Automation

'Privacy in Automation: An Appraisal of the Emerging Australian Approach' by Angela Daly in Computer Law & Security Review offers

an initial appraisal of the emerging Australian approach to applying privacy and data protection laws to automated technologies. These laws and the general context in which they operate will be explained, with appropriate comparisons made to the European Union frameworks. In order to examine their specific application vis-à-vis automated technologies, three case studies - Automated facial recognition technologies (AFRT), unmanned aerial vehicles (UAVs – better known as ‘drones’) and autonomous vehicles (or ‘driverless cars’) – are selected to examine the extent to which existing privacy and data protection laws, and their application, can be considered adequate to address privacy and data protection risks that these technologies bring. These case studies evidence existing deficiencies with privacy protection in Australia and the inadequacy of recent reform processes, demonstrating that Australian data privacy laws are not well placed to protect individuals’ rights vis-a-vis automated technologies.

FOI and 'Forgetting'

'Inside FOIA, Inc.' by Margaret B. Kwoka in (2016) 126 The Yale Law Journal Forum 265 comments 

Commercial use of FOIA has, by all accounts, always been significant. As I documented in previous work, FOIA, Inc., businesses use FOIA for a variety of purposes and, at some agencies, can form the vast majority of requesters. One thing is constant across business use of FOIA, however, and that is the routine nature of commercial FOIA requests. Over and over again, commercial requesters seek the same kinds of documents, whether it be bid abstracts for defense contracts or licensing agreements filed by public corporations. I therefore proposed an aggressive affirmative disclosure regime in which agencies would identify the types of records routinely requested and publish comprehensive databases of those documents, thereby preempting the flood of commercial requesting.

For large regulatory agencies to whom single businesses submit hundreds and sometimes thousands of requests a year, however, my previous findings came as no surprise. FOIA officers at these agencies see their offices swamped with routine commercial requests and have adapted to become experts in responding to them. This essay explores the practicality of the affirmative disclosure methods I previously proposed from their perspective. In particular, using EPA, SEC, and FDA as case studies, it sheds light on actual agency experience implementing and considering these sorts of measures, including notable success stories. Beyond demonstrating that affirmative disclosure can be practical in some circumstances, however, it sheds light on obstacles agencies face as well. To that end, it seeks out outline circumstances in which affirmative disclosure is most immediately promising, as well as structural reforms that can reduce the barriers to success in a wider range of circumstances.

'The Right to Be Forgotten' by Michael J. Kelly and David Satola in (2017) 1 University of Illinois Law Review comments 

The right to be forgotten refers to the ability of individuals to erase, limit, delink, delete or correct personal information on the Internet that is misleading, embarrassing, irrelevant or anachronistic. This legal right was cast into the spotlight by the European Court of Justice decision in the Google Spain case, confirming it as a matter of EU law. This “right,” however, has existed in many forms around the world, usually applying a balance-of-rights analysis between the right to privacy and the right to freedom of expression. The new European version, though, is based on a legal theory of intermediary liability where Internet search engines are now considered “data controllers,” and as such have liability for managing some content online. As it has evolved in Europe, this right has focused attention on key underlying policy considerations, as well as practical difficulties, in implementation under the new European regime. In particular, shifting the burden of creating compliance regimes and supervising important human rights from government to the private sector. Thus, in Europe, the function of balancing rights (privacy versus speech) in the digital context has been “outsourced” to the private sector. Recent experience in Europe under this regime shows that there is no uniform approach across countries. Moreover, different national approaches to the “right” make it almost impossible for multinational entities to comply across jurisdictions. Apart from the data controller threshold, civil-law jurisdictions seem to give greater weight to privacy concerns in striking this balance. Common-law jurisdictions tend to give greater weight to expression. The right to be forgotten is another example of an evolving transatlantic data struggle with potentially serious trade implications. This Article explores the historical and theoretical foundations of the right to be forgotten and assesses practical legal issues including whether North American “free speech” rights are an effective buffer to what is sometimes a very controversial and evolving issue.

Doxing

'Doxfare – Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information' by Ido Kilovaty in (2017) 9 Harvard National Security Journal comments 

Alleged Russian intervention during the 2016 U.S. presidential election presented international law with a challenge of characterizing the phenomenon of politically motivated leaks by foreign actors, carried out in cyberspace. Typically, international law’s norm of non-intervention applies only to acts coercive in nature, leaving disruptive acts outside of the scope of prohibited intervention. That raised a host of questions on the relevancy and inflexibility of traditional international law in relation to new threats and challenges in cyberspace. The discourse on transnational cyberspace operations highlights it becomes increasingly difficult to deal with nuanced activities that cause unprecedented harms, such as the Democratic National Committee Hack. This article argues foreign actors meddling with a legitimate political process in another State through cyberspace are violating the norm of non-intervention. Although the coercion requirement is absent, international law should consider non-coercive interfering acts that constitute sabotage and result in disruptive effects to domestic processes. As this paper contends cyberspace operations are distinctly different in their effects, so that a traditional standard of coercion for the norm on non-intervention is simply unattainable and requires the introduction of a new standard based on disruption. Finally, this article explores a few challenges and tensions ahead for harmful transnational cyberspace activities and offers a few directions to resolve these difficulties.

Data Availability

The Productivity Commission's Productivity Commission Data Availability and Use report released today features the following 'key points' -

• Extraordinary growth in data generation and usability has enabled a kaleidoscope of new business models, products and insights. Data frameworks and protections developed prior to sweeping digitisation need reform. This is a global phenomenon and Australia, to its detriment, is not yet participating. 
• Improved data access and use can enable new products and services that transform everyday life, drive efficiency and safety, create productivity gains and allow better decision making. 
• The substantive argument for making data more available is that opportunities to use it are largely unknown until the data sources themselves are better known, and until data users have been able to undertake discovery of data. 
• Lack of trust by both data custodians and users in existing data access processes and protections and numerous hurdles to sharing and releasing data are choking the use and value of Australia’s data. In fact, improving trust community-wide is a key objective. 
• Marginal changes to existing structures and legislation will not suffice. Recommended reforms are aimed at moving from a system based on risk aversion and avoidance, to one based on transparency and confidence in data processes, treating data as an asset and not a threat. Significant change is needed for Australia’s open government agenda and the rights of consumers to data to catch up with achievements in competing economies.

At the centre of recommended reforms is a new Data Sharing and Release Act, and a National Data Custodian to guide and monitor new access and use arrangements, including proactively managing risks and broader ethical considerations around data use. 

• A new Comprehensive Right for consumers would give individuals and small/medium businesses opportunities for active use of their own data and represent fundamental reform to Australia’s competition policy in a digital world. This right would create for consumers: 

• powers comparable to those in the Privacy Act to view, request edits or corrections, and be advised of the trade to third parties of consumer information held on them

• a new right to have a machine-readable copy of their consumer data provided either to them or directly to a nominated third party, such as a new service provider. 

• A key facet of the recommended reforms is the creation of a data sharing and release structure that indicates to all data custodians a strong and clear cultural shift towards better data use that can be dialled up for the sharing or release of higher-risk datasets. 

•  For datasets designated as national interest, all restrictions to access and use contained in a variety of national and state legislation, and other program-specific policies, would be replaced by new arrangements under the Data Sharing and Release Act. National Interest Datasets would be resourced by the Commonwealth as national assets. 

• A suite of Accredited Release Authorities would be sectoral hubs of expertise and enable the ongoing maintenance of, and streamlined access to, National Interest Datasets as well as to other datasets to be linked and shared or released. − A streamlining of ethics committee approval processes would provide more timely access to identifiable data for research and policy development purposes. 

• Incremental costs of more open data access and use 

• including those associated with better risk management and alterations to business data systems 

• will exist but should be substantially outweighed by the opportunities presented. 

•  Governments that ignore potential gains through consumer data rights will make the task of garnering social licence needed for other data reforms more difficult. Decoupling elements of this Framework runs the risk of limiting benefits to, and support from, the wider public.

Mammoth Fever

'Frankenstein's Mammoth: Anticipating the Global Legal Framework for De-Extinction' by Erin Okuno in (2016) 43(3) Ecology Law Quarterly comments

Scientists around the world are actively working toward de-extinction, the concept of bringing extinct species back to life. Before herds of woolly mammoths roam and flocks of passenger pigeons soar once again, the international community needs to consider what should be done about de-extinct species from a legal and policy perspective. In the context of international environmental law, the precautionary principle counsels that the absence of scientific certainty should not be used as an excuse for failing to prevent environmental harm. No global legal framework exists to protect and regulate de-extinct species, and this Article seeks to fill that gap by anticipating how the global legal framework for de-extinction could be structured. 

The Article recommends that the notions underlying the precautionary principle should be applied to de-extinction and that the role of international treaties and other international agreements should be considered to determine how they will or should apply to de-extinct species. The Article explains the concepts of extinction and de-extinction, reviews relevant international treaties and agreements, and analyzes how those treaties and agreements might affect de-extinct species as objects of trade, as migratory species, as biodiversity, as genetically modified organisms, and as intellectual property. 

The Article provides suggestions about how the treaties and the international legal framework could be modified to address de-extinct species more directly. Regardless of ongoing moral and ethical debates about de-extinction, the Article concludes that the international community must begin to contemplate how de-extinct species will be regulated and protected under existing and prospective international laws and policies.

Vigilantes

'Vigilantes at Work: Examining the Frequency of Dark Knight Employees' by Katy DeCelles and Karl Aquino comments

Vigilantism, while conjuring up images of lone wolf crime-fighting heroes of the movies and self-appointed gangs in the Wild West, is a phenomenon that is alive and well today. We investigated to what extent vigilantism exists in the workplace, documenting a phenomenon we describe as the workplace vigilante syndrome. We define this syndrome as someone who, without any formal authority to do so, regularly brings claims to the attention of authorities, colleagues, or the general public that one or more persons in their organization has committed a moral violation, a breach of company policy, or an unjust act, and makes an effort to punish that person or persons directly or indirectly. Results of a large-scale survey of a wide cross-section of American workers showed that 57.9 percent had experience with at least one workplace vigilante, with 18 percent of workers currently working with a workplace vigilante, and 42 percent of workers having worked with one or more in the course of their career. We explore some of the organizational and individual characteristics associated with more frequent workplace vigilantism, and describe some of the apparent themes in over 1,200 stories of workplace vigilantes provided by participants. We conclude by calling for greater theoretical and empirical development of what appears to be a common and potentially costly phenomenon for organizations.

Consumer Law Review

Consumer Affairs Australia and New Zealand (CAANZ) has delivered its final report on the Australian Consumer Law (ACL) review to the Commonwealth and state/territory consumer affairs Ministers.

The report is independent of the Productivity Commission 'enforcement' report noted here recently.

CAANZ proposes

a package of 19 legislative reforms to strengthen and clarify the ACL, in order to improve consumer wellbeing. 

The proposals include-

•  aligning the penalty regime under the competition provisions of the Competition and Consumer Act 2010 by increasing the financial penalties for ACL breaches for: individuals from $220,000 to $500,000, and companies from $1.1 million to the greater of: the maximum penalty of $10 million, or three times the value of the benefit received, or 10 per cent of the annual turnover in the preceding 12 months;
•  making it easier for consumers to get a refund for a faulty product;
• adding new requirements for extended warranties, including a 10-working-day cooling-off period;
• ;introducing a general safety law so that traders are required to ensure their products are safe before they enter the market;
• making online shopping fairer by ensuring any charges associated with pre-selected options are included in the headline price;
• extending the protections against unfair contract terms to insurance contracts;
• making it clear that the protections available in the ACL for unsolicited sales can apply to public places.

The specific reform package is ...

 Looking to the future 

Australian Consumer Survey -- Commission a third Australian Consumer Survey in 2021 to assist with monitoring and review of the ACL.

Consumer guarantees 

Proposal 1: Rights to refunds and replacements -- Specify that where a good fails to meet the consumer guarantees within a short specified period of time, a consumer is entitled to the remedies of a refund or replacement without needing to prove a ‘major failure’.

Proposal 2: Multiple non-major failures -- Clarify that multiple non-major failures can amount to a major failure.

Proposal 3: Extended warranties -- Enhance disclosure in relation to extended warranties by requiring: • agreements for extended warranties to be clear and in writing • additional information about what the ACL offers in comparison • a cooling-off period of ten working days (or an unlimited time if the supplier has not met their disclosure obligations) that must be disclosed orally and in writing.

Proposal 4: Warranty against defects -- Clarify the mandatory text requirements for warranties against defects by developing text specific to services and services bundled with goods.  

Proposal 5: Goods damaged or lost in transit -- Clarify the scope of the exemption from the consumer guarantees for the transport or storage of goods where those goods are damaged or lost in transit.

 Guidance on ‘unsafe’ and ‘reasonable durability’ 

Work with stakeholders (including tribunals) to provide more specific guidance on both ‘unsafe’ goods and ‘reasonable durability’. 

Fit-for-purpose consumer guarantees 

Examine whether the current consumer guarantees are fit-for-purpose for purely digital products, certain market practices and emerging technologies.

 Product safety

Proposal 6: General safety provision -- Introduce a general safety provision that would require traders to ensure the safety of a product before it enters the market including: • a flexible and less prescriptive approach to compliance by reference to product safety standards (for example, a ‘safe harbour’ defence to a breach of the general safety provision) • a penalty regime for breaches of the general safety provision, consistent with the ACL penalties regime.

Proposal 7: Voluntary recalls -- Clarify and strengthen voluntary recall requirements by: • introducing a statutory definition of ‘voluntary recall’ • increasing penalties for failure or refusal to notify a voluntary recall, proportionate to other ACL penalties.

Proposal 8: Powers to obtain information -- Strengthen ACCC powers to obtain information about product safety, by broadening the power to apply to any person (including a consumer) likely to have relevant information, rather than only the supplier.

Mandatory reporting 

Make clearer traders’ mandatory reporting obligations by clarifying through regulator guidance: • existing reporting requirements (including timeframes) • reporting triggers on the meaning of ‘serious injury or illness’ and ‘use or foreseeable misuse’.

 Product bans and recalls

Explore options to streamline processes for implementing product bans and compulsory recalls, taking into account findings of the Productivity Commission’s study of Consumer Law Enforcement and Administration.

 Product safety data

Promote enhanced collection and dissemination of product safety data, taking into account findings of the Productivity Commission’s study of Consumer Law Enforcement and Administration and initiatives undertaken by other regulatory regimes.  

Unconscionable conduct

Proposal 9: Publicly-listed companies -- Extend the ACL (and ASIC Act) unconscionable conduct protections to publicly-listed companies.

 Unfair trading

Explore how an unfair trading prohibition could be adopted within the Australian context to address potentially unfair business practices.

 Unfair contract terms

Proposal 10: Insurance contracts Apply unfair contract terms protections to contracts regulated by the Insurance Contracts Act 1984 (Cth).

Proposal 11: Powers to obtain information Enable regulators to use existing investigative powers to better assess whether or not a term may be unfair.

 Unsolicited consumer agreements

Proposal 12: Threshold requirements for unsolicited consumer agreements Ensure that the unsolicited selling provisions operate as intended by clarifying that the provisions: • can apply to public places • capture suppliers in their negotiations with consumers where the suppliers obtain from a third party (sometimes referred to as a ‘lead generator’) a consumer’s contact details or permission to be contacted.

 Unsolicited selling

Undertake an economy-wide study to examine the role, nature and impact of unsolicited selling in the Australian economy, to inform future policy development.

 Purchasing online

Proposal 13: Pre-selected options Enhance price transparency in online shopping by requiring that any additional fees or charges associated with pre selected options are included in the headline price.

Proposal 14: Online auctions Modernise the ‘sale by auction’ exemption from the consumer guarantees by ensuring the consumer guarantees apply to all online auctions.

 Scope of the ACL

Proposal 15: Definition of ‘consumer’ Increase the $40,000 threshold in the definition of ‘consumer’ to $100,000.

Proposal 16: Financial products -- Amend the ASIC Act to clarify that all ACL-related consumer protections that already apply to financial services also apply to financial products.

Charities, not-for-profit organisations and fundraisers -- Clarify through regulator guidance the current application of the ACL to the activities of charities, not-for-profit entities and fundraisers.

Charities, not-for-profit organisations and fundraisers -- Assess the effectiveness of the proposed guidance on not-for-profit fundraising, further regulator actions, and whether any amendment to the ACL is necessary.

Review of exemptions under the ACL -- Review current exemptions, with a view to removing those that are no longer in the public interest.

 Other amendments

Amendment (a) -- Amend the definition of ‘unsolicited services’ in section 2 of the ACL to allow the false billing provisions (sections 40 and 162) to apply to false bills for services not provided.

Amendment (b) -- Amend section 12DC of the ASIC Act to address terminology inconsistent with other consumer protection provisions in the ASIC Act and that may unintentionally narrow the scope of the provision.

Amendment (c) -- Amend section 76 of the ACL (or the regulations) to clarify that disclosure requirements for unsolicited consumer agreements do not apply to certain exempt agreements.

 The ACL in practice

Proposal 17: Private action -- Ease evidentiary requirements for private litigants through an expanded ‘follow on’ provision enabling them to rely on admitted facts from earlier proceedings.

 Penalties and remedies

Proposal 18: Maximum financial penalties -- Increase maximum financial penalties available under the ACL by aligning them with the penalty regime under the competition provisions of the Competition and Consumer Act 2010: • for companies, the greater of: - the maximum penalty (of $10 million), or - three times the value of the benefit the company received from the act or omission, or - if the benefit cannot be determined, 10 per cent of annual turnover in the preceding 12 months. • for individuals, $500,000.

Proposal 19: Community service orders -- Allow third parties to give effect to a community service order where the trader in breach is not qualified or trusted to do so.