2020 – Year in Review

2020 was a rollercoaster of a year. Despite the disruption of COVID-19 much was achieved. Here’s a breakdown of some of the major legal developments of the year.

Ad Tech Inquiry
The Attorney General kicked off its review into ad tech and ad agency services. According to ACCC Chair, Rod Simms, “this inquiry will allow the ACCC to assess whether these advertising and ad tech markets are operating effectively and, importantly, gauge whether they are working well for a range of different stakeholders.” Several agencies and advertisers have responded on the competitiveness, efficiency, transparency and effectiveness of ad tech and ad agency services. The ACCC is required to provide a preliminary report to the Treasurer by 31 December 2020 and a final report by 31 August 2021.

Review of the Privacy Act
The Attorney General has been busy this year, commencing its long-awaited review (Review) of the Privacy Act 1988 (Cth) (Privacy Act). We expect to see strengthened consumer rights including a broader definition of ‘personal information’. It is less clear whether ‘the right of erasure’ will be adopted or whether individuals will have a direct right of action to enforce privacy obligations under the Privacy Act. The Review is a prudent reminder for businesses to conduct their privacy due diligence so they are ready for any potential reforms.

News Media Bargaining Code
The ACCC released a draft mandatory code of conduct (Code) on 31 July 2020 to address bargaining power imbalances between Australian news media businesses and digital platforms including Google and Facebook. While we’re yet to see the actual legislation, we anticipate that the Code will allow news media businesses to bargain individually or collectively with digital platforms over payment for the inclusion of news on their services, as well as minimum standards. Unsurprisingly, Google and Facebook are fighting the introduction of a Code.

California Privacy Rights and Enforcement Act (CPRA)
The CPRA was voted into Californian law this year. This amends the California Consumer Privacy Act (CCPA). Broadly speaking, the CPRA creates additional obligations for companies collecting and sharing “sensitive” personal information, and creates a new agency, the California Privacy Protection Agency (Agency), which will be responsible for enforcing violations of the new legislation. The Agency will also have the authority to enforce the existing CCPA.

Brexit and GDPR Compliance
The UK left the EU and is now in a transition period which is scheduled to end on 31 December 2020. The UK will implement its own version of the GDPR which may reflect some of the key principles, rights and obligations of the GDPR. If your business offers goods or services to individuals in the UK or monitors the behaviour of individuals taking place in the UK, you will be required to comply with the UK legislation.

Review of Model Defamation Provisions
The Council of Attorneys-General approved amendments to Australia’s Model Defamation Provisions (Provisions). The Provisions aim to balance the right of individuals to protect their reputations and the right to freedom of speech, while providing a mechanism to enable the courts to efficiently determine defamatory matters.

Consumer Data Right (CDR)
It’s been a big year for the CDR. This year CDR ‘Rules and Accreditation Guidelines’ were developed for the banking sector. The ACCC also entered into a Memorandum of Understanding with the Office of the Australian Information Commissioner to set out their respective roles in regulating the CDR system. If a major bank is directed by a consumer to do so, under the CDR they must:

  • share certain consumer data, such as data relating to credit and debit cards, deposit accounts and transaction accounts; and
  • share data relating to mortgages and personal loans.

These changes have seen consumers gain greater control over their data while encouraging innovation and competition between service providers.

Security Legislation Amendment (Critical Infrastructure) Bill 2020
As part of its overall strategy to strengthen the security of Australia’s infrastructure, including cybersecurity, the Government has released an exposure draft of its Security Legislation Amendment (Critical Infrastructure) Bill 2020 which imposes:

  • a Positive Security Obligation for critical infrastructure entities, supported by sector-specific requirements, co-designed with industry;
  • Enhanced Cyber Security Obligations for entities most important to the nation (systems of national significance); and
  • Government assistance to industry in response to immediate and serious cyber-attacks to Australian systems.

If you’d like to discuss how any of these developments affect your business, get in touch with us today.