Telecommunications, Media And Technology (TMT) Law Update – Volume 10
Key developments during December 2016 and January 2017 in the area of Technology, Media and Telecommunications (TMT) are summarised as follows.
Federal Court rules on technology contract dispute.
On 9 December 2016, the Full Court of the Federal Court overturned a number of findings by a primary judge in relation to a technology supply contract: Peter Vogel Instruments Pty Ltd v Fairlight.Au Pty Ltd  FCAFC 172. Fairlight, a technology supplier, had agreed to develop software for Vogel’s computer music instrument business. As part of the supply contract, Vogel was given the right to use Fairlight’s trade mark, but this licence could be terminated by Fairlight under certain circumstances. The primary judge found that Fairlight had validly terminated the trade mark licence, which in turn had the effect of terminating the remainder of the agreement. On appeal, the Full Court agreed the trade mark licence had been properly terminated, but held that it had not had the effect of terminating the remainder of the supply contract. The Full Court also held, contrary to the primary judge’s findings, that copyright in the developed software had been validly assigned to Vogel under the terms of the contract and that, as a consequence, Fairlight had infringed Vogel’s copyright by selling its own products incorporating the software.
Federal Court orders the first “website blocking” injunctions under Australian copyright law.
In 2015, the Copyright Amendment (Online Infringement) Act 2015 (Cth) amended the Copyright Act 1968 to provide rights holders with the ability to apply to the Federal Court for orders compelling carriage service providers to block access in Australia to overseas websites (hosted outside Australia) which infringe or facilitate the infringement of copyright, without having to first establish liability for copyright infringement on the part of those parties. This has been incorporated as section 115A of the Copyright Act 1968. On 15 December 2016, the Federal Court issued its first decision under that section 115A in proceedings brought by a group of copyright owners, including Village Roadshow, Disney and Foxtel, against a group of carriage service providers including Telstra, TPG and Optus: Roadshow Films Pty Ltd & Ors v Telstra Corporation Ltd & Ors; Foxtel Management Pty Ltd v TPG Internet Pty Ltd & Ors  FCA 1503. In accordance with s 115A, Nicholas J granted injunctions requiring the carriage service providers to take reasonable steps to block access to various websites and to redirect users to landing pages which outlined the reasons for the blocked access. The Court was satisfied on the evidence that the content was being made available online from the overseas websites without the licence of the relevant copyright owners, and that the primary purpose of the websites was to infringe or facilitate the infringement of copyright. The Court emphasised that section 115A provides for a “no fault” remedy against carriage service providers and that, in particular, the entitlement of an applicant for relief under the section does not depend upon establishing that a carriage service provider has infringed copyright either by its own acts or by authorising the acts of another person. An applicant does not have to establish any element of knowledge or intention on the part of a carriage service provider to obtain the injunctive relief. The court rejected a submission by the applicants that they should have the power to extend the injunctions to cover new domain names, IP addresses and URLs by giving written notice to the respondents without having to obtain fresh court orders.
Supreme Court rules on scope of contractual employment restraint.
On 16 December 2016, the New South Wales Supreme Court ruled that an employment restraint did not prevent an employee from working for a competitor in a different role which did not necessitate the use of her former employer’s confidential information and which the evidence did not establish was relevantly “in competition”: News Life Media Pty Ltd v Janeke  NSWSC 1835. The defendant was engaged by the plaintiff with the title Sales and Strategy Director, Planning, and her duties extended to coordinating the placement of content on two digital publications. The defendant’s contract of employment prevented her from engaging “in competition with the part of the business of [the plaintiff] in which [the defendant] worked” during the 12 month period prior to termination. The Court held that this restraint did not prevent the defendant from working for a business in competition with the plaintiff’s business. Rather, the prohibition was against engaging in work which competed with the part of the plaintiff’s business in which the defendant had worked during the relevant period. The Court interpreted the words “part of” narrowly, such that the relevant “part of the business” concerned only the specific digital publications on which the defendant worked and in respect of which she might possess confidential information. There was no evidence as to what the defendant would be doing in her new role, let alone whether such work would be in competition with publications on which the defendant had previously worked.
Victorian court rules on liability of search engines for defamatory content.
On 20 December 2016, the Victorian Court of Appeal upheld an appeal by Google and concluded that a search engine should be regarded, for defamation purposes, as a “secondary publisher”: Google Inc v Trkulja  VSCA 333. The Court found that Google was a “publisher” because it was a “participant in a chain of distribution of material” but it was a “secondary publisher”, not a “primary publisher”, because its participation in the process added nothing to what had already been published and its knowledge of the content was essentially confined to an understanding that the content would have some connection with inputted search terms. As a “secondary publisher”, an innocent dissemination defence would, according to the Court, almost always be maintainable in respect of a period before notification of an alleged defamation.
Online video games supplier receives $3 million penalty for contraventions of the Australian Consumer Law.
Valve Corporation, which is based in the United States, operates an online computer game distribution network called “Steam”. The Federal Court previously found Valve had contravened the Australian Consumer Law (ACL) by falsely representing to Australian consumers that fees paid to Valve were non-refundable and that any statutory guarantees and/or warranties of acceptable quality did not apply: Australian Competition and Consumer Commission v Valve Corporation (No 3)  FCA 196. A $3 million penalty has now been imposed on Valve: Australian Competition and Consumer Commission v Valve Corporation (No 7)  FAC 1553. This was the penalty sought by the ACCC, Edelman J rejecting Valve’s submission that $250,000 was more appropriate. In addition, the court issued injunctions against Valve making further misrepresentations of a similar nature, required Valve to publish a detailed consumer rights notice on its website, and further required Valve to establish and implement an Australian Consumer Law compliance program for each of its employees who may deal with Australian consumers. Key factors which the Court took into account in setting the penalty were the period of Valve’s contraventions (well over 3 years) and the company’s poor culture of compliance and apparent disregard for Australian law.
Federal Court finds telecommunications services companies engaged in unconscionable conduct and undue harassment.
The Federal Court has made findings of unconscionable conduct and undue harassment in circumstances involving the transfer of a number of customer contracts between telecommunications services companies controlled by a sole director: Australian Competition and Consumer Commission v Harrison  FCA 1543. The transferee companies had continued to trade under the same business name and had sought to enforce terms in the relevant contracts by making demands for the payment of early termination and cancellation fees. Many customers were also subject to threats of legal action and referral to debt collection agencies. The Court considered that this conduct was “unconscionable”, in contravention of s 21 of the Australian Consumer Law (ACL) for a number of reasons, including the clear imbalance in strength of the respective bargaining positions of the parties; the absence of a legitimate basis for the demands; the lack of transparency in the transfer process; and the fact that the transfers did not comply with Part 7 of the Telecommunications Consumer Protections Code (which contains relevant provisions relating to the transfer of contracts). The Court found the conduct also amounted to undue harassment in contravention of s 50 of the ACL. Harrison, the sole director, was held to have been “involved” in the unconscionable conduct (given his knowledge of the essential elements of that contravention) but not in the undue harassment.
Federal Court interprets meaning of “personal information”
On 19 January 2017, the Full Court of the Federal Court held that an IP address did not constitute “personal information” for the purposes of the Privacy Act: Privacy Commissioner v Telstra Corporation  FCAFC 4. The Privacy commissioner was appealing against a decision of the Administrative Appeals Tribunal which had previously overturned the Privacy Commissioner’s initial ruling in Ben Grubb and Telstra Corporation Ltd  AICmr 35 (1 May 2015). The key issue was whether, and to what extent, an individual was entitled to metadata relating to his mobile service. The Federal Court focussed its attention on the words “about an individual” in the definition of “personal information” (as it was prior to amendment in March 2014). Although the definition has since changed, those words remain in the new definition and the reasoning of the Full Court remains apposite. The Privacy Commissioner argued that because the IP address could be used to identify the individual, it constituted “personal information”. The court held, however, that the information was not “about” the individual but “about” the way in which Telstra delivers a call or message to its intended recipient. The court considered it was necessary for the individual to be the subject of the information.
Commonwealth releases Open Government National Action Plan.
In late 2016, the Minister for Finance released Australia’s first Open Government National Action Plan covering the period 2016 to 2018. The National Action Plan forms part of the Commonwealth’s open government initiative, consistent with its Public Data Policy Statement, released in December 2015, which committed Australian government entities to release non-sensitive data as open by default. The National Action Plan consisted of a package of 15 commitments designed to advance transparency, accountability, public participation and technical innovation over the next two years. One of these commitments relates to a focus on privacy risk management capability across government, given public concerns about the use of personal information as part of an open access initiative. Milestones flagged in this regard include commencement of work on a process for government agencies to determine whether sensitive data can be made sufficiently confidential to enable open publication; ongoing work with the Office of the Australian Information Commissioner to improve privacy and risk management capability across the Australian Public Service; and responding to the Productivity Commission’s recommendations (discussed in the last TMT Update) on consumer rights and safeguards for data.
Review of Queensland Privacy Legislation announced
In December 2016, the Queensland government released a consultation paper inviting public submissions on a review of the State’s Right to Information Act 2009 and Information Privacy Act 2009. The Information Privacy Act regulates the activities of government agencies and contains eleven privacy principles. The paper acknowledged that privacy, in particular, is an area of increasing complexity which requires review in order to keep meeting its objectives. The consultation paper raises 34 specific questions addressing issues such as whether government owned corporations should be subject to Queensland or Commonwealth legislation, whether the Act adequately deals with contracted service providers and sub-contractors, whether the Information Privacy Principles should be aligned with the Commonwealth’s Australian Privacy Principles, whether the definition of “personal information” should be aligned with the Commonwealth Privacy Act 1988, whether the complaints procedure should become more flexible and whether the Information Commissioner requires additional powers of investigation.
Regulatory Impact Statement supports mandatory data breach legislation
On 11 January 2017, the Attorney General’s Department released a Regulation Impact Statement (RIS) in relation to the Privacy Amendment (Notifiable Data Breaches) Bill 2016 which was tabled in the House of Representatives in October 2016 but not reached in the last session of Parliament. The RIS emphasised the extent of damage which could be caused by data breaches, particularly through identity theft and crime as well as through the undermining of trust in the digital economy. Support for the current voluntary reporting scheme was not universal and was further undermined by lengthy delays in voluntary reporting in some instances. The RIS concluded that the status quo was not a viable option, and it was unenthusiastic about the option of addressing the issue through the adoption, pursuant to Part IIIB of the Privacy Act, of industry codes as this could produce a “non-standardised and inconsistent approach”. In the circumstances, the RIS concluded that the introduction of a mandatory data breach notifications scheme was the preferred approach for protecting individuals whose personal information had been compromised by a data breach.
Fee increase for accessing health records in the ACT.
In the Australian Capital Territory, the Health Records (Privacy and Access) Act 1997 regulates the handling of health records held in the private sector and in the Territory’s public sector. The Act contains Health Privacy Principles which address, amongst other things, the right of access by individuals to their health records and the transfer of health records between health service providers. Section 34 of the Act permits the Minister to determine fees relevant to the Act, including fees payable by individuals seeking to access their health records. Pursuant to section 34, the Health Records (Privacy and Access) (Fees) Determination 2016 (No. 1), effective 1 January 2017, fees which are currently payable under this regime have been increased by approximately 1.6%. The Explanatory Statement emphasises the importance of ensuring that fees are not a barrier to access on the one hand, whilst ensuring service providers receive reasonable reimbursement for the cost of providing access on the other. Fees are applicable to such activities as requesting to view a health record, seeking a copy of a health record, seeking a summary of a health record, seeking an explanation by a health service provider of the contents of a health record, and requesting the transfer of a health record to another health service provider under certain circumstances.
Damages awarded in NSW for breach of Health Privacy Principles
On 4 January 2017, the New South Wales Civil and Administrative Tribunal considered the formulation of damages under section 55 of the Privacy and Personal Information Act 1998 (NSW) for a breach of various provisions of the Act and also for a breach of various Health Privacy Principles under the Health Records and Information Privacy Act 2002 (NSW) in circumstances where multiple factors had contributed to the Applicant’s resultant emotional state: ALZ v SafeWork NSW (No 4)  NSWCATAD 1. The Tribunal had previously established the respondent’s liability: ALZ v WorkCover NSW  NSWCATAD 49 and ALZ v WorkCover NSW (No 2)  NSWCATAD 122. The Tribunal noted that under section 55 it could order compensation for any loss or damage suffered due to conduct in contravention of a Health Privacy Principle where it was satisfied that the individual had suffered financial loss or psychological or physical harm as a consequence. The Tribunal accepted that the Applicant had suffered psychological harm, having become clinically depressed, tearful, agitated and angry. Nevertheless, the Applicant’s distress had a “wider compass” and other factors had contributed to her condition. An award of damages was warranted, but at “the lower end of the scale”. The Tribunal awarded the Applicant $5,000.
VCAT dismisses claim for unauthorised disclosure of medical records.
On 20 January 2017, the Victorian Civil and Administrative Appeals Tribunal (VCAT) found that the respondent, a company which specialised in supplying medical specialists to solicitors for the purpose of providing medico-legal reports, had not breached the Health Records Act 2001 (Vic) when it disclosed medical information about the complainant to a psychiatrist: Kitson v Medhealth Pty Ltd  VCAT 41. The respondent had previously collected the complainant’s health information and disclosed it to the psychiatrist to enable a psychiatric examination of the complainant to be conducted. Upon completion of the examination, the psychiatrist forwarded his report to the respondent. Subsequently, the complainant sought access to his health information so that its content could be explained. He addressed his request to the psychiatrist care of the respondent’s address. The respondent provided the psychiatrist with a copy of the relevant medical report, in response to a request from the psychiatrist, so that the psychiatrist could comply with the complainant’s request. The complainant contended that this disclosure constituted a breach of Health Privacy Principles 2 and 4, which prohibit the misuse or unauthorised disclosure of health information, and that the psychiatrist should have viewed the material at the respondent’s premises. The Tribunal concluded that the respondent had handled the complainant’s information in a manner directly connected to the original purpose of collection and that there was no reason for the respondent to believe that the information would be misused by the psychiatrist. On this basis, the claim was dismissed.