Artificial Intelligence (“AI”) is revolutionising the way we consume, the way work is done, the way things are built.  The productivity gains have been extraordinary.  It also poses significant public policy challenges.  The problems include a lack of transparency in decision making, the skewed results with potentially poor quality algorithms and the “black box” effect where the path of reasoning is obscured or completely unknown. And it can have a dystopian potential, skewing results against minorities for example.  That is a problem with facial recognition technology and predictive analytics in insurance and criminal investigations.  All of those matters concern the public.  There is a dearth of regulation for the good reason that legislatures are not sure how to properly regulate without harming the positive potential of AI. 

The Singapore Privacy Commissioner has launched AI Verify – An AI Governance Testing Framework and Toolkit.  It is ostensibly designed to allow companies to demonstrate responsible AI.  It is a voluntary scheme. It is certainly a step in the right direction.

The press release by the Infocomm Media Development Authority, Singapore launches world’s first AI testing framework and toolkit to promote transparency; Invites companies to pilot and contribute to international standards development provides Read the rest of this entry »

The UK Information Commissioner has imposed a significant fine of £7,552,800 on Clearview AI for illegally collecting personal data of UK residents. The facial images of UK residents were scraped from the internet and fed into Clearview’s database where, with the aide of artificial intelligence, it could use that data to identify those people and monitor them.

Clearview AI continues to maintain that it has done nothing wrong, saying that its technology and intentions have been “misinterpreted.” and claimed that Clearview AI is not subject to the ICO’s jurisdiction.

Clearview has already been the subject of act ion by other regulators. In March 2022 the Italian data protection agency fined Clearview €20 million penalty for breaches of EU law.  In December last year France’s data watchdog, CNIL,found that Clearview had committed two breaches of the the GDPR.    Similarly in February 2021 Canadian privacy commissioners stated that Clearview violated Canadian Privacy laws .  In the United States Cook County, effectively Chicago, and Clearview entered into agreement in settlement of a suit whereby Clearview has agreed to stop providing its technology to most private clients and doing business in Illinois. 

The use of facial recognition technology by police, is belatedly being scrutinised Read the rest of this entry »

In Re Australian Builders Group Pty Ltd [2022] VSC 254 the Supreme Court, per Hetyey AsJ, set aside a statutory demand based on a genuine dispute based on the construction of an agreement and default notice but also by a claim of duress.

FACTS

On or around 1 June 2017 Mind, a not-for-profit organisation providing community-managed specialist mental health services entered into an agreement with Australian Win Win Investment Pty Ltd (‘the landlord’) to lease a property located at 691 High Street, Thornbury, Victoria (‘the property’ and ‘the lease’ respectively) for an amount of $130,000 per annum (approximately $10,833.33 per calendar month) [1].

In early May 2018, Mind and ABG entered into a sublease agreement for the property (‘the sublease’). The parties to the sublease agreed that ABG would pay a reduced amount of rent of $121,000 per annum (approximately $10,083.33 per calendar month) [2].

From February 2019, ABG began to fall into arrears & by 15 April 2021, it owed Mind approximately eight months’ rent, totalling $82,279.92 (‘the arrears’). Pursuant to a repayment deed, ABG agreed to make regular payments of the arrears of $2,500 plus GST, together with interest, per week.

Regarding the repayment Read the rest of this entry »

In A & J Morphett Nominees Pty Ltd v JBT Lawyers Pty Ltd & Anor [2022] VSC 238 Justice Dixon in upholding an appeal made important statements for practitioners on the role of stakeholders.

FACTS

On 26 November 2018 the appellant and Chloe Estelle Pty Ltd entered into the contract with the appellant paying the deposit of $42,000 to the respondent on 6 December 2018 [4].

On 21 March 2019, the appellant by written notice terminated the contract and requested that the respondent repay the deposit to it [4].

The appellant, A & J Morphett Nominees Pty Ltd, commenced proceedings against Chloe Estelle Pty Ltd, as first defendant, and the respondent, JBT Lawyers Pty Ltd, as second defendant in the Magistrates Court.  In its defence the respondent admitted that it received the deposit sum as a stakeholder as alleged by the appellant [6].

On 24 June 2019, the appellant entered default judgment in the proceeding against Chloe Estelle Pty Ltd, which included an amount for interest and costs [7]. The appellant did not recover against Chloe Estelle Pty Ltd as it was and on 18 July 2019, an administrator was appointed and it was subsequently ordered to be wound up. The liquidators made no claim for the deposit.

It was never been in dispute that the respondent received that sum as a stakeholder for the appellant and Chloe Estelle Pty Ltd [3].

On 29 March 2019, the Federal Circuit Court, per Small J,made an order in a Family Law dispute between different parties.  It relevantly Read the rest of this entry »

The Federal Court, per Halley J, set aside a statutory demand in CBS Commercial Canberra Pty Ltd v Axis Commercial (ACT) Pty Ltd, in the matter of CBS Commercial Canberra Pty Ltd [2022] FCA 544 in finding that an offsetting claim constitutes a genuine dispute. It is a very good decision setting out the complications of offsetting claims arising from building contracts relied upon in setting aside a statutory demand which is based on a certificate and judgment obtained under the Security of Payments Act.

FACTS

CBS engaged Axis as a sub-contractor to undertake work at a building site located in Gungahlin in the Australian Capital Territory [12].

The chronological events Read the rest of this entry »

The Federal Court, per Rolfe J, in Australian Securities and Investments Commission v RI Advice Group Pty Ltd [2022] FCA 496 made what has widely been described as a first occasion a corporation has been found to have breached its licence obligations in failing to have adequate risk management systems to manage its cyber security risks. The Court ordered declaratory relief requiring RI Advice to undertake work to improve its security under the supervision of an expert.  

The orders were made in terms agreed between the parties just before the trial was scheduled to commence.

I have followed this proceeding closely with posts ASIC commences action against RI Advice Group Pty Ltd for failing to have adequate cyber security in August 2020 and ASIC v RI Advice Group Pty Ltd cyber security civil penalty trial pushed off from a 29 November 2021 hearing date to a date in April 2022 in May 2021,

FACTS

The Court provided a factual background about stating that RI Advice :

• was:
  • a wholly-owned subsidiary of Australia and New Zealand Banking Group Limited (ANZ). RI Advice up to and including September 2018;
  • from 1 October 2018, along with two other ANZ financial licensees, part of the IOOF Holdings Limited (IOOF) group of companies [12]
• carries on a financial services business within the meaning of s 761A of the Corporations Act Act (“The Act”) under a third-party business owner model.
• authorises Under s 916A of the Act, RI Advice independently-owned corporate authorised representatives (“ARs”) and individual authorised representatives to provide financial services to retail clients on RI Advice’s behalf and pursuant to the Licence [13]

The AR Practices (practices of groups of one or more Authorised Representatives):

• electronically received, stored and accessed  confidential and sensitive personal information and documents in relation to their retail clients. The personal information included:

(a) personal details, including full names, addresses and dates of birth and in some instances health information;(b) contact information, including contact phone numbers and email addresses; and

(c) copies of documents such as driver’s licences, passports and other financial information [14].

• since 15 May 2018 provided financial services to at least 60,000 retail clients [15]
• had 9 cybersecurity incidents between June 2014 and May 2020, being:
  • in June 2014 an AR’s email account was hacked and five clients received a fraudulent email urging the transfer of funds, one of whommade transfers totalling some $50,000;
  • in June 2015 a third-party website provider engaged by an AR Practice was hacked, resulting in a fake home page being placed on the AR Practice’s website;
  • in September 2016 one client received a fraudulent email purporting to be an employee of an AR Practice asked for money. The AR Practice used an email platform where information was stored “in the Cloud”, with was no anti-virus software and only one password which everyone used.
  • in January 2017 an AR Practice’s main reception computer was subject to ransomware delivered by email, making certain files inaccessible;
  • in May 2017 an AR Practice’s server was hacked by brute force through a remote access port, resulting in file containing the personal information of some 220 clients being held for ransom and ultimately not recoverable;
  • between December 2017 and April 2018 (December 2017 Incident) an unknown malicious agent gained unauthorised access to an AR Practice’s server for several months  compromising the personal information of several thousand clients, some of whom reported unauthorised use of the personal information;
  • in May 2018 an unknown person gained unauthorised access to the email address of an AR and sent a fraudulent email to the AR’s bookkeeper requesting a bank transfer;
  • an unauthorised person used an AR Practice’s employee’s email address:
    • in August 2019 to send phishing emails to over 150 clients ; and
    • in April 2020 to send phishing emails to the AR Practice’s contacts [16].

Inquiries and reports following the cybersecurity incidents revealed thatthere were a variety of issues in the respective ARs’ management of cybersecurity risk, including:

• computer systems not having up-to-date antivirus software installed and operating;
• no filtering or quarantining of emails;
• no backup systems in place, or backups not being performed; and
• poor password practices including:
  • sharing of passwords between employees,
  • use of default passwords,
  • passwords and other security details being held in easily accessible places or being known by third parties [17].

Regarding the incidents Read the rest of this entry »

The Full Bench of the High Court heard argument in Google LLC v Defteros [2022].  It is a case of considerable interest to defamation practitioners.  The key issue is whether a search engine a publisher of defamatory material on a third party website to which that search engine provides a hyperlink when the search result on its own conveys no defamatory imputation.  Also Google seeks a ruling on what is required to notify the search engine of defamatory publication for the purposes of the common law doctrine of innocent dissemination and the statutory defence under section 32 of the Defamation Act 2005. 

The transcript of oral argument before their Honours can be found here.

It is an appeal from a decision from the Victorian Court of Appeal in Defteros v Google LLC [2021] VSCA 167 (17 June 2021).  Interestingly on that occasion the appellant, Defteros, was unsuccessful.  Google’;s cross application for leave to appeal was refused. 

Special leave was granted on 10 December 2021 conditional upon Google paying Defteros’s costs of the appeal and not disturbing the costs orders in the Court of Appeal and at trial.  The transcript of the Special Leave Application can be found here.  In short, there is a public interest in resolving the issue. 

The essence of Google’s submissions is that the trial judge and the Victorian Court of Appeal erroneously found that the provision of a hyperlink was participation in the communication of defamatory material for the purpose of publication.  

The submissions of both parties can be found Read the rest of this entry »

Justice Riordan considered an appeal against an order for security for costs in In the matter of Credit Clear Limited [2022] VSC 206.  The appellants were unsuccessful across the board. 

FACTS

By originating process filed 15 July 2020, the plaintiffs made an application under:

(a) sections 175, 232, 233, 461(1)(k), 1041H(1), 1324(1) and 1325 of the Corporations Act 2001 (Cth) (‘the Act’);

(b) sections 12DA and 12GM of the Australian Securities and Investments Commission Act 2001(Cth) (‘the ASIC Act’);

(c) Sections 237 and 243 of the Australian Consumer Law, being Schedule 2 of the Competition and Consumer Act 2020 (Cth) (‘ACL’); and

(d) the inherent jurisdiction of the Court [2].

The plaintiffs sought the following substantive relief in their points of claim [4]:

(a) The first plaintiff (‘Mr McKendrick’) sought to be reinstated as a director of the first respondent (‘Credit Clear’).

(b) The appellant sought the following relief:

B. Declarations and or orders under s 1325 of the Act, alternatively s 233(1)(c) and or (j) of the Act, s 12GM of the ASIC Act and or ss 237 and 243 of the ACL, that the Separation Agreement dated 11 November 2016 and Intellectual Property Assignment Agreement dated 11 November 2016 (by which the plaintiffs were forced to give up their interests in the first defendant together with the intellectual property rights owned by the first plaintiff) are void on the grounds they were procured under duress, undue influence, unconscionable conduct and or misleading and deceptive conduct in contravention of 1041H(1) of the Act, s 12DA of the ASIC Act and or s 18 of the ACL;

C. A declaration that the second plaintiff is entitled to hold 20% of the issued ordinary shares in the first defendant;

D. Rectification of the share register of the first defendant pursuant to s 175 of the Act to reinstate the second plaintiff as a member and to record that it holds a number of fully paid ordinary shares representing 20% of issued shares in the first defendant alternatively that it holds 6,805,555 fully paid ordinary shares in the first defendant;

E. A declaration that the affairs of the first defendant are being conducted contrary to the interests of the members as a whole and or are oppressive to, or unfairly prejudicial to, or unfairly discriminatory against the second plaintiff, or in the interests of and to the benefit of the second to third defendants and not the first defendant or its members;

F. An order that the second and or third defendants purchase the second plaintiff’s shareholding in the first defendant at fair value; Read the rest of this entry »

In Bioaction Pty Ltd v Ogborne, in the matter of Bioaction Pty Ltd [2022] FCA 436 the Federal Court considered, for the first time by the courts, the deeming provisions of sections 105A and 105B of the Corporations Act regarding service applications to set aside a statutory demand within the 21 day time limit,.  

FACTS

By originating process filed on 3 February 2022, the plaintiff, Bioaction Pty Ltd, sought an order setting aside a statutory demand pursuant to s 459G of the Corporations Act dated 12 January 2022 served by the defendant, Gordon Ogborne (“Ogborne”) [5].

Bioaction  specialises in the design, manufacturing and installation of systems to eliminate or mitigate odorous, hazardous and corrosive gases & Ogborne was its Chief Financial Officer / Chief Operating Officer from December 2019 until November 2021, when he was made redundant [7].

Ogborne and Bioaction were in dispute as to his entitlements where Ogborne claimed he was entitled to any additional sum [8].

On 13 January 2022, Ogborne served the statutory demand on Bioaction seeking payment of $240,688.31 being unpaid:

• salary,
• superannuation,
• salary in lieu of termination,
• annual leave and
• redundancy

pursuant to an employment contract [9].

The statutory demand was Read the rest of this entry »

It is something of a persistent myth that authors can hide behind pseudonyms and publish defamatory statements with impunity.  If, as demonstrated in Colagrande v Kim [2022] FCA 409 a plaintiff is determined enough there is high probability of obtaining sufficient information to identify the author and convince a court that that person is the correct defendant in a subsequent defamation proceeding. Jagot J ordered a very significant award against the respondents.

FACTS

Dr Colagrande (“Colagrande”) a Australian trained doctor who is highly qualified:

• in 1999 completing a training Fellowship with the Cambridge Private Hospital in Cambridge, United Kingdom i
• in 2002, becoming an Honorary Fellow in Aesthetic Plastic and Reconstructive Surgery at Addenbrooke’s Public Hospital in Cambridge, United Kingdom
• in 2005, gaining a Fellowship in Cosmetic Surgery from the European Academy of Cosmetic Surgery
• in 2005,  establishing a clinic at Mermaid Beach, Gold Coast, Queensland where he mainly performed cosmetic procedures, health assessments and well-being programs.

In February 2017 Dr Colagrande pleaded not guilty to a charge of  indecent assault of a patient, to which he was found not guilty [5]. On 5 June 2018 the Queensland Court of Appeal quashed that conviction and the prosecution entered a nolle prosequi (a formal abandonment of the charge) on 7 June 2018 [5].

Colagrande had an account with the RateMDs website, a Doctor rating site with over 40 million visits every year. Members of the public can post entries relating to doctors on the RateMDs website [6].

In early 2019 when Colagrande Read the rest of this entry »