Looking back on 2019
First major fines under the GDPR
If the introduction of the EU General Data Protection Regulation (GDPR) was the talking point for the world of privacy of 2018, the first rounds of serious fines issued under the regulation were definitely the talk of 2019.
We saw a number of unprecedented fines being given in response to the biggest privacy breaches and data leaks of the year, including:
- hotel giant Marriott was fined $197 million for an ongoing data breach that exposed 5 million unencrypted passwords, 8 million credit card records, and impacted 30 million EU residents.
- British Airways faced a record fine of $328 million for cyber-attack on their website which resulted in about 500,000 customer records, including credit card details, names, addresses and email addresses being extracted by the attackers.
- Google was fined $80 million by France’s data regulator, CNIL, for failing to comply with its GDPR obligations due to a lack of transparency and consent in relation to Google’s advertising personalisation.
The nature and scale of the penalties enforced in 2019 indicate that the risks of non-compliance for international businesses, including Australian businesses, with an EU presence, is only likely to increase in 2020.
Mandatory text for defect warranties
In June 2019, we saw changes to Australian Consumer Law as amendments to the Competition and Consumer Regulations 2010 (Cth) introduced new mandatory wording to be used by suppliers providing warranties against defects for services (or goods and services together). This amendment expands the scope of defect warranties for consumers as the ACL previously only prescribed mandatory text for warranties relating to goods.
The new mandatory wording can be found on the Australian Competition & Consumer Commission (ACCC) website, here.
Amendments to Whistleblower Legislation
More than two years after its introduction to Parliament, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (the Act) came into effect on 1 July 2019.
The Act made significant amendments to the Corporations Act 2001 (Cth) and Taxation Administration Act 1953 (Cth), increasing both the protections afforded to whistleblowers and providing greater accountability companies to ensure compliance with whistleblowing obligations.
The key features of these amendments included:
- widening the definitions of ‘eligible whistleblowers’ and ‘eligible recipients’,
- expanding the range of misconduct,
- permitting anonymous disclosures,
- implementing a whistleblower complaint policy for certain entities, and
- increasing both civil and criminal penalties.
AI in Public Sector
Some significant implications of public sector use of AI and automation technologies were highlighted during the year.
In this case of Pintarich v Deputy Commissioner of Taxation, the Federal Court of Australia found that Mr. Pintarich remained liable for interest charges on a tax liability, even though he received a computer-generated letter remitting his liability from the Deputy Commissioner of Taxation.
Because of the automated nature of the computer-generated letter, the court ruled that there was no mental process involved in reaching the conclusion, and accordingly, Pintarich could not rely upon the letter.
As automation technologies become more widespread in the public sector, and automated programs begin to replace human mental processes in complex decision making, it will be interesting to see the implications of this case on administrative decision-making in 2020 and beyond. Recent developments include an issue, identified in January this year, with inaccurate ATO general interest charge notices.
Areas to watch this year
Government action in response to the ACCC’s Digital Platform Inquiry
In July, the ACCC released its final report for the Digital Platforms Inquiry, providing a number of recommendations concerning the market dominance of large digital platforms – namely, Google and Facebook. These recommendations included wide ranging regulatory changes to multiple areas, including competition and consumer law, privacy, copyright, and media regulation.
In light of the report, the Federal Government has provided its response, supporting 6 of the 23 recommendations made by the ACCC. The response outlines the government’s commitment to:
- Allocating $26.9million over four years to establish a new special unit in the ACCC to monitor and report on the state of competition and consumer protection in digital platform markets.
- Tasking the ACCC to facilitate the development of a voluntary code of conduct to address bargaining power concerns between digital platforms and media businesses.
- Reforming media regulation to cover both online and offline delivery of media content to Australian consumers.
- Further strengthening Privacy Act protections, subject to consultation and design of specific measures as well as conducting a review of the Privacy Act.
Introduction of the Consumer Data Right
In August 2019, the Federal Government passed the Treasury Laws Amendment (Consumer Data Right) Bill 2019 (CDR), amending the Competition and Consumer Act 2010 (Cth), Australian Information Commissioner Act 2010 (Cth) and Privacy Act 1988 (Cth).
The CDR will give consumers the right to safely access certain data about them held by businesses, allowing them to better access information on the products available to them, as well as being able to direct that this information be transferred to accredited, trusted third parties of their choice.
In December, the ACCC announced an updated timeline for the launch of the CDR. The launch has now been pushed back from February to July 2020 for the banking sector.
The ACCC also announced that it would amend the CDR rules to reflect the revised timetables and consult other phases of the CDR, including its introduction into the energy and telecommunication sectors.
Reforming Australia’s designs system
Australia’s current design system has not been reviewed since the introduction of the Designs Act 2003 (Cth) in 2004. In response to recent concerns regarding its effectiveness and suitability, IP Australia has now commenced a two-phase approach to provide reforms to the system.
The first phase involves progressing and implementing the accepted recommendations from the former Advisory Council on Intellectual Property’s (ACIP) review of the Designs Act. IP Australia is aiming to introduce changes based on these recommendations in 2020.
The proposed changes fall into three topics:
- examining the scope of design protection,
- providing early flexibility for designers, and
- simplifying and clarifying the designs system.
IP Australia aims to introduce changes based on these recommendations this year.
In the second phase, as part of its ‘Designs Review Project’, IP Australia has also begun a more holistic review considering broad and longer-term reforms to Australia’s designs system. IP Australia will continue its research and consultation with stakeholders throughout 2020, with the aim to further understand and improve design innovation, commercialisation, and the overall designs economy in Australia.
Author: Blake Motbey, Associate