Australia: Telecommunications, Media And Technology (TMT) Law Update – Volume 28

Last Updated: 20 August 2019
Article by Gordon Hughes and Andrew Sutherland
Most Popular Article in Australia, August 2019

Key recent developments in the area of Technology, Media and Telecommunications are summarised below.


Owners of public Facebook pages liable for defamatory postings

On 24 June 2019, the Supreme Court of New South Wales ruled that a media company could be liable for defamatory postings on its Facebook page by members of the public: Voller v Nationwide News Pty Ltd [2019] NSWSC 766.  The key factor in the determination was the fact that the defendant had the ability to remove comments which it invited from the public by using various blocking tools.  Rothman J emphasised that material only becomes defamatory upon publication, and the defendant had the capacity to control what was downloaded. His honour denied his decision was an assault on free speech, noting that the operation of a Facebook page had "little to do with freedom of speech" but rather the defendant's "own commercial interests"..

Bank gives Information Commissioner an enforceable undertaking

On 24 June 2019, the Australian Information Commissioner accepted an enforceable undertaking from the Commonwealth Bank following two security incidents.  One incident involved the disposal in 2016 of magnetic data tapes containing historical customer statements, and the other involved internal user access to customer data in 2018.  There was no evidence that customer privacy had been compromised in either incident.  After the incidents were self-reported by the Bank, the Commissioner conducted a preliminary enquiry under section 42(2) of the Privacy Act and concluded that there were grounds for concern about compliance with Australian Privacy Principle 11 (Security of Personal Information) Under section 33E of the Privacy Act and under section 114 of the Regulatory Powers (Standard Provisions) Act 2014, the Information Commissioner can accept an enforceable undertaking. This undertaking was provided pursuant to the Regulatory Powers Act.  The Bank undertook to review its internal privacy processes and its privacy risk management and monitoring processes, and to engage an independent expert to conduct a risk assessment.

NSW agency did not mishandle personal information when passing it to another agency

On 2 July 2019, the NSW Civil and Administrative Tribunal ruled that there had been no breach of the Privacy and Personal Information Protection Act 1998 (NSW) when personal information relevant to an enquiry was passed on to a local council and another State agency in order to accurately answer an enquiry: DMW and DMX v NSW Local Land Services [2019] NSWCATAD 128.  The applicants were seeking advice regarding regulatory requirements involved in replacing a boundary fence.  The enquiry was lodged with the respondent which passed the information on to the Hawkesbury City Council which it considered was the appropriate consent authority.  The respondent also passed on details to the Office of Environment Land Management Biosecurity Conservation Helpdesk.  The applicants complained that their personal information associated with the enquiry had been disclosed for purposes other than the original reason for collection, in breach of section 18 of the Act.  The Tribunal found, however, that the information related to the applicants' original enquiry and was disclosed in the course of answering that enquiry, thus providing the respondent with a defence under section 18(1)(a) of the Act which permits disclosures where "the disclosure is directly related to the purpose for which the information was collected, and the agency has no reason to believe that the individual concerned would object to the disclosure".

No privacy breach to post mail to recipient who 'prefers' email

On 15 July 2019, the New South Wales Civil and Administrative Tribunal determined that the State's Department of Family and Community Services had not breached the Privacy and Personal Information Protection Act 1998 ("the PPIP Act") when it posted a request for information to a residential address despite the applicant's preference to be contacted by email: DQJ v Secretary, Department of Family and Community Services [2019] NSWCATAD 138. The Tribunal dismissed the application on the basis that, at the time the letter was sent to the contact address, the applicant had not requested that all communication be by email.  There was, in the Tribunal's opinion, no basis on which the Respondent could have known at the time that the applicant did not want any letters sent to the contact address which she provided in her application form. The fact that the applicant had nominated email as a preferred method to be contacted did not prohibit the respondent from posting correspondence to the contact address.  Furthermore, there was no evidence to suggest that the letter was opened or that anyone at the contact address became aware of the personal information that was included in the letter.  For these reasons, there was no basis to conclude that the respondent had breached section 18(1)(a) of the PPIP Act which prohibits disclosure of personal information by a government agency if the agency has reason to believe that "the individual concerned would object to the disclosure".

Vodafone gives ACCC an enforceable undertaking

On 15 July 2019, Vodafone Hutchison Australia Pty Limited agreed to a court enforceable undertaking in relation to its third party billing service known as "Direct Carrier Billing" (DCB).  Vodafone admitted it made false or misleading representations and likely breached section 12DB(1)(b) of the Australian Securities and Investment Commission Act 2001 (Cth) (ASIC Act) from at least February 2015 when it charged customers through its DCB service for digital content that they unknowingly purchased.  The DCB service was automatically enabled on customers' accounts and allowed purchases or subscriptions for digital content such as games, ringtones and other digital content to be charged to a Vodafone customer's mobile account after one or two clicks on a web browser, without any identity verification.  To address the ACCC's concerns, Vodafone has provided a section 93AA undertaking that it will refund customers who applied for refund after unintentionally purchasing the content.  Vodafone is also required to report to the ACCC on the results of its refunds commitments for a period of 12 months.

Court ends employment restraint on company's former IT sales manager.

On 26 July 2019, the Supreme Court of New South Wales refused to extend an interlocutory injunction restraining a software vendor's sales channel manager from commencing new employment with a competitor: Verint Systems (Australia) Pty Ltd v Sutherland [2019] NSWSC 882.  The employee was subject to a non-solicitation, confidentiality and 12-month non-compete constraint.  The court acknowledged that there were serious questions to be tried but considered there were other factors which militated against an extension of the interim restraint order which had been in place for two months.  Whilst the employee had had access to the employer's confidential information – such as customer lists, customer contract renewal dates, pricing and sales strategies – there was no evidence that he was in physical possession of such data or that he had at any stage downloaded confidential information for his own purposes.  The employee's capacity to use such information would have diminished with time as his memory faded and, on balance, a continuation of the interlocutory relief would affect the employee more harshly than the employer.

New Legislation And Guidelines

APRA lifts confidentiality restraints on certain insurance data

On 8 July 2019, the Australian Prudential Regulation Authority (APRA) made a determination that certain information provided to APRA under specified reporting standards by general insurers and Lloyd's underwriters for the purposes of the National Claims and Policies Database (NCPD) is not confidential: Australian Prudential Regulation Authority (Confidentiality) Determination No 1 of 2019.  The determination was made under the Australian Prudential Regulation Authority Act 1998 (Cth) section 57, on the basis that the benefit to the public from the disclosure of the information outweighs any detriment to commercial interests that the disclosure may cause. The instrument identified various reporting standards as being non-confidential in the expectation that this would enhance the ability of the NCPD to provide insurers and the community with a better understanding of public and product liability insurance and professional indemnity insurance, and thereby help make those products more affordable and available by providing insurers with more detailed information when assessing risks and determining appropriate premiums.  APRA emphasised that the removal of confidentiality masking would not negate the need for ongoing privacy masking.

Expanded functions for eSafety Commissioner

On 15 July 2019, the federal government introduced the Enhancing Online Safety (Protecting Australians from Terrorist or Violent Criminal Material) Legislative Rule 2019. The Rule has the effect of expanding the functions of the eSafety Commissioner under the Enhancing Online Safety Act 2015 (Cth) to include oversight of potentially terror-related internet content. The office of eSafety Commissioner was created under the initial iteration of the Act, then known as the Enhancing Online Safety for Children Act 2015, and the role of the Commissioner at that time was confined to enhancing the online safety of children.  The Office was expanded, and the Act renamed, in 2017 for the purpose of protecting all Australians, not just children, from exposure to illegal or offensive online content, with a particular focus initially on cyberbullying and image-based abuse.  The functions of the Commissioner are set out in section 15, and section 15(r) extends to "such other functions (if any) as are specified in the legislative rules".  The new Rule introduced in 2019 extends the Commissioner's functions to include the promotion of "online safety for Australians by protecting Australians from access or exposure to material that promotes, incites, or instructs in, terrorist acts or violent crimes".  This follows an amendment to the Criminal Code Act 1995 (Cth) in April 2019 in the wake of the Christchurch massacre which, as reported in Volume 27 of this Update, introduced new offences applying to anyone providing an internet, hosting or content service who fails to refer to the Australian Federal Police any recorded or streamed "abhorrent violent material" within a reasonable time after becoming aware of its existence.

Consumer Data Right finally introduced

On 24 July 2019, the Commonwealth government re-introduced legislation into the House of Representatives in a bid to re-start the Consumer Data Right ("CDR") initiative.  The legislation took the form of the Treasury Laws Amendment (Consumer Data right) Bill 2019.  We have previously discussed the CDR in earlier Updates, most recently Volumes 25. 26 and 27.  The essence of the CDR initiative is that a data portability right will be rolled out across a number of industries over a period of time, commencing with the Big 4 Banks.  Pursuant the this new right, individuals and businesses will have a right of access to their data, and the targeted industries will be required to grant public access to information regarding specified products on offer.  The Consumer Data Right was previously foreshadowed in an earlier iteration of the same Bill which lapsed on 11 April 2019 when parliament was prorogued for the federal election, although three of the Big 4 Banks voluntarily implemented the first stages of the scheme on 1 July 2019. The re-instated Bill was finally passed on 1 August 2019, and is expected to apply to the Big 4 Banks from February 2020. For a more detailed overview of the CDR scheme, see the article by Gordon Hughes on our website here.

ACCC recommends wide-ranging reforms to laws governing social media platforms

On 26 July 2019, the Australian Competition and Consume Commission released its final Digital Platforms Inquiry report.  The inquiry focussed on the impact of digital platforms – specifically online search engines, social media platforms and other digital content aggregation platforms – on the advertising and media markets and on three groups of users, namely, advertisers, media content creators and consumers.  The report addressed a range of issues and made numerous recommendations, all of which highlight the intersection of privacy, competition and consumer protection.  Recommendations of particular interest included the introduction of digital platform data portability, the development of a code of conduct for digital platforms, a review of the effectiveness of copyright protection for digitised content and the introduction of a statutory privacy right.  The report also recommended a range of changes to Australia's privacy legislation, including an updated definition of "personal information", more stringent notification requirements relating to the collection of personal data, strengthened consent requirements and the introduction of a right of erasure (otherwise known as a "right to be forgotten").  The government will respond to the Report by the end of 2019.  For a more detailed summary of the report, see the article by Gordon Hughes on our website here.

Bill re-introduces national identity-matching scheme.

On 31 July 2019, legislation was tabled in the House of Representatives to enable the implementation of identity-matching services involving the Commonwealth, State and Territory governments.  The Identity-matching Services Bill 2019 amends the Australian Passports Act 2005 to enable travel document information to be shared with other Australian jurisdictions in accordance with an intergovernmental agreement signed on 5 October 2017.  The identity-matching scheme was previously foreshadowed in an earlier iteration of the same Bill which lapsed on 11 April 2019 when parliament was prorogued for the federal election.  Central to the new arrangements will be the establishment of a face verification service which will allow Commonwealth, State and Territory agencies to verify the identity of individuals by reference to facial images in government identity records.  Most significantly, the Department of Home Affairs will host a National Driver Licence Facial Recognition Solution consisting of a database of driver licences images and information supplied by each State and Territory, and a facial recognition system for biometric comparison of facial images in the database.  It is anticipated that the new system will help combat identify crime, enhance national security and monitor proceeds of crime. To address privacy concerns, it will be an offence to make an unauthorised disclosure or recording of certain information held in the system.

Policies, Reports And Enquiries

New South Wales considers mandatory data breach reporting for public sector

On 19 July 2019, the New South Wales Department of Communities and Justice issued a discussion paper entitled Mandatory Notification of Data Breaches by NSW Public Sector Agencies, seeking feedback on whether a mandatory data breach notification scheme should be adopted for the State public sector and, if so, how such a scheme should operate.  Mandatory data breach notification was introduced for Commonwealth public sector agencies, as well as private sector organisations with an annual turnover of $3m or more, by the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) which came into effect on 22 February 2018.  State agencies are not bound by Commonwealth privacy legislation, however.  The discussion paper seeks feedback not only on the concept of mandatory reporting but also on key operational elements such as trigger events (i.e. the seriousness of a breach which warrants reporting), the relevance of remedial action (i.e. whether the need to report can be obviated by prompt rectification of the problem) and the method and timeframe for notification.

Health Privacy Issues

Additional treatment information relating to veterans to be included in My Health Record.

On 1 July 2019, a regulatory amendment issued under the My Health Records Act 2012 prescribed that information relating to the provision of healthcare to veterans may in certain circumstances be included in a My Health Record: My Health Records Amendment (Veterans' Affairs Treatment Benefits) Regulations 2019.  The Treatment Benefits (Special Access) Act 2019 provides for medical treatment, through a Department of Veterans' Affairs treatment card (gold card), of members of Australian Civilian Surgical and Medical Teams who provided medical aid, training and treatment to local Vietnamese people during the Vietnam War, and the effect of the amendment is that the My Health Records Regulation 2012 now provides for the inclusion in a My Health Record of healthcare provided under the Treatment Benefits (Special Access) Act.  The Statement of Compatibility with Human Rights which accompanied the amendment observed that "including healthcare information created under the Treatment Benefits (Special Access) Act 2019 will enable eligible Australians to better manage their healthcare information and assist healthcare providers".

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Related Topics
Related Articles
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of

To Use you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions