Liability for on-line defamatory posts
On 8 September 2021, the High Court ruled in a 5:2 majority decision that Facebook – and, by implication, any operator of a website or social media page – can be liable for defamatory content posted by third parties: Fairfax Media Publications Pty Ltd v Voller [2021] HCA 27. The appellant publishers maintain a Facebook page on which they post content relating to news stories and provide hyperlinks to those stories on their website. Comments can be posted by readers, some of which the respondent in this claimed were defamatory of him. The appellants contended that they merely administered the public Facebook page, had not intended defamatory publication and were therefore not responsible for comments posted by the public. Kiefel CJ, Keane and Gleeson JJ observed that under the law as it stands, defamation does not require proof of fault, the intention of the author is irrelevant, and “all that is required is a voluntary act of participation in its communication”. Their Honours upheld the previous finding of the Court of Appeal, stating that it had been “correct to hold that the acts of the appellants in facilitating, encouraging and thereby assisting the posting of comments by the third-party Facebook users rendered them publishers of those comments”. Gaegler and Gordon JJ were a little more expansive, noting that the appellants were to be deemed “publishers by virtue of the fact that they intentionally created and administered a public Facebook page and posted content on that page, and that “the creation of the public Facebook page, and the posting of content on that page, encouraged and facilitated publication of comments from third parties”. Read DCC’s article on the landmark decision here.
Employees breach restraints when changing jobs
On 17 September 2021, the Supreme Court of New South Wales ruled that two employees of a company which marketed a human resources software product had breached their employment contracts by taking up employment with a competitor: Employsure Ltd v McMurchy; Employsure Ltd v Kumaran [2021] NSWSC 1179. It was further held that the competitor (the second defendant) and one of the employees were liable for inducing the other employee to breach his contract with the plaintiff. Whilst much of the dispute was fact-specific, Sackar J found the employee McMurchy failed to give adequate notice when resigning and taking up employment with the second defendant and that he was in breach of contractual and fiduciary obligations when taking up his new employment whilst a contractual restraint was operative. Similarly, the employee Kumaran breached his employment contract by giving short notice prior to commencing with the second defendant, and by accepting employment with the second defendant despite his contractual restraint. The restraint prohibited the employees from working with a competitive business for a period of 12 months, and the court considered that the plaintiff was a “competitor” as both it and the second defendant marketed products aimed at similar markets despite some differing functionality. His honour did, however, reduce the period of restraint from 12 months to nine. Injunctive relief was granted to restrain the two former employees from using their acquired knowledge and familiarity with the plaintiff’s confidential information.
Inadequate detail pleaded in breach of confidence case.
On 23 September 2021, a Statement of Claim filed by a utility billing systems provider alleging misuse of confidential information by a group of former employees was struck out by the Federal Court of Australia on the basis that it failed to specify either the precise nature of the information or the manner in which it was allegedly misused: Agility CIS Ltd v White [2021] FCA 1145. Citing well-established authorities, Anderson J observed that “it is vital that the information which is said to be confidential is defined with precision, and the disclosure or use of that information which is said to constitute a misuse of that information is specified with particularity”. His honour added that “if the claim amounts in substance to little more than that the defendants left their former employer, established their own business, and are now competing in a market place against their former employer that will not be sufficient to make out even an arguable case of misuse of confidential information”. The court concluded that the claims, as presently pleaded, were expressed in wide and general terms and had “all the hallmarks of being purely speculative”. The Applicants were given leave to re-plead their Statement of Claim.
Court accepts undertaking in lieu of granting an injunction
On 24 September 2021, the Supreme Court of New South Wales dismissed an application by an IT recruitment and consulting business for interlocutory relief against a former employee after accepting an undertaking from the former employee that he would, in his new role with a competitor, refrain from contacting clients or contractors of the plaintiff or assist in the recruitment of new clients for a specified period: HiTech Group Australia Ltd v Riachi [2021] NSWSC 1212. The defendant’s employment contract contained a confidentiality clause and a 12 month competition restraint. Ward CJ in Eq concluded that there was a serious question to be tried as to the validity (and breach) of the non-compete covenant. The court canvassed various uncertainties as to the precise nature of the defendant’s new role, the degree of competitiveness between the old and new employers and the reasonableness of the 12 month restraint, ultimately concluding that “the access able to be gained by the defendant during the course of his employment to the HiTech System … databases, and the information as to client and candidate lists provides a recognised basis for the legitimate protection of the plaintiff’s interests in maintaining its confidential information and protecting its customer and business connections”. With respect to the balance of convenience, the court observed that “the most critical factor … when considering the question of balance of convenience and the ultimate issue as to the exercise of discretion, is that the defendant has proffered extensive undertakings”, the effect of which was that the plaintiff was protected against essentially everything the subject of the restraint.
CDR amendment rules issued.
On 5 October 2021, the government issued the Competition and Consumer (Consumer Data Right) Amendment Rules (No 1) 2021. The amendments are contained in a series of Schedules to the Rules and are, according to a Ministerial Statement, intended to facilitate greater participation in the CDR regime by participants and consumers by offering greater control over consumer data and by promoting innovation and efficiency in relation to CDR offerings. The key Schedules are Schedules 1 – 4. Schedule 1 to the Amending Rules introduces a new level of accreditation known as “sponsored accreditation”. Schedule 2 introduces the new concepts of a “CDR representative”, “principal” and “CDR representative arrangement”, the latter being a written contract between the principal (a person with unrestricted accreditation) and a CDR representative (a person without accreditation). Schedule 3 establishes two new data sharing models, being a “trusted adviser model” and a “CDR insights model”. Schedule 4 introduces amendments relating to joint accounts, namely simpler disclosure options applicable to requests for disclosure of CDR data relating to one or more joint accounts.
ACCC seeks greater control over Google
On 28 September 2021, the Australian Competition and Consumer Commission (ACCC) published a report on competition for ad tech services in Australia: Digital Advertising Services Inquiry: Final Report (ACCC, August 2021). Amongst other recommendations, the report proposed that the ACCC be given powers to develop specific rules to address competition issues in the sector after identifying “significant competition concerns and likely harms to publishers, advertisers and, ultimately, consumers”. Expansion of the ACCC’s powers would enable it to ensure that providers of ad tech services met “pre-defined criteria linked to their market power and/or a strategic position”, thus allowing the ACCC to address conflicts of interest, prevent anti-competitive self-preferencing behaviour, address data advantage issues and deal with “transparency problems” where these created efficiency or competition concerns. The report expressed concern about Google’s dominance in the ad tech supply chain, noting that more than 90% of ad impressions traded via the ad tech supply chain passed through at least one Google service in 2020. Google had, according to the report, used its position to preference its own services and shield them from competition by, for example, preventing rival ad tech services from accessing ads on YouTube.
Draft digital identity legislation released
On 1 October 2021, the Commonwealth government released an exposure draft of the Trusted Digital Identity Bill for public consultation. The legislation seeks to coordinate the involvement of Commonwealth, State and Territory governments in a digital identity system, balanced by appropriate privacy and consumer protections. The system is intended to facilitate the process of identification for persons accessing government and business services. The Digital transformation Agency estimates potential cost savings of up to $11bn whist simultaneously reducing risks associated with identity fraud. Changes introduced in the latest iteration of the draft legislation include a requirement for participating parties to help users affected by cyber security fraud or other security incidents, and new restrictions regarding access to and storing of data outside Australia. The Bill will complement the Identity-Matching Services Bill 2019 which is intended to govern the operation of the proposed Document Verification Service (DVS) and Face Verification Service (FVS), about which we have previously commented The exposure draft Bill was accompanied by Trusted Digital identity Framework (TDIF) Accreditation Rules and Trusted Digital identity Rules.
CDR regime still poses privacy challenges
On 7 October 2017, Treasury published Update 3 to the Consumer Data Right Privacy Impact Assessment (PIA). The original PIA was published on 11 December 2019, prior to commencement of the CDR Rules on 6 February 2020. Since that time, the ACCC has undertaken several privacy impact update processes to analyse the impact of any proposed amendments to the CDR Rules. The Update 3 process has involved the assessment of the potential privacy impact of the CDR Rules. The assessment noted various ongoing potential risks, underpinned by the complexity of the framework. Privacy risks were associated with the disclosure of CDR data to Trusted Advisers and other recipients outside the CDR regime; the involvement of Affiliates based on self-attested information security capabilities; the prospect of CDR Data being disclosed by CDR Representatives beyond the scope of prevailing consent from the DCR Consumer; and the prospect of a joint account holder’s CDR Data being disclosed in the absence of informed consent.
Victorian government seeks to facilitate the sharing of health information
On 5 October 2021, the Victorian government tabled the Health Legislation Amendment (Information Sharing) Bill 2021 (Vic) in the Legislative Assembly. The legislation primarily amends the Health Services Act 1988 for the purpose of establishing a centralised electronic system to enable public hospitals and other specified health services to share specified patient health information. It also contains consequential amendments to the Health Records Act 2001 (Vic). Specifically, the Bill inserts a new section 14F into the Health Records Act 2001, in order to ensure that Health Privacy Principles 1.3 and 1.5 (which impose certain requirements in relation to collecting information about an individual from someone else) do not apply to the collection of health information by the Secretary for the purpose of the Electronic Health Information Sharing System (new section 14F(1)). The Explanatory Memorandum states that this is considered necessary to ensure the Secretary may efficiently collect this information from participating health services. In addition, a new section 14F(2) provides that nothing in Part 5 of the Health Records Act or Health Privacy Principle 6 applies to health information held by the Secretary in the Electronic Patient Health Information Sharing System. This is considered necessary to ensure that requests for access and correction of patient health information are directed to the party best placed to effectively correct that information.