Attorney gives insight into Privacy at Law Council of Australia Gala Dinner

December 3, 2024

At a Law Council Dinner on Sunday 1 December 2024 the Attorney General waxed lyrical about matters pertaining to his portfolio. In the the course of his speechifying discussed the statutory tort and the anti doxxing provisions.  His defence of the journalist exception is wrong headed.  He claims it is necessary to protect freedom of the press.  That is nonsense.  There is no such exemption in any jurisdiction where there is a tort of privacy and somehow the press thrives in those places.  It was a political not policy decision. It is a terrible mistake.  That said having a tort even if in a weakened form is better than no tort.

His speech provides:

Acknowledgements

Thank you to the Law Council of Australia for hosting yet another wonderful dinner, a dinner I’m delighted to be attending for my third consecutive year since returning as Attorney-General in 2022.

I acknowledge the traditional owners of the land on which we meet, the Ngunnawal people, and pay my respects to their Elders, past and present. I extend that respect to all Aboriginal and Torres Strait Islander people here today. 

I thank the President of the Law Council, Greg McIntyre SC, for inviting me to speak tonight. I congratulate and welcome the incoming President, Ms Juliana Warner.

I also acknowledge

    • Her Excellency the Honourable Sam Mostyn AC, Governor-General of the Commonwealth of Australia, and His Excellency Simeon Beckett SC;
    • My parliamentary colleagues;
    • Current and former members of the judiciary; and
    • Members of the legal profession.

Legal assistance services

On 6 September this year First Ministers reached a landmark agreement for a new five year National Access to Justice Partnership.

And I am very pleased to say that yesterday, 28 November, the final signature from an Attorney-General was obtained, and it has been published today.

This agreement provides $3.9 billion in support for legal assistance services over five years – the largest Commonwealth funding contribution to the legal assistance sector ever.

It is a vast improvement on the previous agreement, which expires on 30 June next year.

Every single part of the legal assistance sector will get more funding.

The agreement contains nearly $800 million in additional funding, including $500 million to support frontline legal assistance services delivered by Community Legal Centres, Women’s Legal Services, Aboriginal and Torres Strait Islander Legal Services, Legal Aid Commissions and Family Violence Prevention and Legal Services.

Critically, funding will be ongoing. This means an end to a rolling five-year funding cliff. Instead of fighting for its very existence, the sector will be able to plan for the future. It will be able to more easily attract and retain employees because there is job security. This change may be an underreported element of the new agreement but its significance cannot be underestimated.

The new agreement also addresses long-standing pay parity issues in the sector. For the first time, the Commonwealth is acting to lift rates of pay for the community legal assistance sector, bringing them closer to Legal Aid Commissions – again increasing the ability of services to attract and retain good lawyers.

Unlike the previous agreement, with its inadequate fixed rate of indexation, funding will be increased in line with the Wage Cost Index – meaning Commonwealth funding will not go backwards in real terms over the life of the agreement.

The previous agreement did not provide funding security for individual parts of the sector. States and territories could, if they wished, move money from one part to another, reducing the effective value of the Commonwealth contribution. The new agreement requires jurisdictions to maintain their investment for each part of the sector over the life of the agreement.

This both maintains the value of the Commonwealth contribution and provides funding certainty to each part of the legal assistance sector.

As some in this room may remember, the new agreement was announced at a meeting of First Ministers focused on gender-based violence, and appropriately so.

Access to justice is vital for women and children trying to escape gender-based violence. It can be the difference between leaving and staying in a violent situation. It can be the difference between life and death.

I’m proud that the largest relative funding increase for legal assistance in the new agreement was for Family Violence Prevention and Legal Services – a 112 per cent increase in Commonwealth funding compared to the preceding five years.

We know that First Nations women experience disproportionate rates of family violence.

Nationally, First Nations women are seven times more likely to be homicide victims than non-Indigenous women, and of those women, 75 per cent are killed by a current or former partner.

First Nations women are 33 times more likely to be hospitalised due to family and domestic violence than non-Indigenous women.

As my colleague Senator Malarndirri McCarthy, the Minister for Indigenous Australians, has said, this is a national shame.

Doubling the funding for legal assistance services which help First Nations women escape domestic violence will not solve this problem on its own, but it is an important step forward.

Let me be clear – I know there will always be unmet need in the sector.

But I believe the new National Access to Justice Partnership is a momentous step forward.

That’s why I have been disappointed to see some misrepresentation of what the new Agreement delivers.

I expect demands from the legal profession for government to do more for the legal assistance sector.

But misrepresenting facts helps no one, least of all those in the sector.

Further, it makes little sense to make demands of the Commonwealth only.

Legal assistance is a shared responsibility, and demands on government should not focus on the national government alone.

For those in the audience who work in the community legal sector, I would like to say thank you.

You are among the most talented, committed and hardworking lawyers in the country. The Australian Government values your work. I value your work.

Privacy

You may have noticed we passed a few bills last night and early this morning.

I will go to just two of those tonight.

The first enacts tranche one of our privacy reform agenda.

The legislation does a great deal. It:

    • Creates a new statutory tort for serious invasions of privacy;
    • Creates a new criminal offence for the malicious release of personal data online, known as doxxing; and
    • Establishes provisions to enable the development of a new Children’s Online Privacy Code.

A privacy tort is not a new idea. In fact, that is something of an understatement.

In his 1969 Boyer Lectures Sir Zelman Cowen endorsed legislation to create an actionable right to seek redress for breaches of privacy.

The bill provides for a new statutory cause of action for individuals who have suffered a serious invasion of their privacy, and applies it to both physical privacy and information privacy. Read the rest of this entry »

Information Commissioner releases Annual Report

November 1, 2024

It is a annual report season for Government agencies and authorities. And that includes that of the Office of the Australian Information Commissioner.Yesterday the Commissioner released its 194 page Annual Report for 2023 – 24. 

Given the significant amendments to the Privacy Act 1988 it is better to look forward to how the Privacy Commissioner approaches her responsibilities with new found powers rather than poring over the activities of the Privacy Commissioner over the past year.  On that note the work rate improved but it remained a timid regulator by any measure.   Which is a pity given the the Information Commissioner’s remuneration was $576,174 and Deputy Commissioner Elizabeth Hampton was $380,091. The relatively newly appointed Privacy Commissioner, Carly Kind is on $109,239.

In relation to privacy complaints the the Commissioner stated:

Privacy has been very much in the spotlight, with the continuing incidence of major data breaches. In 2023–24, we received 13% more notifications under the Notifiable Data Breaches (NDB) scheme than the year prior, when there was a 4% increase. We lifted our response rate, closing 84% of notifications within 60 days (compared to 77% last reporting year). In the 2022–23 financial year we received a 34% increase in privacy complaints. This year, complaints have remained relatively high, with a slight decrease of 5% year on year. We successfully responded to this high demand, finalising 20% more privacy complaints (3,104 in total), building on last year’s increase of 17% (2,576 finalised in total).
We continued our focus on clearing longer-standing, generally more complex and resource-intensive complaints, finalising 84% (271) of the 322 matters that were over 12 months old as at June 2023. At the same time, more recent complaints increased in age over the reporting period. The volume of complaints, combined with the focus on the longest-standing, meant that by the year’s end there was an overall increase in matters older than 12 months to 729. The OAIC will continue to focus on aging cases through process efficiencies and the strategic application of resources.

 What is quite unusual is that Read the rest of this entry »

National Artificial Intelligence Centre (NAIC) releases AI guide for Environmental, Social and Governance practitioners.

October 24, 2024

On Monday the NAIC released its 29 page guide for ESG practitioners. to assist them in understanding and integrating artificial intelligence (AI) into their work. The guide advises on responsible AI use aligned with ethical goals and introduces a framework by CSIRO’s Data and Alphinity Investment Management for assessing AI’s impact on ESG and details 27 sector-specific AI use cases and highlights AI’s role in driving positive ESG solutions, including enhancing accessibility and reducing Read the rest of this entry »

ASIC investigating how directors prepare for and respond to cyber attacks

September 18, 2024

The Australian Financial Review reports in ASIC pursues board directors over cyber breaches that it is investigating how directors deal with cyber attacks, both before and after they happen.  The ASIC Chair’s speech Effective compliance: Perspectives from the regulator highlights this increased focus. 

ASIC has been quite active in taking action against companies who have suffered damage as a result of data breaches, most notably its civil penalty proceeding against RI Advice.

The speech by the ASIC chair Read the rest of this entry »

Australian Government publishes policy for responsible use of Artificial Intelligence. Comes into force on 1 September 2024

August 17, 2024

The Australian Government has published a 19 page policy for the responsible use of AI. It comes into force on 1 September 2024.

The recommended actions include:

  • training staff on AI fundamentals taking into account roles and responsibilities such as employees involved in procurement, development, training, and deployment of AI;
  • make publicly available a statement outlining their approach to AI adoption, including information on compliance with the policy, measures to monitor the effectiveness of deployed AI systems, and efforts to protect the public against negative impacts; and
  • designate accountable officials for implementation of the policy within their organization, who:
    • are the contact point for whole-of-government AI coordination;
    • must engage in whole-of-government AI forums and processes; and
    • must keep up to date with changing requirements as they evolve over time.

The key principles of the policy are aimed at :

  • Australians are protected from harm;
  • AI risk mitigation is proportionate and targeted; and
  • AI use is ethical, responsible, transparent and explainable to the public.

The the press release is found here and the policy here.

The press release provides:

The Australian Government needs a coordinated approach if it’s to embrace the opportunities of AI. The Digital Transformation Agency has released the Policy for the responsible use of AI in government, an important step to achieve this goal while building public trust.

Coming into effect 1 September 2024, the Policy for the responsible use of AI in government positions the Australian Government to be an exemplar of safe, responsible use of AI.

Designed to evolve with technology and community expectations, it sets out how the Australian Public Service (APS) will:

  • embrace the benefits of AI by engaging with it confidently, safely and responsibly
  • strengthen public trust through enhanced transparency, governance and risk assurance
  • adapt over time by embedding a forward-learning approach to changes in both technology and policy environments.

‘This policy will ensure the Australian Government demonstrates leadership in embracing AI to benefit Australians,’ states Lucy Poole, General Manager for Strategy, Planning, and Performance.

‘Engaging with AI in a safe, ethical and responsible way is how we will meet community expectations and build public trust.’

Enable, engage and evolve

The policy is driven by the ‘enable, engage and evolve’ framework to introduce principles, mandatory requirements and recommended actions.

Enable and prepare

Agencies will safely engage with AI to enhance productivity, decision-making, policy outcomes and government service delivery by establishing clear accountabilities for its adoption and use.

Every agency will need to identify accountable officials and provide them to the DTA within 90 days of the policy effect date.

Engage responsibly

To protect Australians from harm, agencies will use proportional, targeted risk mitigation and ensure their use of AI is transparent and explainable to the public.

Agencies will need to publish a public transparency statement outlining their approach to adopting and using AI within 6 months of the policy effect date.

Evolve and integrate

Flexibility and adaptability are necessary to accommodate technological advances, requiring ongoing review and evaluation of AI uses, and embedding feedback mechanisms throughout government.

Supporting agencies standards and guidance

To help implement the policy, the DTA has published a standard for accountable officials (AOs) to lead their agency to:

  • uplift its governance of AI adoption
  • embed a culture that fairly balances risk management and innovation
  • enhance its response and adaptation to AI policy changes
  • be involved in cross-government coordination and collaboration.

‘We’re encouraging AOs to be the primary point of partnership and cooperation inside their agency and between others,’ outlines Ms Poole.

‘They connect the appropriate internal areas to responsibilities under the policy, collect information and drive agency participation in cross-government activities.’

‘Whole-of-government forums will continue to support a coordinated integration of AI into our workplaces and track current and emerging issues.’

The DTA will also soon release a standard for AI transparency statements, setting out the information agencies should make publicly available such as the agency’s:

  • intentions for why it uses or is considering adoption of AI
  • categories of use where there may be direct public interaction without a human intermediary
  • governance, processes or other measures to monitor the effectiveness of deployed AI systems
  • compliance with applicable legislation and regulation
  • efforts to protect the public against negative impacts.

‘Statements must use clear, plain language and avoid technical jargon,’ stresses Ms Poole.

Further guidance on additional opportunities and measures will be issued over the coming months.

Continuing our significant work on responsible AI

The last 12 months saw important work to better posture the APS for emerging AI technologies including the AI in Government Taskforce, co-led by the DTA and Department of Industry, Science and Resources (DISR), which concluded on 30 June 2024. 

The taskforce brought together secondees and stakeholders from across the APS for an unprecedented level of consultation, collaboration and knowledge-sharing. Its outputs directly informed this new policy and even more, continuing work to ensure a consistent, responsible approach to AI by government.

‘Our AI in Government Taskforce was crucial in demonstrating that we need a centralised approach to how government embraces AI, if it wishes to mitigate risks and increase public trust,’ states Ms Poole.

The Australian Information Commissioner has commenced civil penalty proceedings against Australian Clinical Labs Limited in the Federal Court

November 20, 2023

After coming off some serious questioning in Senate Estimates about poor enforcement practices the Commissioner announced on 3 November 2023 that the Office of the Information Commissioner has launched proceedings against Australian Clinical Labs on 2 November 2023 (file number NSD1287/2023). The Commissioner has filed a Concise Statement and Originating Application and Australian Clinical Labs Limited has filed a Notice of Address for service. The Commissioner is represented by DLA Piper, out of its Brisbane Office.  Previously the Commissioner has been represented by HWL Ebsworth.  Gilbert & Tobin, out of its Sydney Office, is representing Australian Clinical Labs.  GIlbert & Tobin represented RI Advice in the Federal Court case of  Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496. That case has been heralded as a positive development in enforcing data security as an obligation of Financial Service Licensees under the Corporations Act 2001, being 912A.  While R I Advice was the subject of compliance orders and penalties it is fair to say that Gilbert & Tobin did a good job in keeping the stringency of the orders and penalty to a moderate level.  Compared to overseas penalties by the European regulators, the UK Information Commissioner’s Office and Read the rest of this entry »

Legal and Constitutional Affairs Legislation Committee questions Office of Information Commissioner in Senate Estimates on 23 October 2023

October 27, 2023

Senate Estimates are an invaluable way of scrutinising government departments and asking questions on issues that do not find their way into Government reports. So it was with the Senate Legal and Constitutional Affairs Legislation Committee asked some long overdue questions of the Information Commissioner on 23 October 2023.  With the Information Commissioner top of the list of questions is the delay in investigating complaints and the lack of vigorous enforcement by the Commissioner.  Compared to other privacy regulators the Australian Information Commissioner’s Office is tardy and timid.

Senator Shoebridge asked questions relating to those very issues.  The answers were not particularly inspiring.  The good Senator hightlighted what privacy practitioners have long suspected, that the Commissioner doesn’t do enforcement.  This extract is revealing:

Sen ator SHOEBRIDGE: How could it be that 1,748 data breaches are referred to your office with not a single penalty over two years? What has gone wrong?

Ms Falk : It’s not a matter of something going wrong. It’s about regulatory strategy. It’s about ensuring that we’re using the right tool in the right circumstances.

Senator SHOEBRIDGE: It’s about never using the stick, isn’t it—never.

Ms Falk : That’s not the case. You’ll be aware that I do have proceedings before the Federal Court in relation to Facebook and also aware of the time that it takes for these matters to progress.

The regulatory strategy is not to take enforcement action.  In the US or the UK the enforcement would very much to the fore.  Here is is not the “right tool.”  Little wonder that there is a very poor privacy culture.  If enforcement is off the table there is Read the rest of this entry »

Turner v Bayer Australia Ltd (No 6) [2023] VSC 244 (10 May 2023): consideration by Victorian Court of GDPR obligations on a party whose discovery may contain personal information collected in the EU.

May 22, 2023

Justice Keogh in Turner v Bayer Australia Ltd (No 6) [2023] VSC 244 considered the application of the Victorian law and the European Privacy law, the General Data Protection Regulation (GDPR). The issue was whether releasing and reporting on personal information of individuals in documents generated in the EU attract protections that the Court should consider in the context of media reporting of a Victorian proceeding.

FACTS

The  proceeding is a product liability action concerning implanted permanent contraceptive medical devices identified collectively as the Essure device [1].

The trial commenced on 11 April 2023 and is estimated to run for 12 weeks [2].

Media organisations sought access to transcript and some of the documents relied on by the parties at trial.

The second defendant, Bayer Aktiengesellschaft,  is a corporation registered in Germany [4].

Some of the defendant’s discovery was of documents that originated from Germany (‘EU documents’), which some of which contained  personal data of natural persons residing in the European Union (‘EU’), including:

  • names,
  • job titles,
  • signatures,
  • business email addresses,
  • street addresses and phone numbers, and
  • personal email addresses,
  • street addresses and phone numbers (‘EU data’) [4].

The defendants opposed the media having general access to transcript and EU documents used at trial because, they argue, the release of EU data would be a breach of the GDPR [4].

The defendants sought orders requiring that media apply to the Court for release of transcript and any EU documents tendered at trial and give details of the context and purpose underpinning their request when applying for access, provide the parties with time to object to media access, and provide the parties further time  to redact personal information from documents to be released [5].

The defendants relied on a report of Professor Dr Gregor Thüsing, a jurist and professor at the University of Bonn in Germany who has has expertise in the European law of data protection and data security [12].

The court summarised Read the rest of this entry »

Re Lifestyle Residences Hobsons Bay Pty Ltd (recs & mgrs apptd) [2023] VSC 179 (6 April 2023): statutory demand, service under section 109X(1)(a), service outside the statutory period, whether director can make application on behalf of company when receivers appointed

April 23, 2023

The Victorian Supreme Court in Re Lifestyle Residences Hobsons Bay Pty Ltd (recs & mgrs apptd) [2023] VSC 179 considered a range of issues; whether a director can bring an application when receivers appointed, the operation of section 109X(1)(a) of the Act and the calculation of service. it makes it clear that there is an immutability of filing an application out of time making the application is a nullity.

FACTS

The facts relating to service were:

  • on 22 November 2022, Ms Celia Luki, the solicitor with carriage of the matter for the defendant, ascertained the registered office address of the Company from an Australian Securities and Investments Commission (‘ASIC’) company search [35].
  • Luki requested the Office Services Clerk in her firm in Redfern, New South Wales, to organise for the documents to be couriered to Melbourne for delivery to the registered office address.
  • a Client Services Assistant at McCullough Robertson received Luki’s instructions on the service of the statutory demand in the sum of $213,166.89 in an email forwarded to her by the Office Services Clerk, who also provided the statutory demand and accompanying affidavit.
  • the assistant logged into the Toll Priority (Aus) system and inputted those details, recording Luki’s email address as the contact person to receive email updates on the progress of the delivery of the demand. She printed a label from the Toll system, which included all of the recipient’s details which she affixed the label onto a Toll Express Services priority satchel and obtained a tracking number and manifest document.
  • in the afternoon of 22 November 2022, a courier from Toll attended the McCullough Robertson office and collected the sealed envelope and two copies of the manifest document [35]
  • on 16 December 2022 the tracking log records the documents were delivered to the company at the registered office address on 23 November 2022 at 9:46am. The proof of delivery document clearly records the registered office at which delivery occurred and the signature of Paula accepting delivery of the envelope [36]. Paula was a receptionist an accounting firm engaged by the company, whose business address is the registered office address of the company.
  • Paula was unsure who to forward the demand to and sought confirmation from her principal, Mr Sam Cimino. However, because Cimino was extremely busy that day, she was only able to email him and unable to speak to him in person [37].
  • on 24 November 2022, Paula had a discussion with Cimino, who instructed her to immediately send the statutory demand to Mr Burgess, Mr Dale Harrison and Mr Peter Van De Steeg, who are nominated contact people at the company. 
  • Paula emailed the nominated people at the company, attaching an electronic copy of the statutory demand but erroneously stated the demand had arrived by courier at the registered office address on 24 November 2022 when, in fact, it was delivered by courier the day prior [38]. 

Read the rest of this entry »

Media watch has a segment on “Media and privacy”, focusing on tort of interference with privacy. The venerable Paul Barry in full stentorian mode opines against it. Quelle surprise!

April 17, 2023

Tonight ABC’s Media watch broadcast a segment on the Attorney General’s Report on a Review of the Privacy Act, titled “Media and privacy”, with a focus on a proposed statutory tort of privacy. The coverage followed the traditional line adopted by media commentators in Australia, yes there are breaches but a tort of privacy would suppress free speech and so reform is a bad idea. Being Media Watch it was a reasonably comprehensive story, within the time alloted. But still quite predictable and overall not particularly sophisticated. The usual suspects came out against, such as Justin Quill with the usual lines about how such a reform will help the rich and kill investigative journalism. The supporters were also predictably supportive, being Michael Douglas and Barbara McDonald, but a good deal less shrill. Between now and the release of a draft bill expect strident stories from the participants in the Right to Know Coalition. In the past Chris Merritt (Privacy tort a blow to free speech 18 March 2009), Ainslie Van Onsolen (Push for a tort is misguided and wrong 21 September 2012), The Australian) and Micheal Stutchbury (Lawsuits no way to defend privacy or free speech 26 July 2011), among many others, have dipped their thumbs into the ink barrel when a privacy tort is mentioned and penned jeremiads about the end of journalism, the end of freedom of speech and no more public interest exposes if there such a privacy tort is enacted. There is a sameness about the columns; pictures of a grim future with judges wielding their gavels with abandon crushing story after story and villainous reprobates being protected. The offerings tended to be long on emotion and short on analysis. That does not mean it has not had an effect. Governments of both persuasions have steered clear of adequate privacy law reform for decades.

It is entirely understandable that the media would have an interest in privacy reform.  The problem is that it does not accept that the defence of public interest and freedom of expression in any tort will be given any weight.  That is fear based on emotion not logic.  On a more practical level given the gaping lacuna in the law regarding privacy, and the practical inability of the aggrieved to take any legal action for invasions of their privacy, it is in the media’s interests to keep  the status quo

The Media Watch report is quite a reasonable analysis, albeit limited by the fact that as the title suggests it focuses on media and privacy. Which is not the whole issue.  What is lost in this story is that there are many circumstances where the media is not involved, the interference with privacy is one person intruding on the seclusion of another.  Or interfering government officials.  Or organisations and businesses surveilling customers or just ordinary individuals.  With new and increasingly intrusive technology not having legal recourse is a failure of public policy.  None of this will convince the media and the fact that Australia is an outlier in this area of law causes it no concern at all.

The transcript of the story Read the rest of this entry »

Verified by MonsterInsights