Barilaro v Google LLC [2022] FCA 650 (6 June 2022): Defamation, videos uploaded to YouTube, where respondent failed to take down videos, award of over $700,000.

June 7, 2022

The Federal Court, per Rares J, found for John Barilaro in Barilaro v Google LLC [2022] FCA 650 for defamation by means of posts on YouTube and awarded him $715,000.

FACTS

The publications complained of were two YouTube videos prepared by a Mr Shanks:

  • bruz, first uploaded on 14 September 2020.  The contents are described in great detail at [33] – [63]; and
  • Secret Dictatorship, first uploaded on 21 October 2020 [3].  It is described in great detail at [81] – [91]

The imputations pleaded in bruz video was that:

(a) Mr Barilaro is a corrupt conman;

(b) Mr Barilaro committed perjury nine times;

(c) Mr Barilaro has so conducted himself in committing perjury nine times that he should be gaoled;

(d) Mr Barilaro corruptly gave $3.3 million to a beef company; and

(e) Mr Barilaro corruptly voted against a Royal Commission into water theft [4].

The imputations pleaded in Secret Dictatorship video was that:

(a) Mr Barilaro has acted corruptly by engaging in the blackmailing of councillors;

(b) Mr Barilaro has acted corruptly by engaging in the blackmailing of councillors using taxpayer money; and

(c) Mr Barilaro has pocketed millions of dollars which have been stolen from the Narrandera Shire Council [5].

On 25 November 2020 Barilaro’s chief of staff, McCormack, contacted Google Australia’s manager to complain about the racist and untrue content of friendlyjordies videos [129].  On 30 November 2020 Barilaro’s social media manager made a formal complaint to YouTube about the allegations Read the rest of this entry »

CBS Commercial Canberra Pty Ltd v Axis Commercial (ACT) Pty Ltd, in the matter of CBS Commercial Canberra Pty Ltd [2022] FCA 544 (12 May 2022): application to set aside statutory demand, offsetting claim,

May 15, 2022

The Federal Court, per Halley J, set aside a statutory demand in CBS Commercial Canberra Pty Ltd v Axis Commercial (ACT) Pty Ltd, in the matter of CBS Commercial Canberra Pty Ltd [2022] FCA 544 in finding that an offsetting claim constitutes a genuine dispute. It is a very good decision setting out the complications of offsetting claims arising from building contracts relied upon in setting aside a statutory demand which is based on a certificate and judgment obtained under the Security of Payments Act.

FACTS

CBS engaged Axis as a sub-contractor to undertake work at a building site located in Gungahlin in the Australian Capital Territory [12].

The chronological events Read the rest of this entry »

Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 (5 May 2022): ss 912A(1)(a) & (h) Corporations Act 2001 (Cth), failure to have adequate cybersecurity risk management in place,

May 14, 2022

The Federal Court, per Rolfe J, in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 made what has widely been described as a first occasion a corporation has been found to have breached its licence obligations in failing to have adequate risk management systems to manage its cyber security risks. The Court ordered declaratory relief requiring RI Advice to undertake work to improve its security under the supervision of an expert.  

The orders were made in terms agreed between the parties just before the trial was scheduled to commence.

I have followed this proceeding closely with posts ASIC commences action against RI Advice Group Pty Ltd for failing to have adequate cyber security in August 2020 and ASIC v RI Advice Group Pty Ltd cyber security civil penalty trial pushed off from a 29 November 2021 hearing date to a date in April 2022 in May 2021,

FACTS

The Court provided a factual background about stating that RI Advice :

  • was:
    • a wholly-owned subsidiary of Australia and New Zealand Banking Group Limited (ANZ). RI Advice up to and including September 2018;
    • from 1 October 2018, along with two other ANZ financial licensees, part of the IOOF Holdings Limited (IOOF) group of companies [12]
  • carries on a financial services business within the meaning of s 761A of the Corporations Act Act (“The Act”) under a third-party business owner model.
  • authorises Under s 916A of the Act, RI Advice independently-owned corporate authorised representatives (“ARs”) and individual authorised representatives to provide financial services to retail clients on RI Advice’s behalf and pursuant to the Licence [13]

The AR Practices (practices of groups of one or more Authorised Representatives):

  • electronically received, stored and accessed  confidential and sensitive personal information and documents in relation to their retail clients. The personal information included:

(a) personal details, including full names, addresses and dates of birth and in some instances health information;(b) contact information, including contact phone numbers and email addresses; and

(c) copies of documents such as driver’s licences, passports and other financial information [14].

  • since 15 May 2018 provided financial services to at least 60,000 retail clients [15]
  • had 9 cybersecurity incidents between June 2014 and May 2020, being:
    • in June 2014 an AR’s email account was hacked and five clients received a fraudulent email urging the transfer of funds, one of whommade transfers totalling some $50,000;
    • in June 2015 a third-party website provider engaged by an AR Practice was hacked, resulting in a fake home page being placed on the AR Practice’s website;
    • in September 2016 one client received a fraudulent email purporting to be an employee of an AR Practice asked for money. The AR Practice used an email platform where information was stored “in the Cloud”, with was no anti-virus software and only one password which everyone used.
    • in January 2017 an AR Practice’s main reception computer was subject to ransomware delivered by email, making certain files inaccessible;
    • in May 2017 an AR Practice’s server was hacked by brute force through a remote access port, resulting in file containing the personal information of some 220 clients being held for ransom and ultimately not recoverable;
    • between December 2017 and April 2018 (December 2017 Incident) an unknown malicious agent gained unauthorised access to an AR Practice’s server for several months  compromising the personal information of several thousand clients, some of whom reported unauthorised use of the personal information;
    • in May 2018 an unknown person gained unauthorised access to the email address of an AR and sent a fraudulent email to the AR’s bookkeeper requesting a bank transfer;
    • an unauthorised person used an AR Practice’s employee’s email address:
      • in August 2019 to send phishing emails to over 150 clients ; and
      • in April 2020 to send phishing emails to the AR Practice’s contacts [16].

Inquiries and reports following the cybersecurity incidents revealed thatthere were a variety of issues in the respective ARs’ management of cybersecurity risk, including:

  • computer systems not having up-to-date antivirus software installed and operating;
  • no filtering or quarantining of emails;
  • no backup systems in place, or backups not being performed; and
  • poor password practices including:
    • sharing of passwords between employees,
    • use of default passwords,
    • passwords and other security details being held in easily accessible places or being known by third parties [17].

Regarding the incidents Read the rest of this entry »

Australian Competition and Consumer Commission succeeds in alleging Google misled consumers regarding its location history settings. Privacy law enforcement via the Consumer Law

April 16, 2021

In a very significant decision of Australian Competition and Consumer Commission v Google LLC (No 2) [2021] FCA 367 the Federal Court, per Thawley J, has found that Google breached sections 18, 29 and 34 of the Australian Consumer Law (the “ACL”).  At 341 paragraphs it is a significant and detailed judgment.

Privacy policies and settings remain problematical in terms of practical, as opposed to theoretical, compliance with the Privacy Act 1988 and in providing consumers with a clear understanding of what the settings actually mean for them.  It does not help that settings are changed regularly and often without notice, with Facebook being particularly notorious in this regard.

It appears that the ACCC is stepping into the regulatory void that would otherwise be occupied by the Australian Information Commissioner in enforcing privacy protections.  By relying on misleading and deceptive conduct provisions of the ACL the ACCC is following the long established approach taken by the US Federal Trade Commission in bringing proceedings for misleading conduct where companies claim to protect privacy or have proper data security when in fact they do not.  That has led scholars to suggest that the FTC has developed a new common law of privacy. It would be a welcome development if the ACCC used its experience and superior litigation skills to enforce privacy protections in Australia.  The Information Commissioner has thus far had a dismal record in the Federal Court regarding consideration of the Privacy Act 1988.

The proceedings commenced in October 2019. Final orders will not be made for at least 14 days as the parties are to provide orders to reflect the court’s conclusions.  Given the nature of the findings it is reasonable to expect Read the rest of this entry »

Australian Information Commissioner v Facebook Inc; Federal Court rejects application to set aside ruling granting the Commissioner leave to serve process on the US Based Facebook

September 14, 2020

The Federal Court today dismissed an application by Facebook against a previous ruling granting the Australian Information Commissioner leave to serve legal documents on Facebook USA.

The issue in the application was Facebook contending that it did not carry out business in Australia.

The terms of the application and the supporting affidavit are not publicly searchable, yet. The hearing took place on 6 May 2020.

The orders of Justice Thawley are:

  1. The interlocutory application dated 6 May 2020 be dismissed.
  2. The written reasons for judgment not be published beyond the parties until further order.
  3. The parties have until 12 pm on 16 September 2020 to advise the Court of any orders for redactions sought, together with a concise written explanation as to why those redactions ought be made.
  4. Unless any party applies within 7 days for a different order with respect to costs, the first respondent pay the applicant’s costs of the interlocutory application.

The Commissioner had a restrained Read the rest of this entry »

ASIC commences action against RI Advice Group Pty Ltd for failing to have adequate cyber security

August 22, 2020

Today the Australian Securities and Investments Commission (“ASIC”) commenced proceedings against RI Advice Group Pty Ltd (“RI”).   It has been filed in the Federal Court Victorian Registry.  

RI holds an Australian Financial services licence and at all relevant times was a wholly owned subsidiary of the Australia and New Zealand Banking Group Limited (the ANZ).

According to the Concise Statement :

  • on 3 January or 3 March 2017 RI became aware of a ransomware attack on the computer systems of one of RI’s authorised representatives in 2016 which made files inaccessible [5];
  • on 30 May 2017 RI became aware another authorised representative’s files were hacked which affected 226 client groups [6]. 

ASIC alleges that in relation to each of those incidents RI should have but failed to:

 (a) properly review the effectiveness of cybersecurity controls relevant to these incidents across its AR network, including account lockout policies for failed log-ins, password complexity, multi-factor authentication, port security, log monitoring of cybersecurity events, cyber training and awareness, email filtering, application whitelisting, privilege management and incident response controls; and (b) ensure that those controls were remediated across its AR network where necessary in a timely manner, in order to adequately manage risk with respect to cybersecurity and cyber resilience.

  • between 30 December 2017 and 15 April 2018 an unknown malicious agent obtained and retained remote access to an authorised representative’s remote access to its file server and spent 155 hours accessing sensitive client information.  That resulted in 27 clients reporting unauthorised use of their personal information with that there were 3 attempts to redirect mail and multiple bank accounts being opened upon without consent.  There was a notification to the Australian Information Commissioner.  An investigation revealed that 8,104 individuals were exposed to the breach.

ASIC alleges that the risk management systems and resourcing relating to cybersecurity and cyber resilience were inadequate Read the rest of this entry »

Australian Competition & Consumer Commission sues Google for misleading and deceptive conduct… but it really is a breach of data privacy case

July 27, 2020

Last Friday the Australian Competition & Consumer Commission (“ACCC”) announced that it has commenced proceedings against Google LLC alleging misleading and deceptive conduct in failing to inform consumers and obtain their informed consent  from 2016 that it was combining their personal information in Google accounts with information gleaned from their activities in non Google sites which use Google technology.  The ACCC also alleges that Google misled consumers about changes to its privacy policy.

The ACCC has not released the concise statement and the case has not appeared on the Federal Court website as yet.  It is interesting, and something of a relief, that the ACCC is stepping up and taking on privacy related cases instead of the Australian Information Commissioner.  Unfortunately the Commissioner has a lamentable track record in enforcing privacy breaches, particularly in the Federal Court.

The nature of the case as described by the ACCC seems to follow a tried and true approach used by the Federal Trade Commission in the United States, attacking privacy and data breaches through breaches of contractual terms or misleading and deceptive conduct.  It is also an approach that the Federal Court is more comfortable with.  To date the Federal Court has produced judgments that betray a bewildering befuddlement regarding privacy principles; namely Read the rest of this entry »

HQ Insurance Pty Limited v Stonehatch Risk Solutions Limited (No 2) [2020] FCA 1010 (16 July 2020): application for preliminary discovery, rule 7.23 Federal Court rules, claim for relief under s 1324(1) Corporations Act, reasonable enquiries

July 22, 2020

In HQ Insurance Pty Limited v Stonehatch Risk Solutions Limited (No 2) [2020] FCA 1010 the Federal Court per Thawley dismissed an application for preliminary discovery on the grounds that the applicant failed to establish that reasonable inquiries were made.

FACTS

The dramatis personae are:

  • HQ,  an Australian bloodstock and livestock insurance broker specialising in equine insurance. It holds an AFSL which authorises it to advise and deal in general insurance [17].
  • Stonehatch,  a United Kingdom (UK) based insurance broker specialising in bloodstock insurance. It does not hold an AFS [17]]
  • Ausure (Upper Hunter) Pty Ltd trading as Ausure Insurance Solutions (NSW),  an insurance broker which brokered equine thoroughbred insurance through Stonehatch as its wholesale broker in the UK where the equine risks were underwritten by various Lloyd’s syndicates [18].

On 25 September 2018, HQ completed its purchase of Ausure’s client book of insurance policies. HQ transferred the insurance files to their own wholesale broker, Integro Brokers Limited, in the UK, on 18 October 2018 [19].

Under the agreement between Read the rest of this entry »

Lewis (liquidator), in the matter of Concrete Supply Pty Ltd (in liq) [2020] FCA 841 (16 June 2020): s 477(2B) Corporations Act 2001 application, approval for liquidator to retain solicitor who act for creditor of the company in liquidation

July 16, 2020

In Lewis (liquidator), in the matter of Concrete Supply Pty Ltd (in liq) [2020] FCA 841 White considered the relevant principles in considering an application under section 477(2B) of the Corporations Act 2001.

FACTS

Between August 2009 and November 2017, ABCL had supplied concrete to Concrete Supply [5].

In October 2017, ABCL discovered that it had been underpaid about $12 million by Concrete Supply.  The underpayment was disguised by false entries made by one of its employees.  ABCL sought payment of the shortfall from Concrete Supply. On 14 November 2017, the directors of Concrete Supply resolved that it was, or was likely to become, insolvent and appointed Messrs Cooper and Cantone at Worrells as administrators. On 19 December 2017, the creditors of Concrete Supply resolved that it enter into a Deed of Company Arrangement (” DOCA”) [5].

ABCL opposed the Read the rest of this entry »

Yeo, in the matter of Ready Kit Cabinets Pty Ltd (in liq) v Deputy Commissioner of Taxation [2020] FCA 632 (15 May 2020); deed of company arrangement, Corporations Act sections 588FA and 588FE, voidable transactions

June 11, 2020

In Yeo, in the matter of Ready Kit Cabinets Pty Ltd (in liq) v Deputy Commissioner of Taxation [2020] FCA 632 Middleton J considered the operation of the sub sectin 588FE(2B) involving the voidable transactions and whether payments were made under the administrator of a deed of company arrangement.

FACTS

On 29 October 2013, Mr Yeo and Mr Rambaldi were appointed as joint and several administrators of Ready Kit Cabinets Pty Ltd (in liq) (” the Company”) [8].

The DCT  commenced proceedings seeking to wind up the Company before the appointment of  Yeo and Rambaldi as voluntary administrators [9].  The first meeting of the Company’s creditors was convened and held on 7 November 2013 [10].  On 14 November 2013,  Yeo and Rambaldi issued a circular to creditors in which they advised that the second meeting of the Company’s creditors would be held on 22 November 2013. Yeo and Rambaldi provided creditors with a copy of a s 439A report with the circular [11].  At the second meeting of creditors  a resolution was passed that the Company should execute a deed of company arrangement [12].

On or about 11 December 2013, the DOCA was executed by:

  • each of the Company (by its then administrators,  Yeo and Rambaldi),
  •  Yeo and Rambaldi as deed administrators, and
  • the Director [13].

His Honour identified key provisions of the DOCA as:

  • Recital H. [14], that:

This Deed binds all Creditors of [the Company] pursuant to Section 444D of the Corporations Act and [the Company], all officers and members of [the Company], and the Administrators pursuant to Section 444G of the Corporations Act.

  •  management and control of the Company’s day-to-day business affairs were returned to the Director;
  • a fund was established and controlled by the Deed Administrators which constituted the whole of the property available for distribution to participating creditors [15];
  • the Company and Director made certain covenants and undertakings, including in respect of the Company’s compliance with its taxation obligations [15]; and
  •  upon default of the DOCA by the Company or the Director, the Deed Administrators were to convene a meeting of creditors to determine whether to terminate the DOCA and wind up the Company [15].

Between 11 December 2013 and 5 July 2017, the Company was returned to the management and control of the Director and continued to trade [16]. During this time the Company incurred fresh liabilities Read the rest of this entry »

Verified by MonsterInsights