The Australian Competition and Consumer Commission has ordered Booktopia Pty Ltd (‘Booktopia’) to pay $6 million dollars in penalties for breaches of the Australian Consumer Law.

Specifically, Booktopia was found to have made false and misleading representations regarding consumer rights and guarantees in the Terms of Business provided on their website, and by their customer relations and service staff working within their service centres.

On 7 March 2023, the new chair of the Australian Competition and Consumer Commission, Gina Cass-Gottlieb, announced the Commission’s 2023-2024 Compliance and Enforcement Priorities  in relation to competition and consumer issues.

One of the top priorities is combatting ‘greenwashing’ claims by businesses.

In late 2021, the much-anticipated Franchise Disclosure Register was announced by the government of the day. Around that time, Holman Webb dove into what the register would look like, and what franchisors would need to do to prepare for its introduction. See our November 2021 article ‘The Franchise Disclosure Register – What is it and When Does it Begin?’.  The register is now in force.

Key Takeaways:

• Franchisors must, if they haven’t already, create a profile on the Franchise Disclosure Register as soon as possible and provide the mandatory information.
   
• The profile and information provided should be updated at least annually. Franchisors should also take care to make sure the information provided is consistent with their disclosure document and key facts sheet.

The Privacy Act 1988 (Cth) requires all businesses to have a privacy policy in place, if that business is an Australian Privacy Principles entity (‘APP entity’).

A privacy policy is a document that sets out how a business collects, holds, uses, and discloses personal information.

Personal information is information that identifies a person, irrespective of whether the information is true or not. This information can include a person’s name, physical or email address, photograph, telephone number, or their payment details.

The Australian Consumer Law has now changed, meaning that businesses with standard contracts will soon be at risk of incurring penalties in excess of $50 million for each unfair contract term within their standard form agreements. 

The definition of small business contracts in section 23(4) will be amended to apply to a business that has either:

1. fewer than 100 employees; or
2. an annual turnover of less than $10 million (calculated on the business’ last income year).

Casual employees are not counted unless employed on a regular and systemic basis, and part-time employees are counted as a fraction of a full-time employee.

The change to this definition potentially expands the scope of businesses that would be captured under this section, as it would no longer be confined to businesses with fewer than 20 employees.

There is no question that one of the most high-profile legal issues at the moment relates to privacy and data control.   

Recent privacy breaches have highlighted that Australia’s laws may not be as effective as we would like in requiring businesses to take appropriate precautions to prevent the inappropriate release of private information and personal data.

In part, this may be because Australia has a very low penalty regime with respect to privacy breaches. This, and other relevant matters, are currently being considered - and an update to the Privacy Act 1988 has now been drafted and introduced into Parliament.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 considers some of the core elements referred to in the 2021 Exposure Draft. In particular it increases penalties for data breach.  Currently, a corporate entity could be exposed to penalties of up to $2.22 million.

Moving forward, under the new regime, penalties will be the greater of:

• $50 million;

• 3 times the value of the benefit obtained by the company; or

• 30% of the adjusted turnover of the company during the period in which the privacy breach occurred.

Non-corporate entities and individuals will have their penalties raised from $444,000 to $2.5 million.

As highlighted in our November 2021 article New Requirement for Directors to Register for a Director Identification Number, company directors are required by law to apply for a director identification number.

A director ID is a unique identifier that directors apply for once and keep forever. ASIC suggests that the implementation of the director ID system will help prevent the use of false or fraudulent director identities.  All directors of companies, registered Australian bodies, registered foreign companies or Aboriginal and Torres Strait Islander corporations will need director ID’s.

Unfortunately, on 28 October 2022 ASIC published an Alert warning that scammers are pretending to be ASIC, and are approaching Registry customers via email.

Since 2020, the Australian Competition and Consumer Commission has introduced amendments to the Competition and Consumer Act 2010 which enable consumer data information to be shared, in order to facilitate the process known as open banking.

At present, Consumer Data Right legislation solely relates to information held by banks and energy companies.  It is anticipated that there will be a further and more significant roll out of legislation impacting the wider financial sector, as well as other sectors within the economy, in the next several years.

Holman Webb Lawyers is currently assisting broker groups, aggregators and software providers in relation to banking Consumer Data Right requests, and is similarly advising accredited data recipients with respect to their entrance into the financial services area, to enable applications for consumer credit.

The process surrounding the release of Consumer Data Right information is developing rapidly, as new technology emerges. There are privacy concerns relating to the management of this information, with detailed legislation and systems having been introduced to enable this information management to occur.

This article provides a brief analysis of the legislative process.  Readers should note that there will undoubtedly be further change, as the Consumer Data Right process gains traction.

Contained within the Privacy Act 1988 and the Privacy (Credit Reporting) Code 2014 is a regime concerning the collection, storage and use of data relating to an individual’s credit’s history and credit worthiness information.

The Office of the Australian Information Commissioner recently conducted a review of the Code and made several recommendations for change, providing a timely reminder of the nature of the Code and the obligations on all parties involved in requests for credit reporting information.

Franchise agreements often contain restraints of trade. The restraints typically apply for a period of time after the franchise ends, and may restrict franchisees from competing with the network or conducting a similar business within a particular geographical area.

Whilst these restraints can be legitimate and important protections for the franchise network, they can also be a major hinderance for franchisees looking to move onto their next venture.

Clause 23 of the Franchising Code of Conduct can be a way for franchisees to avoid the operation of these restraint clauses. However, it has quite a narrow application - and there numerous proactive steps that franchisees must take to obtain the benefit of the exception.