respondent's professional opinion, intent was not relevant and there had been a failure to comply with the process set out in HPP 4.3. The Tribunal further determined, however, that the respondent had not breached HPP 4.2 (which sets out circumstances in which it is permissible to delete health information) or 6.5 (which relates to an obligation to correct, but not delete, inaccurate health information).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.