Archived Posts Lists

Australian Regulatory Compliance Review
Australian Technology and IP Business
Credit Union and Mutual Law
National Consumer Credit Reform
Personal Property Securities Australia
Longview Business Insights
Australian Private Health Insurers
Wills, Trusts, Super
Mutuals Resource Centre


Commonwealth legislation
Corporate Governance
Not-for-Profit links
Regulator Links

July 11, 2010

Google Australia gives privacy undertakings

Australian Privacy Commissioner Karen Curtis has announced that in her opinion Google's collection of unsecured WiFi payload data in Australia using Street View vehicles would have breached the Australian Privacy Act.

In response to the investigation, Google has given written undertakings that it will:

* Publish an apology to Australians in Google's official Australian blog ( for its collection of unsecured WiFi 'payload' data.
* Undertake to conduct a Privacy Impact Assessment (PIA) on any new Street View data collection activities in Australia that include personal information.
* Provide a copy of these PIAs to the Privacy Commissioner's Office.
* Regularly consult with the Australian Privacy Commissioner about personal data collection activities arising from significant product launches in Australia.

Google's undertakings will last for three years. These undertakings will be reviewed following any reforms to the Privacy Act.

Print This Post Print This Post

Posted 11th July 2010 by admin in Privacy

February 6, 2007

Second Life: a fresh approach to a cease and desist letter

Cease and desist letters are usually heavy-handed.

But when Darren Barefoot put up a parody of Second Life called Get a First Life, using a variation of Second Life's logo, Second Life's lawyers responded with a nonexclusive, nontransferable, nonsublicenseable, revocable, limited license to use the modified eye-in-hand logo rather than a prohibition demand.

Print This Post Print This Post

Posted 6th February 2007 by David Jacobson in Legal, Privacy, Venture capital, Web/Tech

December 13, 2006

Legal liability of employee web designers

In Houghton v Arms [2006] HCA 59, the High Court of Australia has held that two website designers who misled an internet wine business about the operation of a bank’s financial transactions facility were liable for misleading and deceptive conduct under the Victorian Fair Trading Act 1999 even though they were employees. The representations were fundamental to the wine merchant's decision to structure his business in a particular way.

Mr Arms traded under the name "Australian Cellar Door" and formulated a proposal for the provision by means of an internet web site,, of a service for the direct marketing of the products of small to medium independent wineries. The expectation was that direct "cellar door" sales would attract sales tax at a much lower rate and would avoid the need for the payment by the wineries of the margin, usually in the order of 30 per cent, required by agents or distributors when sales were effected by retail outlets. However the promised payment mechanism could not achieve that result.

The trial judge had accepted that representations had been made to their client Mr Arms, the
substance of which was that, in order to run his business effectively
and operate the auscellardoor web site, Mr Arms was not required to
obtain any documentation from the wineries other than a form, with
provision for banking details; WSA (the employer)had engaged in that conduct when it
was incumbent upon it to alert Mr Arms to the existence of the
additional requirements of the ANZ Bank, or to ascertain that there
were no such additional requirements in order for a winery to become an
ANZ e-Gate merchant. Ryan J found that, had Mr Arms known the true
position, he would have changed the auscellardoor web site to a
profitable method of trading by November 2000, not June 2001, and would
not have lost the sum of $58,331 from the seven month "set back".

While the trial judge gave judgment against the employer but refused judgment against the employees, the Federal Court of Appeal allowed the action and the High Court upheld the Appeal Court decision.

Print This Post Print This Post

Posted 13th December 2006 by David Jacobson in Legal, Privacy, Venture capital, Web/Tech

June 20, 2006

Podcasting Legal Guide

Creative Commons have published a Podcasting Legal Guide. Whilst it's based on US law only, it identifies many issues which need to be addressed if a podcast is broadcast in other jurisdictions.

For example, it discusses the copyright status of unpublished works in the US:

"Every unpublished work from around the world of authors who died before 1936 is in the public domain in the United States. That means that the unpublished diary of an Australian who died in 1930 will be in the public domain in the U.S.; however, that same diary may still be subject to copyright under Australian copyright law in Australia. So, if you are marketing or targeting your podcast for a particular territory, you need to be aware of the copyright laws in that country as well as in the U.S. Moreover, because of the borderless nature of the Internet, you can't really stop your podcast from distributing to Australia, in which case you may be violating laws in another country."

Print This Post Print This Post

Posted 20th June 2006 by David Jacobson in Legal, Privacy, Web/Tech

June 17, 2006

ANAO Report on internet security in government agencies

The ANAO has published its audit report of internet security at six government agencies. For the six agencies audited, the
ANAO concluded that the current level of Internet security was insufficient, given the risks and problems identified through the audit findings.

The ANAO noted that a number of agencies could improve performance in some key areas, particularly email filtering, and all agencies audited could improve performance in one or more aspects of managing Internet security, such as the development of system security plans.

The ANAO made 5 key recommendations for the six agencies audited for the report,
including Customs, the Australian Federal Police, the Nuclear Safety Authority, Medicare, Department of Industry, Tourism and Resources and the Department of Workplace Relations.

Print This Post Print This Post

Posted 17th June 2006 by David Jacobson in Privacy, Web/Tech

June 16, 2006

Extension of content regulation

The Minister for Communications, Information Technology and the Arts, Senator Helen Coonan, has announced that new safeguards will be put in place to protect consumers from inappropriate or harmful material on emerging content services such as 3G mobile phones and subscription-based Internet portals.

A recent Review of the Regulation of Content Delivered Over Convergent Devices found there is a need for specific safeguards for users of these services.

New laws will extend the current safeguards that apply to content delivered over the Internet or television to be applied to content delivered over convergent devices. This will include prohibition of content rated X18+ and above, requirements for consumer advice and age-restricting access to content suited only to adults.

Print This Post Print This Post

Posted 16th June 2006 by David Jacobson in Legal, Privacy, Web/Tech

June 11, 2006

Commonwealth Bank releases Australian internet banking survey

When I was researching Australian financial services website compliance I found little data about internet banking usage.

So the release of details from the Commonwealth Bank’s inaugural E-Money survey - an annual index of electronic banking usage in Australia, is a welcome addition.

The results include:

  • of 6.8 million Australians that have used online banking, 85 per cent prefer the internet to manage their day-to-day banking needs;
  • Convenience is the main benefit of online banking for half of all online users (50%); followed by time savings (29%), ease of use over traditional banking methods (10%);
  • customers aged 25-34 year olds and full-time workers were the most
    likely to use internet banking, while those over 50 years of age
    preferred using branches;
  • The most popular online transaction is funds transfer/bill payment;
  • among those yet to try internet banking, only 32 per cent are concerned about internet security.

Print This Post Print This Post

Posted 11th June 2006 by David Jacobson in Privacy, Web/Tech

June 9, 2006

The technology behind Australia’s access card

MIS Magazine's story on Australia's health and services access card highlights the huge planning and implementation obstacles to this project: there are already arguments over its specifications and the technology to be used.

Print This Post Print This Post

Posted 9th June 2006 by David Jacobson in Legal, Privacy, Web/Tech

May 5, 2006

Privacy and RFID

A group of multinational companies including IBM, Intel and Microsoft have issued draft  guidelines for Privacy Best Practices for Deployment of RFID Technology.

RFID (radio frequency identification) raises privacy concerns when its use enables parties to obtain personally identifiable information, including location information, about particular individuals that those parties otherwise would be unable or unauthorized to obtain. This information may be a person's location; it may be that the person has a certain product in his or her possession; it may be that the person has used a particular service. Security concerns arise if unauthorized parties are able to obtain such information either from interception of the radio communications between tags and readers, through unauthorized reading of the tags, or via unauthorized access to the network or the database.

Representatives from various consumer groups and commercial enterprises developed these guidelines in an effort to address current privacy concerns, as well as to limit future concerns regarding the deployment of RFID technology.

The guidelines cover:

  • giving of notice when information, including location information, is collected
    through an RFID system and linked, or is intended by a commercial
    entity to become linked, to an individual's personal information either
    on the RFID tag itself or through a database.
  • Consumers should be offered such choice before the conclusion of the
    transaction to obtain a good or service, wherever practicable, so that,
    when coupled with robust notice, consumers are given the tools to
    effectively exercise their choice with respect to the use of RFID
  • Companies should exercise reasonable and appropriate efforts to secure
    RFID tags, readers and, whenever applicable, any corollary linked
    information from unauthorized reading, logging and tracking, including
    any network or database transmitting or containing that information and
    radio transmissions between readers and tags. In addition, companies
    should exercise reasonable and appropriate efforts to secure the linked
    information from unauthorized access, loss or tampering.

Print This Post Print This Post

Posted 5th May 2006 by David Jacobson in Privacy

April 30, 2006

Australia is to have a health smartcard

Australia will not have a complulsory national ID card. The Prime Minister has announced Australia will have a new access card for health and welfare services.

The access card will replace 17 health and social services cards and vouchers across the Human Services portfolio.

The card will have the cardholder’s name, a digital photograph, their signature and card number. A microchip in the card will store a photo, address, date of birth and details of any children or other
dependants. The card will also provide cardholders with the option to voluntarily store other information such as emergency contact details, allergies, health alerts, chronic illnesses, immunisation information
and organ donor status. Information held on the access card will be subject to strict protections and will only be accessible by authorised people.

The access card will be phased in over a two year registration period beginning in 2008. From early 2010, people will only be able to obtain government health and social service benefits if they have an access card.

Privacy Commissioner, Karen Curtis response to the announcement was that the privacy rights of individuals needed to be respected:

it is essential that appropriate privacy protections are built in early, particularly into the system design of the access card and registration process, rather than trying to 'bolt' these on will be important to ensure that as the proposal is developed the uses and safeguards are clearly identified and legislated. This will help to ensure that the Government's intention that this not be a
national identity card is met.

UPDATE: How Queensland's drivers licence smartcard compares. What it will look like.
What The Australian Privacy Foundation says.

Print This Post Print This Post

Posted 30th April 2006 by David Jacobson in Privacy
Older Posts »