ACMA

The national Government has announced its response to the review of the Australian Communications and Media Authority (ACMA), which "found the ACMA has generally performed its regulatory role efficiently and well over the last ten years" but - cue the standard wording - "reform is needed to ensure the ACMA can respond effectively to the challenges of the future communications environment".

 That responsiveness unsurprisingly further aligns ACMA and its mission with dominant market players.

The review was

completed by the Department of Communications and the Arts and supported by a reference group of Australian and international communications and regulatory experts. 

The Government "supports or supports-in-principle all 27 of the recommendations of the review". The reforms will

redesign the governance arrangements for the regulator and provide for greater transparency, accountability and responsiveness of the regulator’s day-to-day and strategic activities. Implementation of these changes is already underway. A restructured governance model will provide for a minimum of five full-time members including the Chair and Deputy Chair, along with clear skill-set and expertise requirements. This will ensure that the ACMA is equipped for the complex task of regulating a dynamic and increasingly integrated communications sector. 

The Minister states

A Ministerial Statement of Expectations will address issues such as transparency, accountability and the nature of the relationship between the ACMA, the Government and industry operators. Providing the ACMA with a clearer description of performance expectations of its regulatory role will support better outcomes for industry and consumers. Regulator principles will also be incorporated in the Statement to provide guidance to the ACMA on how it should approach its regulatory role. 

Recommendations are as follows

 1 That the Australian Communications and Media Authority’s (ACMA) remit cover all the layers of the communications market, including infrastructure, transport, devices, content and applications. Supported

2 That the ACMA’s cybersecurity programs, where appropriate, be transferred, along with staff and funding to the Attorney‑General’s Department (AGD). Supported

3 That the Bureau of Communications and Arts Research assume the lead in taking forward research about the emerging environment and market trends, with the ACMA’s regulatory research program focusing on supporting the effectiveness of regulatory functions and harms that are affecting businesses and consumers. Supported

4 That the Department of Communications and the Arts be responsible for head of delegation roles to key international policy‑setting forums, including the World Radiocommunications Conference, and that clear guidance and negotiating parameters be provided by the Department to heads of delegation. Supported

5 That further work be undertaken to determine whether it may be more efficient for another body, such as the Australian Taxation Office, to undertake the revenue collection functions currently performed by the ACMA. Supported

6 That, within the next 12 months, the ACMA examine whether some or all of the following functions can be referred to industry for self‑regulation, in consultation with relevant industry bodies:

◾Technical Standards

◾Integrated Public Number Database (IPND)

◾Do Not Call Register (DNCR)

◾Action on unsolicited communications, including Spam. The ACMA regularly explore further opportunities for self‑regulation in consultation with industry. Supported

7 That the Department will undertake further work on the potential to expand the ACMA’s remit to include the functions of the Classification Board and Classification Review Board Scheme. Supported

8 That the Interactive Gambling Act 2001 (IG Act) be amended to require the ACMA to:

◾Handle all complaints relating to interactive gambling services and advertisements

◾Conduct the same investigation process irrespective of whether the content is hosted in Australia or overseas

◾Enforce civil penalties for breaches of the Act. Supported

9 That the current institutional arrangements for economic regulation of the communications sector be retained. Supported

10 That cross‑appointment arrangements between the ACMA and the Australian Competition and Consumer Commission (ACCC) be strengthened in order to benefit both ACMA and ACCC decision‑making. Supported

11 That the current institutional arrangements for communications consumer protections be retained. Supported

12 That as a priority as future reform is undertaken, the Government provide the ACMA with a clear set of overarching policy objectives to guide its decision-making. Supported

13 That the commission model of decision-making be retained. Supported

14 That the skill set to be collectively covered by Authority members be outlined in legislation to ensure an appropriate and diverse mix of abilities to respond to the future needs of the ACMA. Supported

15 That all members of the Authority be appointed on a full‑time basis and that the Authority consist of a Chair, a Deputy Chair and at least three other full‑time members. Supported in principle (Government supports full-time Chair, full-time Deputy Chair, three full-time members while retaining flexibility to appoint additional members on a part-time basis)

16 That the existing arrangements are maintained where the Chair is the Accountable Authority with an ability to delegate powers, duties and functions, to the extent permitted by the PGPA Act, to a Chief Executive Officer (CEO). Supported

17 That provision be made in the ACMA Act for the Authority to establish sub‑boards consisting of experts who could provide advice to the Authority or a Division of the Authority on specific areas of activity. The Chair of any such sub‑boards be a member of the Authority but not be the Chair of the Authority. Supported

18 Legislate the following four regulator principles in the ACMA’s enabling legislation, proposed draft:

◾The ACMA have regard to the importance of promoting competition, innovation and efficient investment

◾The ACMA should apply a risk-based approach to regulation, compliance and enforcement activities. Regulatory intervention should be targeted, evidence-based and commensurate with risk

◾The ACMA should implement continuous review of regulation to reduce burden and streamline approaches where the benefits exceed the costs

◾The ACMA should be timely and transparent in its actions and clearly indicate the priorities and objectives which inform its decision-making to regulated entities and the broader public. Supported in principle (rather than legislation, action in Minister’s Statement of Expectations to ACMA)

19 That the Minister provide the ACMA with an annual Statement of Expectations and the ACMA respond by publishing a Statement of Intent outlining how it will seek to deliver on the Government’s expectations. Supported

20 That the Minister provide the ACCC with an annual Statement of Expectations and the ACCC respond by publishing a Statement of Intent outlining how it will seek to deliver on the Government’s expectations. Supported

21 That timeliness of decision‑making be established as a key area of focus and accountability for future cycles of the ACMA’s regulator performance framework and Government consider legislative amendment to support more timely decision-making, where necessary. Supported

22 That the ACMA publish information on the steps it takes to ensure stakeholders have a clear understanding of the relationship between its actions and its compliance and enforcement policy. Supported

23 That the ACMA publish a report to the Minister every two years on initiatives undertaken to identify and reduce regulatory burden on industry and individuals. Supported

24 That the ACMA produce a public report on steps taken to improve the transparency and consistency of its decision-making processes, and that implementation and stakeholder satisfaction be independently assessed by the end of 2017. Supported

25 That it would be timely to review the policy objectives of revenue collection from the communications sector and evaluate whether new business models and OTT services are contributing appropriately. Supported

26 That the ACMA should further analyse its cost base, in light of the proposed function changes, to ensure it is efficiently delivering on its responsibilities and minimising costs to industry. Supported

27 To enable the communications sector to reach its full potential as an enabler of innovation and productivity, the Government commence a coordinated program of regulatory reform to establish a contemporary communications regulatory framework. Supported

Marks

'Fixing Incontestability: The Next Frontier?' by Rebecca Tushnet in (2017) Boston University Journal of Science and Technology Law comments

Incontestability is a nearly unique feature of American trademark law, with a unique American implementation. The concept of incontestability allows a trademark registrant to overcome arguments that a symbol is merely descriptive of features or qualities of the registrant’s goods or services—for example, “Juicy” for apples. Incontestability provides a nearly irrebuttable presumption of trademark meaning, which is a powerful tool for trademark owners. Unfortunately, incontestability is not granted as carefully as its power would counsel. Courts may misunderstand either the prerequisites for, or the meaning of incontestability, allowing trademark claimants to assert rights that they don’t actually have. Incontestability needs clearer signals about what it is and when it is available. In the absence of serious substantive examination of incontestability at the PTO—which seems unlikely to materialize any time soon—changes designed to increase the salience of incontestability’s requirements to filers and to courts could provide some protection against wrongful assertions. Incontestability can only serve the trademark system if it is granted properly and consistently.

MoPI

'A socialised conceptualisation of individual privacy: a theoretical and empirical study of the notion of the ‘public’ in UK MoPI cases' by David Mead in (2017) Journal of Media Law 1-32 comments

This article conceptualises a more public, more socialised notion of privacy in contrast to the archetype: that my privacy is of interest and value only to me. Doing so has historically left claims to privacy exposed against claims to free speech, with its long pedigree and generally acknowledged wider instrumental role. This article provides a corrective. The first part offers a typology of rationales at one of two meta-levels: privacy as a means to effect assurance or as a means to protect someone’s activities. The second discusses the results of some small-scale empirical doctrinal research: a sample analysis of 27 UK privacy cases looking to identify the judicial ascription of the value of privacy, specifically whether any judges conceptualise privacy as having a more social, or public, value or utility. The results are perhaps not unexpected. Almost exclusively, judges frame their rationales for protecting privacy in purely individualised terms.

Mead concludes

Why does all this matter? I think there are two reasons. The first is a conceptual one. If we are to have newspaper outings of, taking a recent example, MPs such as Keith Vaz, we should be sure the analytical framework is responsive to all the variables, not just to some or, as I would argue, to all of those on one side (freedom of expression) but only to a sample on the other. Second, at a practical level, it matters how cases are argued and resolved and who might claim the benefit of any remedy. Let us take those in turn.

At a conceptual level, if we conceive of privacy as offering wider social utility rather than simply as something of individual value, we can better appreciate that the judicial and policy approach – of private gain against public benefit of free speech – creates a false dichotomy. Ian Leigh and Lawrence Lustgarten wrote about the balance between rights and security in the 1980s and Daniel Solove adopted it in the more specific context of digital privacy and security nearly 20 years later. Rather than being in oppositional tension, protecting privacy may in fact sustain the same sorts of goals that securing protection for free speech might also serve. We see this most obviously when we considered claims to intellectual privacy, to innovative privacy and to facilitative privacy, but insulating privacy allows us to relax before immersing ourselves once more in the public sphere, while coalescing privacy, it was argued above, provides the level playing field necessary for public debate. Viewing the potential harm as connoting something more collective requires the construction of a very different utilitarian calculus. In short, and perhaps counter-intuitively, failing to see that on occasion securing an individual's privacy (that is, not allowing unrestrained publication about someone's private life) might not also lead to a flourishing, rather than a diminution, of free speech constitutes a category error. Privacy and free speech, or elements of each at least, can in fact be the same sides of the coin.

A couple of points flow from that new analytical approach. If privacy is no longer solely an individual but also a social or collective good, does this mean A is or even should be able to waive it? As Jane Bailey put it, in the context of online privacy, especially those victims/subjects of child pornography,

if privacy is, or is becoming, a collective or public good, the weaknesses of policy solutions that establish a property right in personal information or that allow one to waive one’s privacy rights also would become clear. If one individual or a group of individuals waives privacy rights, the level of privacy for all individuals decreases because the value of privacy decreases.

There are two limbs to this. If A really is not bothered by any loss of privacy, what could found B, C and D’s collective right to be aggrieved? Above (in the section ‘The social utility of privacy’), we considered the various social claims that can be made on their behalf. Broadly, even if A feels she has suffered no harm, a strong case can be made that not only are B, C and D impoverished but we all are, or at least there is the potential for us all to be. Put thus, it is not A's right, or not A's right alone, to waive. That thought does not assist in resolving the other difficulty – how can we give practical effect to that collective assertion of harm, especially in the face of A's consent or intransigence? One practical response in the UK setting would be the adjustment of regulatory rules requiring only the affected individual to mount a claim. IPSO requires, for complaints about anything other than accuracy in the Editors' Code, a person to be ‘directly affected’. IMPRESS similarly requires someone to have been personally affected other than for complaints about accuracy where it permits third party complaints. This provides, at best, only a very partial solution. It is one thing to confer standing on third parties and quite another to craft a remedy that adequately responds to those collective, mutual interests. The following (rather inelegantly drafted) sample correction avails a flavour of what might be conveyed.

On 1 January, we published an item indicating that A had done X [in circumstances Y]. While A did not contact us to complain, The Daily News acknowledges that in publishing that item, we acted improperly. That item might have led many others to believe that doing X [in circumstances Y] was a proper subject for a newspaper to report on. In doing so, we may have dissuaded others from doing or even from trying to do X. The Daily News accepts that doing X is or has the potential to be a socially useful activity, contributing to [β and δ] and thus has long term or wider benefits for us all.

Remaining with our conceptual strand, James Nehf identifies two further issues that flow from framing privacy as implicating only individualised utility. First, those not affected, or rather those perceiving themselves as not being affected, may disengage from the debate. This is, as Solove points out, a general response in the surveillance and security debate – I’ve got nothing to hide, so what’s the problem?  Additionally, and this flows from its non-absolute nature requiring privacy to compete with other rights and social interests, he notes that ‘the influence of interest group politics could not be overcome’. He adverts to the changed frame within which we now debate environmental harms – as something that now no longer effects simply the neighbour onto whose land waste spills but as a general societal problem calling for a public collective regulatory response.

If we turn back to the practical realisation of our expanded notion of privacy, Part IV showed that there was no evidence of wider social utility in court judgments (though the survey has not so far considered how cases were presented and argued by counsel). It is impossible to determine if appeals to social utility would have affected the outcome in any one case. It would be easy enough to locate claims to a more socially responsive conception of privacy within the current doctrinal framework. Even given the very clear contextual steer in Murray by the Master of the Rolls  (and endorsed by the Supreme Court in In re JR 38), the first stage – whether or not there was a reasonable expectation – while objective, has as its focus the effect on the claimant, not the effect on wider society. Nothing though would seem to prevent it being argued at the second stage of the ultimate balancing test that it is not simply the comparative importance to the claimant that should be on one side of the equation but the social good that protecting privacy could effect or would be capable of effecting.

While the appropriateness of the balancing test is contested at a normative level, primarily because of the difficulty, indeed inherent impossibility, of attributing value to and then weighing against each other two things that are both immeasurable and incommensurable, this paper takes as a given its continued traction.  This is not the place to rehearse, let alone resolve that argument. That said, while re-framing privacy, in collective terms, would complicate that balancing exercise, by pairing public interest expression with of public interest privacy, we might explore this a little more before ending. While, clearly, it would be impossible to prove or even quantify the social utility of preventing a particular privacy-invading publication, that should not matter. The claim that a free press contributes to democratic self-governance has never been put to proof; its truth has now simply been asserted so long and so vociferously that it is self-evident – judicial notice is simply taken of this now undisputed fact. Further, it is not being asserted that all invasions of A's privacy would implicate a more collective notion of privacy. This though is, or should be true, for free speech (on the other side of the equation) – not all speech goes to enhancing democracy or offering different versions of truth in the market place for acceptance or rejection; it is hard to see how tittle tattle can ever do so.  Our more socialised conception of privacy entails rejection of the monolithicism of free speech and, now, of privacy and calls for a more nuanced judicial analysis of both sides, evaluating more precisely the exact harms alleged to be suffered if the material is (not) published. Of course, to repeat the point made above, what we are dealing with on the privacy side is more likely an inchoate harm but this is likely as true of many claims made about the collective harms, or gains, of free speech.

In all this, it would be critical properly to frame the various interests at play and in tension. This might be the wider social utility or the countervailing public interest. Tugendhat J was alert to the difficulties in Green Corns. There, the issue – to remind ourselves – was whether or not to restrain a local paper publishing certain details of a planned children's care home. He accepted that there was no public interest properly defined at all in publishing the information that was subject to restraint. 

The public interest was in how (perhaps by whom) the children were to be cared for. That was not the material the paper sought to publish, which was the location of the home. Essentially, what was being set up in opposition, he continued, was a series of private interests in, for example, house values which the paper sought to aggregate and to wrap up collectively as a public interest. This goes to an earlier discussion: that there is a difference between a common or collective public interest, in Regan's (n 2) terms, and aggregative or cumulative private interests.

In conclusion, one matter should be made clear. This paper is not arguing that privacy should always or even invariably trump free speech: we should not always have a right to know about the love child of a leading politician. There will quite properly be times – many and frequent perhaps – as a matter both of plain doctrine and of policy and theory – when the interest in protecting someone's privacy is outweighed by the greater interest in publication, even where there might also be some consequent social or collective (future) loss if the private facts become publicly known. It is making the much simpler point. That it is time we reconceptualised privacy and its instrumental possibilities, and thus reconfigured the balancing matrix, avoiding (in footballing terms) free speech always being the team able to play at home.

Automation

'Privacy in Automation: An Appraisal of the Emerging Australian Approach' by Angela Daly in Computer Law & Security Review offers

an initial appraisal of the emerging Australian approach to applying privacy and data protection laws to automated technologies. These laws and the general context in which they operate will be explained, with appropriate comparisons made to the European Union frameworks. In order to examine their specific application vis-à-vis automated technologies, three case studies - Automated facial recognition technologies (AFRT), unmanned aerial vehicles (UAVs – better known as ‘drones’) and autonomous vehicles (or ‘driverless cars’) – are selected to examine the extent to which existing privacy and data protection laws, and their application, can be considered adequate to address privacy and data protection risks that these technologies bring. These case studies evidence existing deficiencies with privacy protection in Australia and the inadequacy of recent reform processes, demonstrating that Australian data privacy laws are not well placed to protect individuals’ rights vis-a-vis automated technologies.

FOI and 'Forgetting'

'Inside FOIA, Inc.' by Margaret B. Kwoka in (2016) 126 The Yale Law Journal Forum 265 comments 

Commercial use of FOIA has, by all accounts, always been significant. As I documented in previous work, FOIA, Inc., businesses use FOIA for a variety of purposes and, at some agencies, can form the vast majority of requesters. One thing is constant across business use of FOIA, however, and that is the routine nature of commercial FOIA requests. Over and over again, commercial requesters seek the same kinds of documents, whether it be bid abstracts for defense contracts or licensing agreements filed by public corporations. I therefore proposed an aggressive affirmative disclosure regime in which agencies would identify the types of records routinely requested and publish comprehensive databases of those documents, thereby preempting the flood of commercial requesting.

For large regulatory agencies to whom single businesses submit hundreds and sometimes thousands of requests a year, however, my previous findings came as no surprise. FOIA officers at these agencies see their offices swamped with routine commercial requests and have adapted to become experts in responding to them. This essay explores the practicality of the affirmative disclosure methods I previously proposed from their perspective. In particular, using EPA, SEC, and FDA as case studies, it sheds light on actual agency experience implementing and considering these sorts of measures, including notable success stories. Beyond demonstrating that affirmative disclosure can be practical in some circumstances, however, it sheds light on obstacles agencies face as well. To that end, it seeks out outline circumstances in which affirmative disclosure is most immediately promising, as well as structural reforms that can reduce the barriers to success in a wider range of circumstances.

'The Right to Be Forgotten' by Michael J. Kelly and David Satola in (2017) 1 University of Illinois Law Review comments 

The right to be forgotten refers to the ability of individuals to erase, limit, delink, delete or correct personal information on the Internet that is misleading, embarrassing, irrelevant or anachronistic. This legal right was cast into the spotlight by the European Court of Justice decision in the Google Spain case, confirming it as a matter of EU law. This “right,” however, has existed in many forms around the world, usually applying a balance-of-rights analysis between the right to privacy and the right to freedom of expression. The new European version, though, is based on a legal theory of intermediary liability where Internet search engines are now considered “data controllers,” and as such have liability for managing some content online. As it has evolved in Europe, this right has focused attention on key underlying policy considerations, as well as practical difficulties, in implementation under the new European regime. In particular, shifting the burden of creating compliance regimes and supervising important human rights from government to the private sector. Thus, in Europe, the function of balancing rights (privacy versus speech) in the digital context has been “outsourced” to the private sector. Recent experience in Europe under this regime shows that there is no uniform approach across countries. Moreover, different national approaches to the “right” make it almost impossible for multinational entities to comply across jurisdictions. Apart from the data controller threshold, civil-law jurisdictions seem to give greater weight to privacy concerns in striking this balance. Common-law jurisdictions tend to give greater weight to expression. The right to be forgotten is another example of an evolving transatlantic data struggle with potentially serious trade implications. This Article explores the historical and theoretical foundations of the right to be forgotten and assesses practical legal issues including whether North American “free speech” rights are an effective buffer to what is sometimes a very controversial and evolving issue.

Doxing

'Doxfare – Politically Motivated Leaks and the Future of the Norm on Non-Intervention in the Era of Weaponized Information' by Ido Kilovaty in (2017) 9 Harvard National Security Journal comments 

Alleged Russian intervention during the 2016 U.S. presidential election presented international law with a challenge of characterizing the phenomenon of politically motivated leaks by foreign actors, carried out in cyberspace. Typically, international law’s norm of non-intervention applies only to acts coercive in nature, leaving disruptive acts outside of the scope of prohibited intervention. That raised a host of questions on the relevancy and inflexibility of traditional international law in relation to new threats and challenges in cyberspace. The discourse on transnational cyberspace operations highlights it becomes increasingly difficult to deal with nuanced activities that cause unprecedented harms, such as the Democratic National Committee Hack. This article argues foreign actors meddling with a legitimate political process in another State through cyberspace are violating the norm of non-intervention. Although the coercion requirement is absent, international law should consider non-coercive interfering acts that constitute sabotage and result in disruptive effects to domestic processes. As this paper contends cyberspace operations are distinctly different in their effects, so that a traditional standard of coercion for the norm on non-intervention is simply unattainable and requires the introduction of a new standard based on disruption. Finally, this article explores a few challenges and tensions ahead for harmful transnational cyberspace activities and offers a few directions to resolve these difficulties.

Data Availability

The Productivity Commission's Productivity Commission Data Availability and Use report released today features the following 'key points' -

• Extraordinary growth in data generation and usability has enabled a kaleidoscope of new business models, products and insights. Data frameworks and protections developed prior to sweeping digitisation need reform. This is a global phenomenon and Australia, to its detriment, is not yet participating. 
• Improved data access and use can enable new products and services that transform everyday life, drive efficiency and safety, create productivity gains and allow better decision making. 
• The substantive argument for making data more available is that opportunities to use it are largely unknown until the data sources themselves are better known, and until data users have been able to undertake discovery of data. 
• Lack of trust by both data custodians and users in existing data access processes and protections and numerous hurdles to sharing and releasing data are choking the use and value of Australia’s data. In fact, improving trust community-wide is a key objective. 
• Marginal changes to existing structures and legislation will not suffice. Recommended reforms are aimed at moving from a system based on risk aversion and avoidance, to one based on transparency and confidence in data processes, treating data as an asset and not a threat. Significant change is needed for Australia’s open government agenda and the rights of consumers to data to catch up with achievements in competing economies.

At the centre of recommended reforms is a new Data Sharing and Release Act, and a National Data Custodian to guide and monitor new access and use arrangements, including proactively managing risks and broader ethical considerations around data use. 

• A new Comprehensive Right for consumers would give individuals and small/medium businesses opportunities for active use of their own data and represent fundamental reform to Australia’s competition policy in a digital world. This right would create for consumers: 

• powers comparable to those in the Privacy Act to view, request edits or corrections, and be advised of the trade to third parties of consumer information held on them

• a new right to have a machine-readable copy of their consumer data provided either to them or directly to a nominated third party, such as a new service provider. 

• A key facet of the recommended reforms is the creation of a data sharing and release structure that indicates to all data custodians a strong and clear cultural shift towards better data use that can be dialled up for the sharing or release of higher-risk datasets. 

•  For datasets designated as national interest, all restrictions to access and use contained in a variety of national and state legislation, and other program-specific policies, would be replaced by new arrangements under the Data Sharing and Release Act. National Interest Datasets would be resourced by the Commonwealth as national assets. 

• A suite of Accredited Release Authorities would be sectoral hubs of expertise and enable the ongoing maintenance of, and streamlined access to, National Interest Datasets as well as to other datasets to be linked and shared or released. − A streamlining of ethics committee approval processes would provide more timely access to identifiable data for research and policy development purposes. 

• Incremental costs of more open data access and use 

• including those associated with better risk management and alterations to business data systems 

• will exist but should be substantially outweighed by the opportunities presented. 

•  Governments that ignore potential gains through consumer data rights will make the task of garnering social licence needed for other data reforms more difficult. Decoupling elements of this Framework runs the risk of limiting benefits to, and support from, the wider public.