After severe criticism from the Australian government and others, Facebook has reversed its initial response to the controversial news media code of banning all Australian news on its platform, now stating that news and key pages concerning public health and government will be restored (although it has not provided a deadline for when this will occur).Read More
On 1 December 2020, the New Zealand Privacy Act 2020 will come into operation and repeal and replace the Privacy Act 1993.
The Privacy Act 2020 modernises New Zealand’s privacy laws and seeks to keep pace with international standards and technology. While New Zealand’s new privacy legislation is not as onerous as other international privacy laws, such as the GDPR, it still introduces significant changes including:
- mandatory data breach notification;
- new investigative and regulatory powers for the New Zealand Privacy Commissioner; and
- new criminal offences and penalties, including fines of up to $10,000.
In December 2019, the Australian Government announced it would conduct a review of the Privacy Act 1988 (Cth).
A year has almost passed and finally the Australian Government has publicly released details about the review. On 30 October 2020, the Australian Government released the Terms of Reference of the review. In particular, the review will cover:
- The scope and application of the Privacy Act
- Whether the Privacy Act effectively protects personal information and provides a practical and proportionate framework for promoting good privacy practices
- Whether individuals should have direct rights of action to enforce privacy obligations under the Privacy Act
- Whether a statutory tort for serious invasions of privacy should be introduced into Australian law
- The impact of the notifiable data breach scheme and its effectiveness in meeting its objectives
- The effectiveness of enforcement powers and mechanisms under the Privacy Act and how they interact with other Commonwealth regulatory frameworks
- The desirability and feasibility of an independent certification scheme to monitor and demonstrate compliance with Australian privacy laws.
The UK Information Commissioner’s Office (ICO) has fined British Airways £20 million, the ICO’s largest fine to date, for failing to protect the personal and financial details of more than 400,000 of its customers.
In a statement published online on 16 October 2020, the ICO stated that its investigation had found that British Airways was “processing a significant amount of personal data without adequate security measures in place”. This failure is said to have breached data protection laws and, subsequently, the airline was the subject of a cyberattack in 2018, which was not detected for more than two months.Read More
The Office of the Australian Information Commissioner (OAIC) has released its report on notifications received under the Notifiable Data Breaches scheme for period January to June 2020.
The OAIC reported 518 breaches were notified to it in the relevant period. The OAIC noted a 3% decrease from the 532 breaches notified in the period July 2019 to December 2019. However, there was a 16% increase on the 447 notifications received during January to June 2019.Read More
The ability of a government to force a technology provider to create a “back door” into their technology to allow security agencies to “listen in” to communications is a very controversial step, but it has not been the subject of much discussion as any recipient of such intervention is gagged.
It was interesting to see that the Independent National Security Legislation Monitor has released a report on its review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (TOLA Act). The review considered, and provided recommendations on, the operation, effectiveness and implications of the TOLA Act and whether it is necessary, is proportionate to the threats it seeks to meet and treats human rights properly.Read More
On 9 July 2020, the Office of the Australian Information Commissioner (OAIC) and the UK Information Commissioner’s Office (ICO) announced they have opened a joint investigation into the personal information handling practices of Clearview AI Inc.
The OAIC has stated the investigation will focus on ClearView AI’s use of “scraped” data and biometrics of individuals.Read More
Temporary amendments to the Australian Corporations Act 2001 (Cth) (Corporations Act) took effect on 6 May 2020, making it easier to facilitate company meetings using remote technology, and providing some certainty as to companies’ execution of documents electronically under section 127(1) of the Corporations Act.
The Corporations (Coronavirus Economic Response) Determination (No. 1) 2020 (Determination) allows company meetings such as AGMs to be held using technology rather than face-to-face meetings, and enables a quorum, votes, notices and the asking of questions to be facilitated electronically. For a more in-depth look at these changes, see “Operating a Business During COVID-19: The Implications for Public Companies” by our colleagues Harry Kingsley, Kaveh Zegrati, and Alex Garfinkel.Read More