Australian Competition & Consumer Commission sues Google for misleading and deceptive conduct… but it really is a breach of data privacy case

July 27, 2020

Last Friday the Australian Competition & Consumer Commission (“ACCC”) announced that it has commenced proceedings against Google LLC alleging misleading and deceptive conduct in failing to inform consumers and obtain their informed consent  from 2016 that it was combining their personal information in Google accounts with information gleaned from their activities in non Google sites which use Google technology.  The ACCC also alleges that Google misled consumers about changes to its privacy policy.

The ACCC has not released the concise statement and the case has not appeared on the Federal Court website as yet.  It is interesting, and something of a relief, that the ACCC is stepping up and taking on privacy related cases instead of the Australian Information Commissioner.  Unfortunately the Commissioner has a lamentable track record in enforcing privacy breaches, particularly in the Federal Court.

The nature of the case as described by the ACCC seems to follow a tried and true approach used by the Federal Trade Commission in the United States, attacking privacy and data breaches through breaches of contractual terms or misleading and deceptive conduct.  It is also an approach that the Federal Court is more comfortable with.  To date the Federal Court has produced judgments that betray a bewildering befuddlement regarding privacy principles; namely Read the rest of this entry »

Consumer Data right effective today

July 1, 2020

The 1st July 2020 is the commencement of the Consumer Data Right.  Under the legislation consumers an request their banks to share data for deposit and transaction accounts as well as credit and debit cards.  As of today there are two accredited data recipients however a further 39 providers have started the process.  Data from home, personal and investment loans and joint accounts will commence on 1 November.

The regulatory structure is interesting.  There are two regulators who will be responsible for regulation, the ACCC and the OAIC.  They come from two ends of the spectrum.  The ACCC is a good regulator by Australian standards while the OAIC is a dreadful regulator by any standards.  The ACCC is run by a thoughtful and insightful chairman, I can’t recall who runs the OAIC.  The Compliance and Enforcement Policy is Read the rest of this entry »

Cyber attack at BlueScope Steel and MyBudget highlights a chronic problem facing businesses, particularly those with poor privacy protocols

May 16, 2020

This year has seen some major cyber attacks which have crippled businesses.  On 31 January 2020 Toll Transport’s systems were infected with Ransomware, a variant of the Mailto or Netwalker ransomware.  It operates by encrypting all the common file types outside the operating system.  the files are rendered unusable. That meant it couldn’t perform its core service, delivery.

Mailto is usually spread through a compromised email attachment but it can also be done through a combination of user credential theft or a brute force attack on passwords in combination with usernames.   Attacks by  email involves the Mailto activating an infected payload through what appears to be a legitimate file. Attacks are commonly sent from a domain with a high reputation.  Sometimes they are sent from compromised email accounts.  These forms of attack easily Read the rest of this entry »

Privacy Amendment (Public Health Contact Information) Bill 2020 passed the Federal Parliament

May 15, 2020

The Privacy Amendment (Public Health Contact Information) Bill 2020 passed the Senate yesterday without any amendment to the Bill passed by the House of Representatives.  The amendments proposed by Senator McKim and Senator Patrick were not accepted. 

The bill, soon to be Act, can be found here.  The explanatory memorandum can be found here

The passage of the bill is covered by itnews in Read the rest of this entry »

Privacy Amendment (Public Health Contact Information) Bill 2020 passes the House of Representatives and the second reading in the Senate

May 14, 2020

With not much in the way of fanfare the House of Representatives passed the Privacy Amendment (Public Health Contact Information) Bill 2020 yesterday.  The Bill was introduced into the Senate yesterday and has passed the Second Reading.  It has been referred to a Committee.

The Bill passed in the House of Representatives relevantly provides Read the rest of this entry »

Age breathlessly reports that Victoria Police could be sued over leak of Laidley photo. Duh! The real story is that when it comes to protecting privacy and getting redress the law is woefully inadequate.

May 6, 2020

The angles newspapers take to kick a story along can be astonishing.  In today’s Age the story Police could be sued over Laidley photo leak, lawyer warns reports that Victoria Police could be sued in relation to the leak of photographs of Dean Laidley.  Really! That is the story? The “talking head” that is the hook for the story, is Jeremy King providing ex tempore observations, that there was a breach of confidential information and  misfeasance in public office.  They were reasonable general comments overall. But hardly extraordinary and definitely not in the “breaking news” category.

All in all it is pretty thin gruel for a story in a large newspaper.  It does however provide an opportunity to have a (very) brief look at how inadequate the law is in this area.

Until all the facts are known it is impossible to properly assess and determine what causes of action are available.  But even at this preliminary stage there appear to be some available.  Unfortunately with no statutory tort of interference with privacy (recommended by the Australian Law Reform Commission twice, the Victorian and New South Wales Law Reform Commissions, the ACCC in its recent Digital Platforms Report, multiple Federal and State Parliamentary Committees and recommendations by learned academics over the last 40 years) when dealing with privacy breaches it is necessary to rely on a range of torts, claims in equity and, on occasion, common law to bring a case.

There are two distinct issues in a case of this nature, the Read the rest of this entry »

A second police officer suspended over leak of unauthorised photographs of Laidley

May 5, 2020

The extent to which the unauthorised photographs of Dean Laidley have spread through texts and via social media is not publicly known but the reporting suggests it has been, and probably continues to be widespread.  The immediate impact has been on the Victoria Police with a second policeman, a senior constable, stood down and under investigation and likely to be charged.  The story is reported by the Age in Second police officer suspended over leaked images of Dean Laidley and by the ABC with Victoria Police suspends second police officer over unauthorised sharing of Dean Laidley photo.  Both Senior Constables will be fortunate if the extent of their troubles is limited to damaging their careers within Victoria Police.  If convicted of a criminal offence they face the real prospect of losing that career.  In those circumstances officers more often than not resign before being removed from the Force. 

To the extent that action has been taken is laudable, but the episode also highlights that in Australia it is for the authorities to take action.  The law in this area is lamentably paternalistic.  The ability of Australians to take action, or at least consider it, for breaches of their privacy is so circumscribed as to be near worthless.  There is no Read the rest of this entry »

Government releases exposure draft of the Privacy Amendment (Public Health Contact Information) Bill 2020

The Commonwealth Attorney General’s Department has released an exposure draft of the Privacy Amendment (Public Health Contact Information) Bill 2020.

The Attorney General’s media release provides:

The COVIDSafe app is a critical tool in helping our nation fight the COVID-19 pandemic.

With more than 4 million COVIDSafe registrations many Australian’s are already doing their part to help protect and save lives.

Attorney-General, Christian Porter, today released draft legislation which will codify the existing protections for individuals’ data collected by the COVIDSafe app that have been established in the Health Minister’s Biosecurity Act Determination.

The Privacy Amendment (Public Health Contact Information) Bill 2020, will reinforce the protections set out in the Determination made by the Minister for Health under the Biosecurity Act 2015on 25 April 2020, placing the protections into primary legislation through amendments to the Privacy Act 1988. Read the rest of this entry »

Proposal by Restaurant and Catering Australia to require those who don’t have the COVIDSafe tracking app to provide their personal details to staff at restaurants and cafes is silly, oppressive and down right dangerous.

May 4, 2020

In the 7 or so weeks of lock downs of varying degrees of intensity there has sprung up a strain of virtue signalling where intrepid souls have come up with more and more intrusive and frankly ridiculous ways of demonstrating how they are doing the right thing to beat the demon virus. That has commonly meant tormenting fellow Australians with petty displays of colonel blimpery. In its milder forms it is hyper compliance with social distancing. A particularly frantic employee at Haighs in Hawthorn nipping in between customers ensuring they do not move from x’s on the floor, scolding them when they took a foot wrong, and doing quick 1.5 m checks with out stretched arms is a favourite memory. It is a good time for those who harbour a petty beaurocrat in their soul.  In its more extreme forms it involves making up legislative prescriptions that just don’t exist.

But some proposals which try to be seen to do the right thing are not just petty and irritating they are down right dangerous and oppressive.  The proposal spruiked by Restaurant and Catering Australia CEO Wes Lambert to require Australian’s who don’t down load the COVIDSafe tracking app and who want to use a restaurant or cafe to give their personal information to the staff fits that description to a tee.  It may not constitute a technical breach of clause 8 of the Biosecurity (Human Biosecurity Emergency)(Human Coronavirus with Pandemix Potential) (Emergency Requirements – Public Health Contact Information Determination 2020 which prohibits coercising the use of COVIDSafe App but it is in breach of the spirit of that law. 

One can only hope that Wes Lambert was suffering temporary relevance deprivation syndrome which prompted him to advocate this breath takingly stupid, utterly unAustralian and pernicious proposal. 

The proposal is reported in the Australian article Coronavirus Australia: No app? Leave your name and number which Read the rest of this entry »

Victoria police suspends officer over leak of photographs of Laidley taken in police station. The response highlights the uneven and generally inadequate state of privacy protections even if the results head in the right direction.

It appears that occasionally the Victoria Police can respond quickly and appropriately to privacy breaches. The ABC reports that a senior constable who took the photographs of Dean Laidley while in custody and being processed has been suspended and is likely to be charged with an offence under the Victoria Police Act 2013.  Deputy Commissioner Patton did not identify what provision of the Act the senior constable might be charged under but it may be under one of section 226227 or 228.     

The ABC Report provides:

Victoria Police has suspended an officer over an “appalling” privacy breach after he allegedly shared unauthorised images of former AFL coach Dean Laidley in custody inside a police station. Read the rest of this entry »