There is no question that one of the most high-profile legal issues at the moment relates to privacy and data control.   

Recent privacy breaches have highlighted that Australia’s laws may not be as effective as we would like in requiring businesses to take appropriate precautions to prevent the inappropriate release of private information and personal data.

In part, this may be because Australia has a very low penalty regime with respect to privacy breaches. This, and other relevant matters, are currently being considered - and an update to the Privacy Act 1988 has now been drafted and introduced into Parliament.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 considers some of the core elements referred to in the 2021 Exposure Draft. In particular it increases penalties for data breach.  Currently, a corporate entity could be exposed to penalties of up to $2.22 million.

Moving forward, under the new regime, penalties will be the greater of:

• $50 million;

• 3 times the value of the benefit obtained by the company; or

• 30% of the adjusted turnover of the company during the period in which the privacy breach occurred.

Non-corporate entities and individuals will have their penalties raised from $444,000 to $2.5 million.

With the increasing prevalence of malicious cyberattacks, new regulations have been introduced to ensure that the government has knowledge of cyber incidences affecting specific entities in the following industries:

• electricity
• communications
• data storage or processing
• financial services
• water
• healthcare and medical
• higher education and research
• food and grocery comment transport
• space technology

By implementing a mandatory reporting regime, the government seeks to strengthen the security and resilience of critical infrastructure, by empowering the relevant authorities to more immediately address critical cyber incidents - and to develop responses and protections to minimise the risk of future incidents occurring.

It has happened: a company that failed to implement proper cyber security measures in Australia has been taken to court by the regulators, with the company ordered to pay costs of $750,000.

In the matter of the Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496, the Court found that a financial services provider had breached its licence obligations, and failed to act efficiently or fairly by not having in place adequate risk management systems to cater for risks arising in relation to cyber security.

Readers may recall Holman Webb’s September 2021 article ‘The Future of Artificial Intelligence - Can AI invent software?’, which reported on a landmark judgement by Justice Beach of the Federal Court in the matter of Thaler v Commissioner of Patents [2021] FCA 879, which determined that under Australian law, artificial intelligence could be listed as the inventor in relation to an application for a patent. 

Readers may also recall that the Commissioner of Patents appealed that decision.

That decision has now been overturned by the Full Court of the Federal Court, in a unanimous judgement which brings Australia into line with most other jurisdictions around the world.

The Office of the Australian Information Commissioner (‘OAIC’) has released its 2020–21 annual report and performance statement.

In the past 12 months, the OAIC has sought to establish strong privacy protections to both increase public confidence in the use of personal information, and minimise the public health risks associated with COVID-19.

If you purchased a business and the sale included all of the business’s computers, would it be reasonable to expect to be able to use the software installed on those computers?

In the recent matter of QAD Inc v Shepparton Partners Collective Operations Pty Ltd [2021] FCA 615, the Federal Court ordered Shepparton Partners Collective Operations Pty Ltd (‘SPC’) to pay $1M+ in damages to software company QAD Inc (‘QAD’), after finding that SPC had infringed copyright after purchasing the business from Coca-Cola Amatil (‘CCA’) without having secured a transfer of the relevant software licence agreement.

• After the sale QAD required payment of a fee as a condition for its consent to transfer the licence, which SPC refused to pay.
• SPC denied that it had infringed copyright, claiming that it had an implied licence from QAD to use the software.
• SPC cross-claimed against Sale Co 1 Limited (‘SaleCo’) and CCA on the basis they had failed to use their ‘best endeavours’ to secure a transfer of the licence agreement.

Back in February 2020, Holman Webb published an article ‘AI and Facial Identification Technology – the Face of the Future?’, which referred to an article in the New York Times highlighting Clearview AI, and the use of the company’s facial recognition technology by law enforcement agencies internationally.

At the time the Australian Parliament was considering the introduction of the Identity-matching Services Bill 2019 and Australian Passports Amendment (Identity-matching Services) Bill 2019 which would enable the Department of Home Affairs and Foreign Affairs and Trade to utilise similar facial recognition technology.

As it turns out, Holman Webb Lawyers were not the only ones taking a close look at Clearview AI. Since that time, it appears that Clearview AI was offering free software trials to numerous law enforcement agencies within Australia, some of whom have commenced their investigation into the use of the app and have been feeding visual data into the system.

In Holman Webb’s April 2020 article Drone (UAV) Laws: Focused on Safety or Keeping Australia Back?, we discussed the strict regulations surrounding the use of drones (aka Unmanned Aerial Vehicles, or ‘UAVs’) within Australia. That article considered the impact of these regulations on Australia’s advancement with respect to UAV technology, especially within the agricultural and medical industries.

Since April 2020, the regulations have increased.

The Commissioner of Patents will appeal the Australian Federal Court’s recent decision in Thaler v Commissioner of Patents [2021] FCA 879, to allow machines to be recognised as inventors on a patent application, on the basis that the decision is ‘incompatible’ with Australian patent law

On 10 August 2021 both Houses of Parliament passed the Treasury Laws Amendment (2021 Measures  No 1) Bill 2021, enabling companies to sign and execute documents, hold meetings, provide notices relating to meetings and keep minutes using electronic means or other alternative technologies, until the end of March 2022.

The Act will formally take effect once it receives Royal assent.