The response, however, is a less-than world-leading roadmap for reform.
Few dispute the ACCC’s inquiry was ground breaking, as it held to account tech giants including Google and Facebook, and the power they wield over media, advertising and consumers.
But the government’s plan for reform lags behind other major global jurisdictions, where greater privacy protections have been enacted.
The recommendations, and the response
The ACCC spent 18 months on the Digital Platforms Inquiry, publishing its hefty final report in July.
In the report, 23 recommendations were made. These included wide-ranging reforms to consumer protection and privacy laws.
In today’s announcement, the government supported six of these recommendations in their entirety and ten “in principle” (with plans for further reviews).
It “noted” five others, and rejected two.
A lagging Privacy Act
In its final report, the ACCC highlighted that Australia’s privacy laws do not give consumers the same protections granted in other comparable countries and the European Union.
For instance, the European Union’s General Data Protection Regulation (GDPR), gives European consumers more choices and more complete information about how their personal data is used.
The California Consumer Privacy Act also puts Californian consumers ahead of us, with rights to access and delete data. There are even moves to introduce nationwide legislation to protect consumers online in the United States.
The ACCC’s recommendations on privacy sought to align Australia’s privacy laws with the GDPR. This included imposing higher standards for consumer consent and privacy notices, and introducing rights to erase personal data in certain situations.
The government does support higher penalties for breaches of the Privacy Act, and will act on that recommendation sometime next year. However, there will be another 18 months of inquiry into whether any other improvements to the Privacy Act are actually required.
The government also supported, in principle, a new statutory tort (law) of serious invasion of privacy, which was also recommended by the Australian Law Reform Commission in 2014.
Similarly, the ACCC’s report proposed a private right of action (which allows an individual to sue directly) on privacy matters. This right is currently only available to the regulator. The government supports this recommendation in principle, but it is “subject to consultation and design of specific measures”.
The reality is, privacy best practice standards are evolving rapidly around the world, while Australia lags behind. Australian web and app-based businesses have to design their services to comply with overseas legislation.
What has the government committed to?
To its credit, the government made a commitment of A$26.9 million over four years to fund a new unit in the ACCC.
This unit will monitor and report on the state of competition and consumer protection in digital platform markets.
Its first task will be to conduct further inquiries into the advertising technology (ad-tech) sector, in line with an ACCC recommendation. Ad-tech facilitates personalised targeted advertisements, such as those presented by Facebook and Google.
The key issue, from a platforms perspective, was the ACCC’s proposal to have a voluntary code of practice regarding the power imbalances between digital platforms and news media businesses. A voluntary code means the industry has the opportunity to develop new rules itself.
The government has directed the ACCC to work with stakeholders to develop and implement voluntary codes to address this power imbalance, and the ACCC must provide a progress report on code negotiations in May next year.
The code must be finalised no later than November. If agreement isn’t reached, the government has reserved the right to impose a mandatory code.
The government will also work with the Australian Communications and Media Authority (ACMA), in a staged process to reform media regulation.
The objective is to have a “platform-neutral” regulatory framework covering both online and offline delivery of media content (for example, having common rules for Netflix and free-to-air television).
In practice, this “staging” is likely to lead to the first legislation being introduced into parliament in late 2020.
What was left out?
One of the recommendations the government rejected was the proposed mandatory ACMA take-down code, which would assist copyright enforcement on digital platforms. The rejection was on the basis that major copyright owners and users identified “unintended effects” of such a code.
The government also rejected the proposal that philanthropic funding of journalism should be tax deductible, mainly because it is in the process of implementing a deductibility framework, introduced in 2017.
The ACCC also recommended the prohibition of unfair contract terms. It repeated this proposal in the context of small businesses and consumer loyalty schemes.
The government noted this, and promised there will be consultation on a range of policy options to strengthen unfair contract term protections.
The was also a “note” response on the recommendation to prohibit certain unfair trading practices. There is currently work underway through Consumer Affairs Australia and New Zealand exploring such a prohibition.
The government deferred adopting a change to search engine and internet browser defaults. Instead, the ACCC will monitor and report back on Google’s roll-out of options in Europe.
The ACCC also proposed changes to merger law. These were intended to address what in Europe is called a “killer acquisition”.
The government anticipates further public consultation on this proposal.
Unfortunately, the government’s plan for further legislative reviews offers only the mere possibility of improvement to consumer privacy protections. And even if these eventuate, they are more than 18 months away.
Katharine Kemp, Senior Lecturer, Faculty of Law, UNSW, and Co-Leader, ‘Data as a Source of Market Power’ Research Stream of The Allens Hub for Technology, Law and Innovation, UNSW and Rob Nicholls, Senior lecturer in Business Law. Director of the UNSW Business School Cybersecurity and Data Governance Research Network, UNSW