19 August 2017

Plant IP

The thoughtful 'Information Intellectual Property and the Global Information System for Plant Genetic Resources for Food and Agriculture' (Griffith University Law School Research Paper No. 17-21) by Charles Lawson comments 
The International Treaty on Plant Genetic Resources for Food and Agriculture (Plant Treaty) establishes a mechanism for the accessing and sharing of some plant materials. An essential element of that accessing and sharing is information about the materials including information (and data) about the characterisation, regeneration and evaluation of the materials. A “Global Information System” (GLIS) will allow much of this information to be made available and shared. This article reviews the information obligations imposed by the Plant Treaty and its associated “Standard Material Transfer Agreement” on the collection and disclosures of information and other legal obligations that will likely shape the form and function of the GLIS. The article concludes that the GLIS will need to carefully distinguish between information that is freely available and information that is subject to legal restrictions.


The NSW Audit Office report on Therapeutic Programs in Prisons states
When a prisoner enters custody in New South Wales, there is an expectation that they will be offered therapeutic programs that reduce their risk of reoffending. Relative to the costs of providing them, these programs have wide-ranging benefits for prisoners and the broader community, and provide significant savings to the justice system. Corrective Services NSW has lead responsibility for ensuring relevant and effective programs are provided, and for the Premier’s Priority of reducing reoffending by five per cent by 2019.
In New South Wales, a significant majority of people convicted of an offence will eventually be reconvicted. Of those convicted of an offence in 2004, 79 per cent had been reconvicted of another offence by 2014 – half within the first year of their initial offence. The total cost to the community of reoffending is difficult to fully quantify. However, the potential to reduce costs to the prisons system alone by reducing reoffending is significant given the average costs of a prison stay is $167 per prisoner per day over an average 218 day sentence. Total prison system costs in New South Wales were $720 million in 2016.
To help achieve its mandate to reduce reoffending, Corrective Services NSW delivers therapeutic programs in prison and the community, along with a range of vocational, education, supervision, case management and health and wellbeing general services. These programs and services contribute to the central goal of reducing the likelihood that prisoners will return to prison. This audit assessed whether selected therapeutic programs are available, accessible and effective in reducing the risk of reoffending. ...
Corrective Services NSW does not ensure that eligible prisoners receive timely programs to reduce the risk they will reoffend on release. Most prisoners who need programs do not receive one before their earliest release date. These prisoners can be released with no intervention or held in prison longer awaiting a program. Additionally, programs have not been systematically evaluated to confirm they are helping to reduce reoffending in NSW.
In 2015–16, 75 per cent of prisoners who needed programs reached their earliest release date without receiving one. These prisoners are often released with incomplete or no intervention in prison, or are refused parole and held in custody for longer than their minimum term. Corrective Services NSW prioritises prisoners for programs based on their risk of reoffending. However, the 20 per cent increase in the prison population between 2011–12 and 2015–16 has put a significant strain on program resources. While program staffing has increased by 20 per cent over the past two years, the overall proportion of prisoners receiving programs before release has not.
Since 2015, there has been increased roll out of moderate-intensity EQUIPS programs, which reach greater numbers of prisoners. However, over the same period, the number of programs to meet the higher-intensity therapeutic needs of sex offenders and serious violent offenders has decreased or remained the same despite increased numbers of prisoners entering custody that may benefit from them. Corrective Services NSW does not collect and act on information to ensure that coverage of specific program needs among sex offenders and serious violent offenders is sufficient given the increases in these prisoner types.
Corrective Services NSW bases its programs on international evidence and has worked in partnership with independent evaluators to evaluate some programs. However, these evaluations have mostly been inconclusive due to small sample sizes and data quality issues. Further evaluations are proposed, including as a result of an additional $237 million investment in reducing reoffending, which will also see the role out of additional programs and case management initiatives.
75 per cent of prisoners who needed programs did not complete them before the earliest date they could have been released for parole
In 2015–16, 75 per cent of prisoners with an identified program need did not complete a program prior to the earliest date they could have been paroled. If prisoners do not complete programs before their earliest parole date, they can be released having had no, or incomplete, interventions while in prison to address their offending. They can also be refused parole by the State Parole Authority, adding unnecessary length to the time spent in jail and exacerbating overcrowding. Parole refusal data from the State Parole Authority indicates that non-completion of programs was a factor in 84 per cent of 302 parole refusals in 2015.
Program resourcing at the prison level is inadequate to meet increased demand
Lack of availability of programs to meet demand is a key factor preventing prisoners from completing programs in time for release. The 20 per cent increase in the prison population between 2011–12 and 2015–16 has placed a significant strain on resources. While more programs are being delivered, the overall proportion of prisoners receiving them before release has not. Prisoner case management is not performed in a timely and consistent way, resulting in prisoners missing opportunities to be referred to programs, particularly if they have shorter sentences. For example, 27 per cent of prisoners with more than six months to serve had not completed an assessment required to determine eligibility for an EQUIPS program in the past four years.
The mix of available programs may be out of step with the needs of some prisoners
Since 2012, Corrective Services NSW has increased the number of moderate-intensity EQUIPS domestic violence and aggression programs provided and more prisoners overall are now able to participate in programs. Over the same period, the number of intensive programs delivered for sex offenders has decreased and the number of intensive programs for serious violent offenders has remained the same. This is despite increasing proportions of prisoners sentenced for sexual assault and related offences, and serious violent offences.
Corrective Services NSW uses a risk-assessment model to determine which prisoners are eligible for existing programs, but does not regularly review whether there are gaps or insufficient program coverage of some therapeutic needs.
Corrective Services NSW does not collect robust and comparable information on program quality and outcomes
Program performance reporting at the prison level focuses on program throughput, such as the number of programs delivered and the number of prisoners participating. Corrective Services NSW does not routinely collect information on program implementation that would provide insights at the prison level into whether programs are being run effectively, and are achieving their intended goals.
Corrective Services NSW has not systematically evaluated its therapeutic programs to confirm they are effective in reducing reoffending
Programs being delivered in New South Wales prisons are based on international evidence about the success of the specific methods and approaches used. This is a good foundation, but Corrective Services NSW is unable to show that its programs are effective in the New South Wales context, and that they are having an impact in achieving the Premier’s target of reducing reoffending by five per cent. Evaluations of some programs have been conducted, but these were mostly inconclusive because of challenges with data collection, such as developing significant enough sample sizes. A lack of consistent forward planning has also affected the rigour of some evaluations.
With the roll out of an additional $237 million investment in reducing reoffending, Corrective Services NSW proposes to focus efforts on evaluating the effectiveness of its programs by engaging external experts and increasing resourcing in its own evaluation unit. A systematic forward program for independent evaluation, which identifies solutions to existing data gaps and builds on past studies, is needed to support this.
Corrective Services NSW should by December 2017:
1. Implement a systematic approach to the use of convictions, sentencing and case management data to ensure that gaps in program offerings can be identified and addressed.
By June 2018:
2. Clearly establish program delivery staff resourcing benchmarks, based on individual prison profiles, that would meet demand and ensure prisoners receive timely assessments, comprehensive case management and relevant programs before the earliest date they can be released.
3. Establish consistent program quality and outcomes performance indicators at the prison-level, and monitor and respond to these quarterly.
4. Develop and implement a detailed forward program of independent evaluations for all prison-based therapeutic programs, that includes identified data requirements for prisons to collect and provide.

Published Editions

A perspective on Australia's published editions regimes is provided by Guillaume Laroche's 'Settling the Score: Copyright in Modern Editions of Public Domain Musical Works' in (2013) 26(1) Intellectual Property Journal 83.

Laroche comments
Modern sheet music publishers regularly assert copyright claims over their new editions of public domain compositions by long-deceased composers like Mozart and Chopin, yet the legal basis for these claims remains untested. This inquiry argues that most such claims are untenable, and outlines a doctrinal copyright analysis supporting this conclusion in Canadian law and jurisprudence. Following a brief overview of the sheet music publishing industry’s copyright practices and some recent challenges to its preferred status quo, two doctrinal approaches are tested using various editions of Frédéric Chopin’s “Raindrop Prelude”. First, an application of the doctrine of originality, as described in CCH v. Law Society of Upper Canada, reveals that editors’ original expression in most new editions of public domain compositions is difficult to discern. Although some editions meet the required standard, this finding nonetheless jeopardizes many publishers’ copyright claims. Second, the inquiry briefly investigates the nature of musical scores as works, concluding that, contrary to what publishers have sometimes argued, a proper application of the Copyright Act should classify them as musical works instead of artistic works. Finally, the findings of the court in the British case Sawkins v. Hyperion are applied to the Canadian context. The article concludes by discussing some of the policy implications of its findings, contrasting the benefits accruing to musicians with the potentially harmful decisions that some music publishers might make if the Canadian standard were adopted more widely.

18 August 2017

Balmain New Ferry

The delicious 'False Imprisonment, Fare Dodging and Federation — Mr Robertson’s Evening Out' by Mark Lunney in (2009) 31 Sydney Law Review 537 argues that
The decisions of the High Court and the Privy Council in Robertson v The Balmain New Ferry Company Ltd retain their place in modern tort texts discussing false imprisonment. This is surprising because the reasoning is frequently considered unclear at best or incorrect as worst. This article considers the case in two historical contexts to evaluate these views. The first context considers contemporary legal doctrine by exploring the significance of the pre-Judicature Act pleading rules applicable in New South Wales and the gap in the contemporary law that made the company’s method of enforcing fare collection problematic. Despite these impediments, the commercial pressures to uphold the system of fare collection proved sufficient to overcome these objections. The second, broader, historical context explores the reaction to the decision of the High Court as an aspect of lingering anti-federal sentiment in New South Wales. The analysis reveals a uniquely Australian context to the decision and reveals the potential of studies of the history of private law to contribute to the history of Australian law more generally. 
Lunney comments
The decision of the Privy Council in the case of Robinson v Balmain New Ferry Co Ltd remains a part of many tort courses and tort textbooks in common law countries. et the reason for including it tends to be to dismiss it as out of line with general principle, as non-representative rather than paradigmatic. It is explained away as an aberration, a task made easier by the eccentricity of its facts. Whilst for explanatory purposes this is a perfectly satisfactory way of dealing with the case as part of the modern law of tort, it leaves open a number of questions. First, if the case was considered contrary to general principle, why did the decisions of both the High Court of Australia and the Privy Council find comprehensively in favour of the ferry company? Analysis of contemporary legal doctrine suggests a lacuna in the law relating to the operation of the system of collecting fares adopted by the ferry company. The matter was of enormous importance to ferry companies: a result in favour of Robertson would have mandated significant change in ferry companies’ practices. The way that the legal lacuna was filled by both the High Court and the Privy Council avoided this commercially undesirable result — albeit with reasoning that gave short shrift to the pleading rules that operated in New South Wales — and ignored well-established limitations on the circumstances in which a person’s imprisonment could be justified. 
The emphasis that Robertson placed on pleading rules in his argument may reveal a subtler context. In the High Court and in the petition for leave to appeal to the Privy Council, Robertson stressed the importance of respecting the pleading rules of New South Wales. The concern that State law might be ignored by the federal High Court needs to be viewed in the context of a High Court that was barely three years old and a federation that had been formed less than a decade before. The reaction to the decision of the High Court demonstrates that anti-Federation sentiment had not simply gone away after 1901. Given the status of the plaintiff, Archibald Nugent Robertson, the decision of the High Court provided a suitable focus for some of that sentiment, in terms of specific criticism of the High Court, as well as for more general expressions of dissatisfaction with Federation. In short, the case demonstrates the potential significance of Australian legal history, in particular the history of private law, to explanations of wider historical trends in Australia, an area that deserves far greater attention than it has thus far received. ... 
This article has attempted to place the decision in Robinson v Balmain New Ferry Co Ltd in its historical context. That context is a complex amalgam with both an internal and an external dimension — a dimension that was understood and controlled by the lawyers and a dimension that went beyond the intricacies of pleading and doctrine. Whatever the merits of the competing legal arguments — and in many ways Robertson’s were stronger — the ferry company was not prepared to limit its case by reference to relatively narrow points of law. By the time the case reached the High Court, the commercial ramifications of a decision in Robertson’s favour were explicitly pointed out by the ferry company. The High Court and the Privy Council were not prepared to jeopardise the established system of fare collection; as the Balmain Observer put it, the ferry company’s rules had been endorsed by its victory. That the decision has proved to be of limited practical importance merely demonstrates its expediency: the commercial imperative of the ferry company could not generate a rule of general application. Viewing the case in its historical context may not change our views as to the result, but it does allow us to explore the interplay between the internal and external dimensions of legal reasoning. It demonstrates that these contexts were not mutually exclusive. As David Ibbetson has shown, the way a case is put by lawyers to the court is fundamental to how the case is decided, and this is evidenced by the varying ways the case was put to the courts by the ferry company’s lawyers. The ferry company was allowed to detain Robertson not just because he had entered into a contract but because the High Court was aware of the commercial consequences of a decision in his favour. This is not to deny the force of reasoning processes internal to law but merely suggests that in some cases, at least in the past, judges and courts did consider the consequences of their decisions, and in doing so, may have considered matters beyond legal doctrine. 
At a broader level, Robertson also shows the value of historical analysis of private law in Australia. The history of tort law in Australia after Federation remains to be written, and Robertson is a good example of the merits of such a project. It reveals an Australian court dealing with a case of first impression that forced it to make new law, a law which was in fact endorsed by the Privy Council. As Bruce Kercher notes, the observation that Australian courts merely copied the English common law ‘should be a commencing point of historical analysis, a hypothesis to explore, rather than a conclusion’. He notes that ‘[w]hen this history is written, we might well find that the High Court was less deferential to English law than we presently assume’. We may also find, as in Robertson, that there were peculiarly Australian contexts in which court decisions and legislation were made. It would be going far too far to think that the High Court justices in Robertson were out to get him, but Robertson does illustrate that decisions are not made in an historical vacuum and, at least to some degree, reflect contemporary historical and political currents. Viewed in this light, the reaction to Robertson represents a remnant of the defeated, but not extinguished, anti-Federation sentiment, a sentiment that at the time was not doomed to failure.
Whatever else this article has achieved, it is hoped that law students of the future may have cause to challenge Harold Luntz’s assessment of Robertson as ‘the arrogant barrister plaintiff’. Pompous he no doubt was, but as this article has demonstrated, he had good reason to think the law was on his side. Nor can one can doubt the sincerity of his belief in the virtue of his cause. We may not have liked him, but we should, perhaps, respect the actions of a man who, in a different era, might have been championed as a defender of civil liberties. 
This article would not be complete without an observation on another well-known aspect of the case — why the authorised report of the Privy Council decision refers to him as Robinson rather than Robertson. There is certainly no error in the Privy Council record, so the mistake must have been made at the printers. An educated guess is that the problem arose from the name ‘Nugent’, an uncommon name which Archibald Nugent Robertson shared with a reasonably well-known contemporary American writer, Nugent Robinson. The printer may well have inadvertently made the connection with Nugent Robinson, and this is what appears in the printed report. The result was, as Professor Tony Blackshield’s ditty on the case records, not only that Robertson lost, but, to add insult to injury, ‘[t]hey couldn’t even spell your name’.

Medicare Numbers Data Breach Inquiries

The national government has announced an Independent Review of health providers’ access to Medicare card numbers, with a final report to be provided by 29 September 2017.

The inquiry is separate to the Senate inquiry announced last week (see below) and is concerned with claims that Medicare card details are being sold on the internet.

The deadlines for public submissions to both inquiries is notably short.

Independent Review

The Independent Review involves Professor Peter Shergold (former Secretary of the Department of Prime Minister and Cabinet), Dr Michael Gannon (President of the Australian Medical Association), Dr Bastian Seidel (President of the Royal Australian College of General Practitioners) and Dr Kean-Seng Lim (Australian Medical Association). Unsurprisingly, the Review does not involve a consumer representative; privacy advocates and users of the health system will presumably contribute through responses to the Review consultation paper.

Members of the Review will be "examining access by health professionals to Medicare card numbers by using the Health Professional Online Services (HPOS) system or by calling" the Department of Human Services.

The Department states
The Australian Government wants to ensure the system is convenient and secure. The system hasn’t been significantly changed since its establishment 8 years ago.
A 2014 ANAO report was noted here.

In July this year Dr Gannon was reported as worrying that the Medicare number data breach would undermine patient confidence in the much-criticised MyHealth Record (MyHR) system, with the AMA accordingly seeking an assurance that a similar breach could not occur with MyHR.
This is a deeply concerning development. It is so important that this information has integrity. 
It’s so important, as it is with a paper record, as it is with other forms of communication about deeply personal matters that they are secure.
The electronic health record has the potential to reduce adverse drug reactions, to reduce unnecessary duplications of investigations, but to do all that, both doctors and patients need absolute confidence in the integrity of personal information.
The Review's terms of reference and scope are -
The Review will consider the balance between appropriate access to a patient’s Medicare number for health professionals to confirm Medicare eligibility, with the security of patients’ Medicare card numbers. 
The Review will examine and advise on:
  • the type of identifying information that a person should be required to produce to access Medicare treatment in both urgent and non-urgent medical situations 
  • the effectiveness of controls over registration and authentication processes at the health provider's premises to access Medicare card numbers 
  • security risks and controls surrounding the provision of Medicare numbers across the telephone channel, and the online connection between external medical software providers and HPOS 
  • the sufficiency of control by patients and the appropriateness of patient notification regarding access to their Medicare number 
  • the adequacy of compliance systems to identify any potential inappropriate access to a patient’s Medicare number 
  • any other identified area of potential weakness associated with policy, process, procedures and systems in relation to accessibility of Medicare numbers. 
Based on the examination of the issues above, the Review will make recommendations for immediate practical improvements to the security of Medicare numbers, while continuing to ensure people have access to the healthcare they need in a timely manner. 
The Review may also make recommendations for medium to longer term changes, or at least the identification of areas that need further examination, to ensure the security of the system and protection of information of Australians.
The consultation questions in the Independent Review's discussion paper are summarised as
1. Do patients have sufficient control and awareness of access to their Medicare card details? 
2. What identifying information should patients have to produce to access health services? 
3. Are the current access controls for HPOS sufficient to protect Medicare information and prevent fraudulent access? 
4. What would the impact on health professionals be if they were required to move from an individual or site level PKI certificate to a PRODA account? Would any enhancements to PRODA be required for health professionals to accept it as a replacement? 
5. If PRODA accounts and PKI certificates were to be suspended following a period of inactivity, what processes or alerts would the Department need to put in place? What would be a reasonable period of inactivity before accounts were suspended?  
6. If delegate arrangements in HPOS were to be time limited, what processes or alerts would the Department need to put in place? What would be a reasonable period for delegate arrangements to last before they require review? 
7. In what circumstances do health professionals need to make batch requests for Medicare card details through HPOS Find a Patient? Can such requests be limited to certain types of providers or health organisations? Should they be subjected to a higher level of scrutiny? 
8. In what circumstances do health professionals require access to Medicare card numbers through the provider enquiries line? Could the provider enquiries line be made available in more limited circumstances? 
9. Is the information available to health professionals regarding their obligations to protect Medicare card information (including the terms and conditions for accessing this information online) sufficiently clear and understood? 
10. Should Medicare cards continue to be used as a form of evidence of identity? 
11. How can Government build public awareness of why it is important for individuals to protect their Medicare card information? 
12. Do you have any other comments about the Review Panel’s possible responses or any other matters relating to the Terms of Reference?
Senate Inquiry

The Senate Finance and Public Administration Committees inquiry into 'The circumstances in which Australians’ personal Medicare information has been compromised and made available for sale illegally on the ‘dark web’' is concerned with
  •  any failures in security and data protection which allowed this breach to occur; 
  • any systemic security concerns with the Department of Human Services’ (DHS) Health Professional Online Services (HPOS) system; 
  • the implications of this breach for the roll out of the opt-out My Health Record system; Australian government data protection practices as compared to international best practice; 
  • the response to this incident from government – both ministerial and departmental; 
  • the practices, procedures, and systems involved in collection, use, disclosure, storage, destruction, and de-identification of personal Medicare information; 
  • the practices, procedures, and systems used for protecting personal Medicare information from misuse, interference, and loss from unauthorised access, modification, or disclosure; and 
  • any related matters. 

17 August 2017


'Compassion and the Rule of Law' by Susan A. Bandes in (2017) 13 International Journal of Law in Context 184  considers
the tensions between compassion and the rule of law. Compassion poses difficult challenges for the rule of law. The compassionate response is often cast as a deviation from settled law rather than a principled application of it. Compassion so understood is troubling, most obviously because it poses a challenge to overall fairness, notice, and consistency. The invocation of compassion to justify law reform is also troubling. It implies that solutions to inequality and other injustices are a matter of charity and mercy, rather than a matter of correcting wrongs and expanding rights.
I argue that compassion cannot serve as a reliable indicator of who should prevail in legal debates. I propose instead that compassion’s importance lies in its ability to illuminate for decision-makers what is at stake for the litigant. In this sense, compassion is closely tied to humility: both are reminders of human fallibility and of the limits of individual understanding. More fundamentally, compassion may serve as one of the core values informing the debate about the scope of individual rights and the proper role of government in protecting them.

Safe Harbours

'A Comparative Analysis of the Secondary Liability of Online Service Providers' by Graeme Dinwoodie in Graeme Dinwoodie (ed) Secondary Liability of Internet Service Providers (Springer, 2017) analyses
the secondary liability of online service providers from a comparative perspective, drawing on national reports on the question submitted to the Annual Congress of the International Academy of Comparative Law. The Chapter highlights two different approaches to establishing the circumstances when an intermediary might be liable: a “positive” or “negative” definition of the scope of liability. The former flows from the standards for establishing liability; the latter grows out of the different safe harbour provisions that immunize intermediaries operating in particular ways, although there can obviously be connections between the standard for liability and the conditions for immunity. The Chapter also considers the mechanism (“Notice and Takedown”) that in practice has come in many countries to mediate the responsibilities of right owners and service providers for a range of unlawful conduct that occurs using the facilities of the service providers. This mechanism typically reflects OSP responses to potential secondary liability, and have developed both in contexts when that liability is defined positively and when it is framed in negative terms. But regardless of the varying impetus for the mechanisms, they are largely implemented through private ordering (with some of the concerns that attends any such activity) that is subject to differing level of public structuring and scrutiny. The Chapter also addresses the concept of (judicially-enforceable) “responsibility without liability”, a growing feature of the landscape in this area, especially but not exclusively in the EU. Service providers in several fields, most notably intellectual property law, are being required actively to assist in preventing wrongdoing by third parties regardless of their own fault (but for example, engaging in so-called “web-blocking” of allegedly infringing sites). These mechanisms, found in several legislative instruments but developed in greater detail by courts through applications in private litigation, operate to create a quasi-regulatory network of obligations without imposition of full monetary liability. The Chapter concludes by considering briefly whether generally applicable principles can be derived from, and extended beyond, the specific context in which they first arose. This analysis leads to two central propositions, which it is argued hold true descriptively and warrant endorsement prescriptively. First, an assessment of secondary liability cannot be divorced from (and indeed must be informed by) the scope of primary liability or other legal devices by which the conduct of service providers or their customers is regulated. And, second, despite the claims that secondary liability is simply the application of general principles of tort law, secondary liability is rarely a subject-neutral allocation of responsibility among different potential defendants according to autonomous principles of fault; rather, it maps in part to the policy objectives of the different bodies of law where the claim of (secondary) liability arises.

15 August 2017


'The Structural Consequences of Big Data-Driven Education' by Elana Zeide in (2017) 5(2) Big Data 164-172 comments
Educators and commenters who evaluate big data-driven learning environments focus on specific questions: whether automated education platforms improve learning outcomes, invade student privacy, and promote equality. This article puts aside separate unresolved—and perhaps unresolvable—issues regarding the concrete effects of specific technologies. It instead examines how big data-driven tools alter the structure of schools’ pedagogical decision-making, and, in doing so, change fundamental aspects of America’s education enterprise. Technological mediation and data-driven decision-making have a particularly significant impact in learning environments because the education process primarily consists of dynamic information exchange. 
In this overview, I highlight three significant structural shifts that accompany school reliance on data-driven instructional platforms that perform core school functions: teaching, assessment, and credentialing. First, virtual learning environments create information technology infrastructures featuring constant data collection, continuous algorithmic assessment, and possibly infinite record retention. This undermines the traditional intellectual privacy and safety of classrooms. Second, these systems displace pedagogical decision-making from educators serving public interests to private, often for-profit, technology providers. They constrain teachers’ academic autonomy, obscure student evaluation, and reduce parents’ and students’ ability to participate or challenge education decision-making. Third, big data-driven tools define what ‘counts’ as education by mapping the concepts, creating the content, determining the metrics, and setting desired learning outcomes of instruction. These shifts cede important decision-making to private entities without public scrutiny or pedagogical examination. In contrast to the public and heated debates that accompany textbook choices, schools often adopt education technologies ad hoc. Given education’s crucial impact on individual and collective success, educators and policymakers must consider the implications of data-driven education proactively and explicitly.


The Attorney-General’s Department has released Telecommunications (Interception and Access) Act 1979: Annual Report 2015–16.

The Executive Summary states
The Telecommunications (Interception and Access) 1979 Act Annual Report 2015–16 sets out the extent and circumstances in which eligible Commonwealth, State and Territory government agencies have used the powers available under the Telecommunications (Interception and Access) Act 1979 (TIA Act) between 1 July 2015 — 30 June 2016. 
The primary function of the TIA Act is to allow lawful access to communications and data for law enforcement and national security purposes, in a way that protects the privacy of people who use the Australian telecommunications network. Serious and organised criminals and persons seeking to harm Australia’s national security routinely use telecommunications services and communications technology to plan and carry out their activities. 
The TIA Act provides a legal framework for national security and law enforcement agencies to access the information held by communications providers that agencies need to investigate criminal offences and other activities that threaten safety and security. The access that may be sought under the TIA Act includes access to telecommunications data, stored communications that already exist or the interception of communications in real time. Each of the powers available under the TIA Act is explained below. 
The use of warrants to intercept and access stored communications is independently overseen by the Commonwealth Ombudsman and equivalent state bodies. The independent oversight role of the Commonwealth Ombudsman was extended to access and use of telecommunications data under the TIA Act on 13 October 2015. 
Legislative reforms 
Data Retention Act 
The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Data Retention Act) came into effect on 13 October 2015. The Data Retention Act standardised the data telecommunications companies are required to retain and introduced a mandatory retention period of two years. It also introduced a requirement for carriers to encrypt and protect retained data. 
The Data Retention Act significantly limited the range of agencies that can apply for a warrant to access stored communications or authorise the disclosure of telecommunications data under the TIA Act. The ability to apply for a stored communications warrant is limited to 20 designated ‘criminal law-enforcement agencies’. The ability for enforcement agencies to authorise the disclosure of telecommunications data has also been limited to the same 20 criminal law-enforcement agencies and the Australian Security Intelligence Organisation (ASIO). 
The Data Retention Act also introduced additional record-keeping and reporting obligations relating to the access to and use of telecommunications data. This information is set out in Chapter 3 of this report. 
Public interest advocate regulations 
The Data Retention Act prohibits ASIO and enforcement agencies from authorising the disclosure of telecommunications data of a journalist or their employer where a purpose of making the authorisation is to identify a journalist’s source, unless a journalist information warrant has been obtained. The journalist information warrants regime recognises the public interest in protecting journalists’ sources while ensuring agencies have the investigative tools necessary to protect the community. 
When considering an application for a journalist information warrant, the TIA Act requires that the Attorney-General or issuing authority is satisfied that the public interest in issuing the warrant outweighs the public interest in protecting the confidentiality of the identity of the source. The regime is supported by the Public Interest Advocates who promote the rights of a journalist to seek and impart information by independently considering and evaluating warrant applications and providing independent submissions in the warrant application process. The Telecommunications (Interception and Access) Regulations 1987 have been amended to set out the procedure for applying for a journalist information warrant. These Regulations support the role of Public Interest Advocates by ensuring effective consultation and allowing submissions to be made in warrant applications. 
Key judicial decisions 
In 2015, a jury convicted three parties for offences under section 45 of the Crimes Act 1900 (NSW), which prohibits female genital mutilation (FGM). The first party was convicted of performing FGM on two girls at the request of the second party, their mother. The third party was convicted as being an accessory after the fact in relation to the events. Electronic evidence gathered under the TIA Act and the Surveillance Devices Act 2007 (NSW) formed a critical part of the police investigation, the prosecution case and the subsequent sentencing of the offenders. This was NSW’s first successful prosecution for these types of offences and resulted in penalties ranging from home detention to imprisonment for 15 months. 
Key findings 
• In 2015–16, 3,857 interception warrants were issued. 
• During 2015–16, information obtained under interception warrants was used in: o 3,019 arrests o 3,726 prosecutions o 1,812 convictions. 
• In 2015–16, 63 enforcement agencies made 333,980 authorisations for the disclosure of historical telecommunications data. Of these, 326,373 authorisations were made to enforce a criminal law. Due to the reduction in agencies authorised to request data, as a result of the Data Retention Act, 43 of these agencies only reported for the period between 1 July 2015 and 12 October 2015. 
• From 13 October 2015 — 30 June 2016 the majority of criminal law offences for which historical data was requested was illicit drug offences (57,166 requests). 25,245 requests were made for homicide and related offences and 4,454 requests were made to assist in terrorism investigations. 
• In 2015–16, 33 authorisations were made under two Journalist Information Warrants. This is the first year the Journalist Information Warrants scheme has been operating. 
• In 2015–16, law enforcement agencies made 366 arrests, conducted 485 proceedings and obtained 195 convictions based on evidence obtained under stored communications warrants. 
Access to the content of a communication 
Accessing content, or the substance of a communication—for instance, the message written in an email, the discussion between two parties to a phone call, the subject line of an email or a private social media post—without the knowledge of the person making the communication is highly intrusive. Under the TIA Act, unless access occurs in certain limited circumstances, such as a life threatening emergency, access to stored communications or interception can only occur under either an interception or stored communications warrant. Access to a person’s communications is subject to significant oversight and reporting obligations. The annual report is an important part of this accountability framework. 
Accessing communications is an effective investigative tool that supports and complements information obtained by other methods. In some cases, the weight of evidence obtained by either an interception or a stored communications warrant results in defendants entering guilty pleas, thereby eliminating the need for the intercepted information to be introduced into evidence. 
Telecommunications data 
A critical tool available under the TIA Act is access to telecommunications data. 
Telecommunications data is often the first source of lead information for investigations, helping to eliminate potential suspects and to support applications for more intrusive investigative tools including search warrants and interception warrants. For example, an examination of call charge records can show that a potential person of interest has had no contact with suspects being investigated. 
Telecommunications data gives agencies a method for tracing telecommunications from end-to-end. It can also be used to demonstrate an association between people, or to prove that two or more people spoke with each other at a critical point in time. Access to telecommunications data is regulated by Chapter 4 of the TIA Act, which permits an authority or body that is an ‘enforcement agency’ under the TIA Act to authorise telecommunications carriers to disclose telecommunications data where that information is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty, or the protection of the public revenue. 
During the 2015–2016 reporting period all enforcement agencies could access historical data and only criminal law enforcement agencies could access prospective data to assist in the investigation of offences punishable by at least three years’ imprisonment. The Data Retention Act, passed by the Parliament in March 2015, reduced the number of enforcement agencies that may access telecommunications data to 20 specified agencies and ASIO. The Attorney-General may declare additional agencies in prescribed circumstances. No additional agencies were prescribed in the 2015–16 reporting period.

14 August 2017

Always look on the bright side

The Australian Information and Privacy Commissioner last week reported conclusion of an investigation into the Australian Red Cross Blood Service’s DonateBlood.com.au data breach.

The OAIC media release states
The Commissioner considers that the community can have confidence in the Australian Red Cross Blood Service’s commitment to the security of their personal information, following his investigation.
The investigation found that a file containing information relating to approximately 550,000 prospective blood donors was saved to a publicly accessible portion of a webserver managed by a third party provider. This was an inadvertent error by an employee of the third party provider. Upon being notified, the Australian Red Cross Blood Service took immediate steps to contain the breach and notify affected individuals.
‘Data breaches can still happen in the best organisations — and I think Australians can be assured by how the Red Cross Blood Service responded to this event. They have been honest with the public, upfront with my office, and have taken full responsibility at every step of this process,’ said the Commissioner.
While the Blood Service had in place policies and practices to protect personal information as required by the Privacy Act 1988, there were two matters within the Blood Service’s control that were a contributing factor to the data breach.
An observer who is less inclined to embrace the OAIC's 'always look on the bright side' philosophy might conclude that the "policies and practices" in place were inadequate and that there are grounds for reviewing expectations.

The media release goes on to state
‘This incident is an important reminder that you cannot outsource privacy obligations. All organisations must put in place reasonable measures to ensure their third party providers’ compliance with appropriate privacy and data security practices and procedures.’
The Blood Service has enhanced its information handling practices since the incident and has provided assurance to the Commissioner and the Australian community through an enforceable undertaking. The third party contractor, Precedent Communications Pty Ltd, has also provided an enforceable undertaking with the Commissioner’s office.

10 August 2017

ACCC Car Markets Study

The ACCC has released a draft report on New Car Retailing Industry – a market study.

The draft report states
Buying a new car is a significant purchase for a consumer. The purchase of a car and its ongoing maintenance account for around five per cent of total average household expenditure annually, typically making it second only to housing expenditure in importance. Well-informed consumers and competitive new car retailing markets are therefore likely to deliver considerable benefits.
Market studies are used by the Australian Competition and Consumer Commission (ACCC) to help promote effective competition in markets. Studies are normally undertaken where a number of concerns about market conduct have been raised, and a detailed examination of market characteristics could help to determine whether market intervention, including new policy proposals, regulatory solutions or enforcement action is warranted. 
The ACCC’s market study into the new car retailing industry is in response to a number of concerns raised with the ACCC and other fair trading agencies about how new car retail markets are operating. The issues raised include those complaints received by the ACCC and other Australian Consumer Law (ACL) agencies about defects with vehicles, misrepresentations to consumers, and issues in post-sale service markets. This draft report considers these and other issues raised with the ACCC through the course of this study. It details the ACCC’s findings from almost 12 months of investigation, consultation and research. It contains a number of key findings and recommendations for improving consumer protection and promoting competition in new car retailing and associated markets....
New car retailing
New car retailing activities cover more than just the sale of new cars at a car dealership. They extend to:
  • activities that occur prior to the sale, such as the advertising of new cars and representations made about car performance or emissions 
  • activities that occur at the time of the sale, including the sale of finance and insurance products, representations on standard manufacturer warranties, and the sale of additional warranties 
  • post-sale activities which are closely linked to the new car sale, such as regular maintenance and the cost of spare parts for the new car.
The sale of a new car also triggers consumer guarantees under the ACL which relate to post-sale activities. These statutory rights cover what consumers can expect from a good or service and the remedies available to them if something goes wrong.
The new car retailing supply chain
A number of entities are involved in the new car retailing supply chain, including:
  • car manufacturers, usually large multi-national firms that produce cars, parts and tools, and distribute their products through new car dealers 
  • new car authorised dealers are usually in franchise agreements with car manufacturers to supply as well as repair and service new cars 
  • independent businesses that repair and service new cars, or produce or supply parts and tools.
New car retailing is a significant sector of the Australian economy:
  • Around 1.1 million new cars were sold at more than 1500 new car dealers operating more than 3500 retail outlets in 2016. Car dealer revenues in 2016–17 are estimated at $64 billion. 
  • New car sales also have flow on effects for car servicing and repairs, crash repairs and replacement parts. Around 40 000 manufacturer-authorised and independent car repair and service businesses will earn revenues of around $18 billion in 2016–17 and close to 11 000 crash repair businesses are expected to earn revenues of $6.8 billion. 
The ACCC’s key market observations 
Analysis for this study has revealed a number of problems that are harming consumers and hindering effective competition in the new car retailing industry.
Three key observations arising from this study are: The law offers protections for consumers when purchasing new cars, but there are material deficiencies in the way that consumers are able to enforce their rights, and the way these rights are represented to them by manufacturers and dealers. The ACL provides protections to consumers through the consumer guarantees. Despite these protections, there are a number of systemic problems in the new car industry preventing consumers from obtaining the remedies to which they are entitled when their car experiences a problem. The biggest obstacle to consumers not receiving the remedies to which they are entitled under the ACL is the failure of manufacturers’ complaints handling systems and policies across the new car industry to adequately take consumer guarantees into account.
ACCC response: The ACCC will continue to address non-compliance with the ACL by manufacturers or dealers, including enforcement action where appropriate. The ACCC has recently instituted proceedings in the Federal Court against Ford, and has accepted a court enforceable undertaking from Holden in relation to its concerns about alleged ACL non- compliance issues. The ACCC will also work with other ACL regulators and the industry to publish guidance for consumers on their rights in the event there is a problem with their new car, including guidance for dealers to distribute to consumers at the point of sale. The ACCC also supports the legislative amendments to the ACL proposed in the ACL Review aimed at providing greater clarity and to address any uncertainties about the application of consumer guarantees. Concerns remain about the effect of limited access to information and data required to repair and service new cars. The repair and service of new cars is increasingly reliant on access to electronic information and data produced by car manufacturers. Independent repairers, which are not authorised or affiliated with car manufacturers, are reliant on car manufacturers voluntarily sharing information and data. Around one in ten new car buyers have their car repaired or serviced with an independent repairer. The ACCC is of the view that the competitive discipline imposed by independent repairers on the aftermarkets for the repair and servicing of new cars remains valuable and of benefit to consumers.
While voluntary commitments have been offered by car manufacturers to provide independent repairers with the same technical information to repair and service new cars that they provide to their dealers, problems with the breadth, depth and timeliness of the technical information offered appear to be enduring.
ACCC response: The ACCC considers that consumers benefit from competitive aftermarkets. As voluntary commitments to share technical information have not been successful in meeting their aims and there has been only a limited improvement in access, the ACCC recommends regulatory intervention to mandate the sharing of technical information with independent repairers on ‘commercially fair and reasonable terms’. Consumers are not receiving accurate information about the fuel consumption or emissions performance of new cars. Current fuel consumption and emissions testing procedures rely on laboratory testing rather than testing in real-world driving conditions. Manufacturers may therefore claim results for fuel consumption and emissions based on laboratory tests that are significantly better than can be achieved in real-world driving conditions. This is unlikely to meet consumer expectations and has the potential to be misleading.
Research from the Australian Automobile Association and consulting engineers, ABMARC, indicates that real-world fuel consumption is on average 25 per cent higher than official laboratory test results. The size of the gap between laboratory and real-world fuel consumption tests is not consistent across car types or brands, and has been increasing in recent years, casting doubt on the comparative value of fuel consumption figures currently displayed in fuel consumption labelling.
Consumer detriment may also occur when manufacturers fail to appropriately qualify fuel consumption claims. While the information supplied through mandatory fuel consumption labelling is primarily designed to help consumers make comparisons between different cars, the use of absolute values for fuel consumption and emissions may contribute to consumer misunderstanding.
ACCC response: The ACCC supports moves to enhance the quality of information supplied to consumers currently being considered by the Ministerial Forum into Vehicle Emissions, including the introduction of a more realistic laboratory test and real driving emissions testing. The ACCC has directed its analysis and recommendations towards addressing these three issues. A number of other issues are also addressed in the report, and the ACCC also seeks comment on these issues.
Key Findings and Recommendations
Chapter 2: New car retailing industry characteristics
Car manufacturers and authorised dealers are typically active in both the manufacture and supply of new cars and in the supply of aftermarket services, including car servicing, repairs and supply of parts and tools.
Manufacturers and authorised dealers generally earn higher profit margins from aftermarket services than from new car sales. For dealers, although parts sales and repair and service account for 15 per cent of revenue, these aftermarket services contribute to 49 per cent of gross profit.
A common pricing strategy for car manufacturers and authorised dealers is to discount new car prices to maximise sales of aftermarket services. This strategy reflects that consumers have more choices available at the time of the new car sale than they do in aftermarkets for repair, service and replacement parts after the sale.
Retail markets for the supply of new cars in Australia are generally competitive, primarily indicated by low market concentration of car brands and dealers.
Competition in markets for the supply of aftermarket services is less competitive as a result of factors including:
  •  the ability and incentives of car manufacturers and their dealers to impede competition in profitable aftermarkets by controlling access to necessary inputs such as the technical information needed to repair and service a new car 
  • consumer misunderstanding about warranty and servicing requirements (including the misconception that manufacturer warranties require new cars to be serviced at a dealership), and 
  • high costs of switching once consumers have purchased a particular brand and make of car.
Chapter 3: Consumer guarantees and warranties
The ACL provides statutory protections for consumers
The ACL is Australia’s national law for fair trading and consumer protection and plays a critical role in providing protections to consumers in their dealings with business and in the event that there is a problem with a good or service, including new cars. The consumer guarantees provided by the ACL cannot be displaced.
Manufacturer warranties provided with the purchase of a new car, and extended warranties offered by the dealer or a third party, provide additional protection to consumers in some circumstances.
Together, the ACL and state and territory legislation, along with manufacturers’ warranties, collectively provide consumers with an extensive suite of consumer rights to remedies or other forms of redress in the event that a new car is defective or fails to perform as promised.
The recent review of the ACL has proposed a number of amendments to enhance the law and provide greater clarity to address any uncertainties about the application of consumer guarantees. The proposed amendments include reforms aimed at assisting consumers understand and choose a remedy if things go wrong with a good or when a good, including a new car, has multiple and ongoing issues.
While the proposed ACL reforms would strengthen and provide greater clarity about the application of consumer guarantees, the existing law already provides remedies for faulty cars. This study has found that consumers are encountering difficulties enforcing consumer guarantees when problems occur with new cars. The ACCC views these issues as chiefly a compliance problem associated with manufacturers’ complaints handling systems failing to adequately take consumer guarantees into account.
Draft recommendation 3.1
The ACCC supports the amendments proposed by CAANZ in the recent ACL Review to enhance the ACL and address any uncertainties about the application of consumer guarantees. Of particular relevance to issues arising in this study, the ACCC supports proposals 1, 2 and 3 in the final report on the ACL Review:
Proposal 1: Where a good fails to meet the consumer guarantees within a short specified period of time, a consumer is entitled to a refund or replacement without needing to prove a ‘major failure’. 
Proposal 2: Clarify that multiple non-major failures can amount to a major failure. 
Proposal 3: Enhance disclosure in relation to extended warranties by requiring:
  • agreements for extended warranties to be clear and in writing 
  • additional information in writing about what the ACL offers in comparison to the extended warranties 
  • a cooling-off period of ten working days (or an unlimited time if the supplier has not met their disclosure obligations) that must be disclosed and in writing.
Draft recommendations on proposed amendments to enhance the ACL
Consumers are not receiving balanced information about their rights
Consumers are not receiving adequate information about consumer guarantees at the point of sale of a new car. The information provided is generally very limited and is usually not provided in a form consumers can retain, and refer to later.
An oral explanation is not sufficient. Consumers need information in a form that can be referred to at any time during their ownership of their car. The ACCC considers that it is best practice for dealers to provide an explanation about consumer guarantees in writing.
A balanced provision of written information about consumer guarantees requires not only an explanation of the statutory rights available to consumers, but also an explanation of the statutory obligations of manufacturers and dealers. It also requires an explanation of the potentially complex interaction between consumer guarantees and other consumer rights available under warranty in the event of a problem with the car.
Most consumers have a reasonable level of awareness of their consumer rights when they purchase goods or services in Australia. There are a variety of sources of information for consumers seeking to improve their understanding of their rights with respect to the purchase of a new car.
This study has found that many consumers face difficulties in understanding the application of the consumer guarantees to their new car purchase and the distinction between consumer guarantees and warranties. Such difficulties impact the ability of consumers to accurately assess the value of any additional consumer protections offered by extended warranty products compared to the rights they already have under the consumer guarantees or the manufacturer warranty.
ACCC action on consumer understanding of their rights
ACCC action 3.1 
The ACCC will work with manufacturers and dealers to develop a concise and simple explanation of consumer guarantees and their interaction with warranties, which should, as industry best practice, be provided to consumers at the point of sale of a new car.
This appears to be in part the result of a focus by dealers at the point of sale on the manufacturer’s warranty and the potential sale of an extended warranty. Dealers have commercial incentives, as the result of commission-based remuneration, to maximise their sales of extended warranties.
The majority of consumers take their new cars to manufacturer authorised dealers for repairs and service. This appears to be, in part, the result of a mistaken belief that the manufacturer’s warranty requires them to only use an authorised dealer.
Contributing to this misunderstanding are direct and implied representations made by a number of manufacturers in their logbooks and service manuals to the effect that authorised dealers must carry out services or repairs (or that original equipment (OE) parts must be used). Many of these representations are likely to contravene the provisions of the ACL, and may also raise competition concerns under the CCA. 
ACCC action 3.2 
To assist consumers better understand their rights when it comes to new car defects and failures, the ACCC will work with other ACL regulators to publish an updated version of Motor vehicle sales and repairs - an industry guide to the Australian Consumer Law (August 2013) to ensure that this publication addresses the issues identified in this study, including specific guidance on criteria for determining a ‘major failure’. Guidance may also be designed for use by businesses, including dealers, regarding their rights and obligations under the ACL.
ACCC action 3.3
Instances of misleading or deceptive conduct, or misrepresentations, in relation to the use of independent repairers or non-OE spare parts will be targeted through action by the ACCC, including enforcement action where appropriate.
ACCC action on consumer understanding of their rights
Consumers face significant obstacles to enforce their ACL rights
A significant body of evidence suggests systemic failures in the ability of consumers to enforce their consumer guarantee rights after the purchase of a new car. The ACCC has seen many examples of practices by manufacturers in dealing with consumer complaints that raise concerns under the ACL provisions, including the failure of manufacturers’ complaints handling systems to adequately take consumers’ ACL rights into account.
The ACCC has identified five key issues contributing to the difficulties experienced by consumers in enforcing their consumer guarantees:
- manufacturers’ focus on warranty obligations to the exclusion of their consumer guarantee obligations 
- manufacturers’ responses to ‘major failures’ 
- the widespread use of non-disclosure agreements by manufacturers when resolving complaints 
- the lack of effective independent dispute resolution options for consumers, and 
- particular features of the commercial arrangements between manufacturers and dealers
Manufacturers’ complaint handling systems require dealers to check whether a car is under warranty before decisions are made as to an appropriate response to the customer’s complaint. This means interactions with the consumer take place within the manufacturer’s warranty framework to the exclusion of the consumer guarantees.
There is a dominant ‘culture of repair’ underpinning manufacturers’ systems and policies for dealing with car defects and failures, even where cars have known and systemic mechanical failures which would entitle a consumer to a replacement or refund under the consumer guarantees.
The widespread use of non-disclosure agreements when resolving consumer complaints suggests that consumers are not entitled to their consumer guarantee and warranty rights unless a non-disclosure agreement is signed when this is not the case. Non- disclosure agreements also substantially reduce information in the marketplace for new buyers about defects and safety issues that are common to a particular car.
Independent dispute resolution options are providing little incentive for manufacturers to improve their ACL compliance. These options do not effectively enable consumers to obtain the remedies they are entitled to under the consumer guarantees. This creates little incentive for a manufacturer or dealer to offer these remedies at an earlier stage in a dispute.
Given the nature of commercial relationships between dealers and manufacturers, dealers are frequently in the challenging position of balancing their ACL obligations to customers, safeguarding their own financial interests and maintaining a long term commercial relationship with their manufacturer. These commercial arrangements can have the effect of denying or making it difficult for consumers to readily access the remedies to which they are entitled.
ACCC action on the consumer experience of enforcing their rights 
The ACCC has recently instituted proceedings in the Federal Court against Ford, and it has also accepted a court enforceable undertaking from Holden, in relation to its concerns about alleged ACL non-compliance issues.
ACCC action 3.4
Manufacturers’ complaints handling systems, policies and practices that do not comply with the consumer guarantee requirements of the ACL will continue to be targeted through action by the ACCC and fair trading agencies, including enforcement action where appropriate. Such action may also address any instances of non-compliance by dealers. The ACCC is particularly concerned about manufacturers and dealers engaging in conduct that may be misleading or unconscionable.
Chapter 4: Accessing technical information to repair and service new cars
Technical information for servicing and repairing new cars is not widely available
The nature of technical information to repair and service new cars is rapidly changing, with digital files and codes, and appropriate diagnostic tools, now often necessary to complete a car repair or service.
Independent repairers have continuing problems accessing technical information for new cars. Few car manufacturers provide equivalent access to the technical information provided to their authorised dealers and preferred repairer networks, and many provide very little or no information at all.
Independent repairers may be able to obtain technical information from sources other than the car manufacturer in Australia; however, the information is commonly incomplete, not applicable to Australian models, or offers no security of ongoing supply.
Car manufacturers may have legitimate concerns about the sharing of some security- related technical information to repair and service new cars. Regardless, in other jurisdictions this information and data is securely shared with independent repairers.
The ACCC has informed itself on these issues through consideration of a range of evidence including submissions from stakeholders, site visits and the reports of an automotive technical expert engaged by the ACCC to further examine the submitted claims of stakeholders, which found that access to technical information for independent repairers is inconsistent. Existing voluntary methods of information sharing are not effective
Key industry associations, including the FCAI, have voluntarily agreed to a set of aims and principles to ensure there is ‘a fair and reasonable competitive market within the car repair and service industry.’ The principles of the Heads of Agreement place voluntary obligations on car manufacturers to, in general, share with independent repairers, on ‘commercially fair and reasonable’ terms, the technical information they provide to their dealers.
Broadly, most car manufacturers in Australia are not fully sharing technical information consistently with the aims and principles of the Heads of Agreement.
The Heads of Agreement has several shortcomings which hinder its aims and principles of improving access to technical information from being achieved in a fair and efficient way.
The ACCC has concluded that the net effect of the Heads of Agreement, across the industry, in improving access to technical information for new cars has been limited, and that the Heads of Agreement is ineffective in providing access that is consistent with its stated aims and principles.
Effective information sharing would enhance competition and improve consumer outcomes
As discussed in chapter 2, car manufacturers have an incentive to limit access by independent repairers to technical information to steer service work to authorised dealers and repair work to preferred repairer networks.
This is impacting the ability of independent repairers to effectively and efficiently compete in the aftermarkets for the repair and servicing of new cars.
It is also causing detriment to consumers in the form of increased costs, inconvenience and delays when having their new car repaired or serviced.
Consumer switching in the new car market is unlikely to provide strong competitive discipline on manufacturers and dealers in aftermarkets, and any benefit of competition in the sale of new cars to consumers does not offset the impact of less competitive aftermarkets. The ACCC’s view is that consumers benefit from competitive aftermarkets for the repair and servicing of new cars. Developments in other jurisdictions offer pathways for reforms in Australia
In foreign jurisdictions, regulatory interventions have made the technical information necessary for independent repairers to repair and service new cars more widely available.
EU regulations requiring independent repairers to have ‘easy, restriction-free and standardised access’ to information and data to repair and service new cars have generally been successful in meeting those aims. In the US recent state legislation has stimulated further voluntary national changes to improve access.
The EU and the US models are specific to their regulatory environments and geographically distinct markets. Elements of these models, such as secure processes to access security-related information and access to technical information by intermediaries to develop informational products and diagnostic tools, should be considered in Australia. However, outright adoption of other models may not be appropriate.
Draft recommendation 4.1
A mandatory scheme should be introduced for car manufacturers to share with independent repairers technical information, on commercially fair and reasonable terms. The mandatory scheme should provide independent repairers with access to the same technical information which car manufacturers make available to their authorised dealers and preferred repairer networks. The mandatory scheme should place an obligation on car manufacturers and other industry participants to achieve the aims and principles set out in the Heads of Agreement (including those in relation to training and reinforcing existing statutory obligations on independent repairers to ensure repairs and servicing are carried out correctly to car manufacturers’ specifications to assure the safety of consumers). The mandatory scheme should, subject to the type of regulation used, address the following operational matters: 
Real time access 
Car manufacturers should make available to independent repairers, in real time, the same digital files and codes, such as software updates and reinitialisation codes, made available to dealers to repair or service new cars. 
Obligations on sharing technical information should apply to all car manufacturers in Australia.
Consideration should be given to including options for relevant intermediaries to access technical information from car manufacturers on commercially fair and reasonable terms. 
All relevant terms, conditions and exclusions should be defined in the regulation, for instance, defining diagnostic tools and their relevance to facilitating access to technical information, as well as defining security-related information. 
Dispute resolution
Any dispute resolution processes should be timely and accessible by all relevant stakeholders.
Any dispute resolution processes should be subject to compulsory mediation and binding arbitration by an independent external party. 
Key stakeholders should meet regularly to discuss the rapidly changing nature of repair and service information. Security-related information and data
Similar to the EU or US models, a process for the secure release of security-related technical information should be established or authorised under the mandatory scheme. 
Appropriate options to enforce the terms of any regulation, if appropriate, should be included (e.g. penalties). 
Draft recommendations on access to technical information for new cars
Chapter 5: Parts needed to repair and service new cars
Access to parts is sometimes restricted
Car manufacturers and dealers sometimes restrict access to certain parts for legitimate reasons that may benefit consumers. This includes parts which can compromise vehicle security and encourage theft. However, a further motive for restricting access may be to steer more repair and service work back to authorised dealers and preferred repairer networks. This can reduce competition for servicing or repair work and raise prices.
The lack of transparency and consistency across manufacturers about what are security- related parts means that access restrictions can be arbitrary, increasing uncertainty and cost for independent repairers. It could also undermine the intent of reforms to promote access to technical information needed to repair and service cars.
Draft recommendation 5.1
OE manufacturer-branded parts and accessories should be generally available to independent repairers on commercially fair and reasonable terms. Car manufacturers should develop policies which clearly outline any parts subject to restricted access on security-related grounds. These policies should be publicly available. The FCAI is well-placed to work with manufacturers to examine whether there is benefit in agreeing a standard definition and detailed classification system for ‘security-related’ parts to provide certainty to parts customers.
ACCC action 5.1
Refusals by car manufacturers to supply security-related parts for repair and service will be monitored and addressed through action by the ACCC, including enforcement action where appropriate.
Draft recommendations and actions on parts
High margins are earned on supply of spare parts
Anecdotal evidence and submissions to this study suggest that parts prices in Australia are rising relative to the cost of new cars, and that Australia has high parts prices relative to some overseas jurisdictions.
Detriments from high parts prices could include distortions in decisions about repairing cars; for example, high parts prices might cause cars to be ‘written off’ when it may be more efficient to repair them.
There is limited competition to supply certain spare parts for repair and service. In addition, consumers have a limited ability to switch to alternative suppliers of parts in many instances and these factors may lead to high prices.
However, parts prices should be considered within a broader context of supply of new cars and other aftermarket services. Manufacturers and dealers discount prices of new cars to capture a greater share of parts sales, which attract much higher margins.
Request for further information
The ACCC seeks further information on the issue of transparency in parts prices, and whether the withdrawal of retail price lists by some or all manufacturers would harm competition or increase costs in parts markets.
Chapter 6: Fuel consumption, emissions and the ACL
Consumers are not well informed about fuel consumption and emissions tests
Fuel consumption is a significant factor for consumers when buying a car, second only to price and model. The environmental impact of new cars is also important to one in five consumers. For this reason, new car buyers need to be able to rely on the accuracy of claims made by manufacturers and dealers about the fuel consumption and emissions of particular car models.
Representations to consumers about fuel consumption and emissions are made by manufacturers and dealers in a variety of ways. While they have no discretion about displaying mandatory labels, they do control claims made in promotional and advertising materials or at the point of sale. ACCC research for this study indicates that manufacturers are not always appropriately qualifying these claims, and that many consumers believe that advertised fuel consumption and emissions figures are likely to be attained in real-world driving conditions, when this is not the case.
In addition, some consumers may not understand that fuel consumption and emissions values are intended for comparative purposes only. Even when representations are qualified, these consumers may still believe that the advertised figures will be attained.
Request for further information
The ACCC welcomes views on whether general consumer education or awareness initiatives about how fuel consumption and CO2 emissions are measured (and what factors influence them) should be considered.
Draft recommendations on fuel consumption and CO2 emissions claims
Draft recommendation 6.1
Changes to the fuel consumption label affixed to new cars should be considered to improve the comparative use of the information supplied. Introducing a star-rating system or annual operating costs may minimise the extent to which consumers interpret an ‘absolute’ fuel consumption/emissions value as equivalent to what they would achieve in real-world driving conditions.
There are material discrepancies between fuel consumption and emissions test and real-world results
Current fuel consumption and emissions testing procedures rely on laboratory testing rather than testing in real-world driving conditions. Manufacturers may therefore claim results for fuel consumption and emissions based on laboratory tests that are significantly better than can be achieved in real-world driving conditions. This is unlikely to meet consumer expectations and has the potential to be misleading.
Research from the Australian Automobile Association and consulting engineers, ABMARC, indicates that real-world fuel consumption is on average 25 per cent higher than official laboratory test results. The gap between laboratory and real-world fuel consumption tests is not consistent across car types or brands, and has been increasing in recent years. This casts significant doubt on the comparative value of absolute fuel consumption figures currently displayed in fuel consumption labelling.
The Australian Government is currently reviewing possible new measures to address vehicle emissions under the Ministerial Forum on Vehicle Emissions. The Forum is considering a number of measures to improve the integrity of vehicle emissions testing, including the introduction of a more realistic laboratory test for fuel consumption and emissions, and for vehicle emissions, on road testing. 
Draft recommendations on the fuel consumption and emissions discrepancy 
Draft recommendation 6.2 
The ACCC supports measures to enhance the quality of information supplied to consumers currently being considered by the Ministerial Forum into Vehicle Emissions, including the replacement of the current fuel consumption and emissions testing regime with the new Worldwide Harmonised Light Vehicles Test Procedure, a more realistic laboratory test, and the introduction of an on-road ‘real driving emissions’ test. 
Chapter 7: Other issues 
This study considered a number of additional issues, including telematics in cars, car performance and representations about the advertised year of a new car.
Draft findings on telematics
The impact of telematics on competition and consumers is likely to become more acute as telematics technology becomes more prevalent. The ACCC will continue to monitor emerging issues in this area.
The voluntary Heads of Agreement and codes of practice governing information-sharing in relation to technical information provides a process, as yet unused, for the signatories to discuss issues associated with access and ownership of data generated by telematics technology. 
Draft recommendation on telematics 
Draft recommendation 7.1 
The ACCC supports the Productivity Commission’s recommendations in its final report on Data Availability and Use for a comprehensive right for consumers to access digitally held data about themselves, including to direct data custodians to copy that data to a nominated third party which may address some of the concerns that were raised about the impacts of telematics technology on new car purchasers. 
Draft findings on car performance 
 Submissions to this study have pointed to a few examples of misleading claims in relation to car performance. However, submissions have not provided evidence that this issue is systemic.
The current laws prohibiting false, misleading and deceptive conduct under the ACL provide adequate consumer protection in relation to this issue.
Draft findings on the advertised year of a new car
Submissions to this study have provided limited evidence of systemic misleading behaviour by manufacturers or dealers in relation to the advertised year of new cars. The current laws prohibiting false, misleading and deceptive conduct under the ACL provide adequate consumer protection in relation to this issue.

09 August 2017

Sumption and Sovereignty

'The Judicial Individuality of Lord Sumption' by James Lee in (2017) 40(2) University of New South Wales Law Journal scrutinises
the role of the individual judge on the United Kingdom Supreme Court through an analysis of the jurisprudence of Lord Sumption JSC. The examination of the Court’s recent decisions demonstrates that his Lordship is a leading figure on the Supreme Court. It is argued that key cases and extra-curial speeches mark Lord Sumption as a proponent of judicial conservatism, and two 2016 case studies from private law are used to develop this thesis: Patel v Mirza [2016] UKSC 42 on the defense of illegality and Willers v Joyce (No 1) [2016] UKSC 43 on the tort of malicious prosecution. The article concludes that the study has broader implications for the dynamics of judging, both individually and collectively, in a court of final appeal.
'Sovereignty as a Right and as a Duty: Kant's Theory of the State' by Jacob Weinrib in Claire Finkelstein and Michael Skerker (eds), Sovereignty and the New Executive Authority (Oxford University Press, Forthcoming) comments
 Critics of Immanuel Kant’s legal and political philosophy argue that his theory of the state collapses into one of two extremes. For some, Kant is a quietist who regards positive law as the instantiation of justice and thereby deprives himself of a moral standpoint for the criticism of positive law. For others, Kant is an anarchist who denies the authority of law whenever it deviates from the demands of justice. I argue that these interpretations are the opposing products of a common error: the failure to distinguish between Kant’s justification of the right of the state to exercise public authority and his corresponding theory of a perfectly just state. Once these aspects of his theory of the state are disentangled, Kant’s transformative vision comes into view. Far from reducing the idea of a state to either an authoritative fiat or a utopian vision of justice, Kant offers a standpoint for recognizing (1) the public authority of existing states, (2) the standard of justice for assessing the moral adequacy of those states, and (3) the ongoing duty of existing states to direct the exercise of public authority to the deepest possible fulfillment of public justice.

08 August 2017

Data Breach

'Can Data Breach Claims Survive the Economic Loss Rule?' by Catherine M Sharkey in (2017) 66(2) DePaul Law Review comments
Data security breach cases are fertile ground to explore the impact of the economic loss rule and to challenge the conceptual underpinnings of this judge-made doctrine. The extent to which the economic loss rule serves as a formidable barrier to credit card data security breach cases depends upon the underlying state law; in particular, whether a state adopts the majority or minority position on the rule, as well as how it defines various exceptions thereto. Upon closer examination, it becomes clear that the rule operates in a fundamentally distinct manner in the ‘stranger paradigm’ as compared to the ‘contracting parties paradigm’. What makes the credit card data security breach cases so vexing is that they often straddle the stranger/contracting parties paradigms. The credit card data breach cases can be reframed in a coherent way that defers to contractual allocation of risk and responsibility but nonetheless allows tort liability to be deployed when needed to ensure the internalization of third-party costs. Seen from a broader regulatory perspective – especially taking into account state statutory provisions relating to enforcement of private industry standards in the credit card arena – the economic loss rule functions as a boundary-policing doctrine between tort and regulation as alternative mechanisms to regulate private parties. Moreover, as a more robust third-party liability insurance market emerges in response to a greater threat of tort liability, insurers will engage in further risk management, exerting more potent regulatory control.
'Perspectives on Privacy, Data Security and Tort Law' by Robert L Rabin in (2017) 66 DePaul Law Review asks
In 2014, did you shop at any of these retailers who had consumer records compromised: Target (70 million records), or EBay (145 million records), or Home Depot (56 million records)? Did you have a health insurance plan through Anthem or Blue Cross prior to 2015 (80 million records)? Did you have a bank or credit card account with JP Morgan Chase prior to 2015 (83 million records)? Have you applied to work in the federal government in the past fifteen years (21.5 million records)?
Rabin responds
If you answered Yes to any of these questions, there is a good chance that your personal data has been stolen, leaked, exposed, or otherwise revealed to an unauthorized third party as part of a data breach. Since 2005, more than 900 million records have been improperly exposed or accessed as a result of 5.041 million data breaches in the United States alone.  In 2015, $15 billion was stolen from 13.1 million American consumers who were victims of identity theft, much of which could be traced back to data breaches. Corporations and governments also suffer: In 2014, the estimated cost per record lost or stolen due to data breach was $145. Given that over 85 million records were lost or stolen in 2014, corporations undoubtedly face substantial costs from data breaches. Even apart from data breaches, consumers face privacy risks from the misuse or misappropriation of their data by corporations. Data breaches can be traced to three main causes: (1) malicious or criminal attack; (2) system glitch or malfunction; or (3) human error. In 2014, approximately 47% of data breaches resulted from malicious or criminal attacks, 29% from system glitches, and 25% from human error. Breaches due to malicious attacks were more expensive to resolve ($170 per record) compared to those that stemmed from glitches ($142 per record) or human error ($137 per record).
Certain industries are more affected by data breaches than others.  In 2014, 42% of data breaches stemmed from the education sector, though these breaches only resulted in 9.7% of the total number of exposed records. In the same year, 33% of the total number of breaches came from the business sector (not including finance or healthcare), but these breaches resulted in nearly 80% of exposed records. The remaining breaches fall within the financial, health-care, or government sectors. Unsurprisingly, data breaches affect each of these industries differently. The education and healthcare sectors, for example, suffer the greatest costs-per-record-per-breach, at $300 and $363 per record respectively, where the average cost per record released for any given data breach is around $154.
Estimating the effects of a data breach on individual consumers is more difficult. As noted, an increasing number of Americans have become victims of various forms of identity theft, which often results in monetary loss and a decrease in an individual’s credit score. Beyond identity theft, data breach victims are likely to feel that they need to mitigate future harm by replacing credit cards, closing accounts, and obtaining continuous credit monitoring. At a more basic level, consumers who have been victims of data breaches feel that their privacy has been violated. Little survey work has been published on these subjects, but it seems beyond dispute that data breaches have tangible effects that are widely felt among the American population.
Several recent cases help illustrate the risks and challenges posed by data breaches. During the 2014 holiday shopping season, hackers stole at least 70 million records from Target. Hackers obtained credit card information from 40 million consumers who shopped at Target between November 2014 and December 2014 by installing malware on Target’s systems. The same hackers also stole up to 70 million additional customer records, including mailing and email addresses, phone numbers, and names. In the months following the data breach, it was revealed that Target’s security system — installed by the well-reputed computer security firm FireEye — detected the breach before any data had been stolen. For somewhat unexplained reasons, Target’s security officials declined to intervene — in fact, they had even turned off a FireEye feature that would have automatically deleted the malware from the system (again for unexplained reasons). The result of this reportedly conventional and relatively unsophisticated malware attack was the loss of 70 million records, touching nearly one in three American consumers. Target did not realize that it had been hacked until federal law enforcement officials notified them on December 12, 2014, by which time it was too late. In July 2015, the White House revealed that the records of 21.5 million people were stolen as a result of a data breach of the Office of Personnel Management (OPM). “Every person given a [federal] government background check for the last 15 years was probably affected,” according to OPM. Hackers were able to steal names, social security numbers, biometric fingerprint data, travel information, addresses, and other sensitive personnel information as part of the OPM data breach. As in the Target case, there were warning signs over a period of years indicating that OPM’s computer systems were antiquated and at serious risk of intrusion, yet no action was taken to secure the vast amount of personal data until it was too late. The hack has since been blamed on elements associated with the Chinese government.The U.S. government has provided victims with credit and identity theft monitoring for three years, but this likely provides little comfort to national security experts concerned about the potential intelligence ramifications of government employees’ sensitive personnel files in the hands of the Chinese government. The OPM case shows that the negative effects of data breaches go far beyond identity theft and monetary loss. Anthem, one of the largest health insurers in the United States, suffered a data breach in 2015 that resulted in the exposure of 80 million patients’ records, including “names, social security numbers, birthdays, addresses, emails and employment information.” There was no evidence that sensitive medical records were stolen as part of the breach, but the loss of protected personal information was substantial. Investigators suspect that Chinese state-sponsored hackers were behind the Anthem breach as well. As in the OPM case, Anthem has provided victims with credit monitoring and identity theft protection.
Consumers face threats to their personal privacy wholly separate from the types of unauthorized data breaches described above. Most notably, consumers face risks that their personal privacy will be violated by unauthorized corporate access, misuse, or misappropriation of their data. These claims of corporate misconduct can be grouped under a separate umbrella of “data misuse” issues. Data breaches relate to the unauthorized access to personal information by a third party. Data misuse or misappropriation, by contrast, involves the authorized — at least at some level—access to information by the party that holds that information for unauthorized commercial or other purposes.
Statistics on the scope of this problem are hard to come by, given the less public nature of the problem and the less tangible and immediate nature of the harm. In many cases, corporations sell or transfer consumer data to a third party without clear authorization from the consumer. One prominent example was the ChoicePoint debacle of 2005. In that case, ChoicePoint, a prominent data trader, admitted to selling personal information of 163,000 California residents—which they possessed legally—to identity thieves. At least 800 consumers had their identities stolen because of this incident. This case raised difficult data privacy dilemmas: ChoicePoint existed to sell personal information to legitimate businesses, but instead, they provided this information to a ring of identity thieves who had registered fake companies. The Federal Trade Commission’s (FTC) enforcement action resulted in a $15 million settlement, which was the largest civil penalty in the FTC’s history at that time.
In addition to improper sales to a third party, some data misuse cases focus on a corporation’s use of consumer data for its own purposes—generally to provide targeted ads or products to consumers. In 2012, it was revealed that Google had placed tracking cookies on Safari users’ computers to collect data on their web browsing preferences in order to provide targeted advertisements. Google then used this information to better target ads to users, in turn making their ad products more valuable to potential ad buyers. Presumably in response to consumer pressure, Safari, an Apple browser, created a tool to limit both the creation of cookies and the ability of cookies to track web browsing habits. In violation of a previous FTC settlement and its public pronouncements, however, Google proceeded to override the Safari tool and continued to use cookies to track Safari users. The result was extended litigation that eventually resulted in a $22.5 million FTC settlement.
A similar case was brought against Facebook for its use of members’ images in targeted advertisements known as “Sponsored Stories.” Unlike the case against Google, this was not a regulatory action brought on unfair competition grounds, but rather a class action brought on Right of Publicity grounds. The principal claim in this case, Fraley v. Facebook, Inc. — which is discussed further in the next section — was that Facebook misappropriated the plaintiffs’ images in paid advertisements without consent, and in so doing, unwillingly drafted them as unpaid and unknowing spokespersons for Facebook products. After the court denied Facebook’s motion to dismiss on newsworthiness grounds, the parties settled for $20 million.
Despite the successes just mentioned, the continuing problems of data breaches, data misuse, and the consequent failure of current laws to adequately deal with the problems is widely acknowledged. Notwithstanding the widespread recognition of the problems, there is little consensus on the appropriate legal mechanisms to prevent or punish data breaches or provide compensation to those harmed by such breaches. This Article surveys one approach to dealing with these problems: The pathways available through tort law.
But tort, of course, is not the only strategy for addressing the data breach concerns. Current legal approaches to dealing with data breaches can be divided into three main categories. First, regulatory strategies aimed at setting standards of data protection through stateBut tort, of course, is not the only strategy for addressing the data breach concerns. Current legal approaches to dealing with data breaches can be divided into three main categories. First, regulatory strategies aimed at setting standards of data protection through state and federal laws, and enforced either through the courts or federal administrative agencies. Second, information disclosure laws that require entities suffering data breaches to reveal to victims that their information has been lost or stolen, with the general hope that the market will favor companies with fewer breaches and thus provide competitive incentives for companies to protect data. And finally, ex post tort liability that allows victims to sue for damages, with the twofold goal of compensating victims and shifting the incentives of companies holding private data toward better data protection practices.
Before turning to tort (the third of these approaches), I will provide an overview in Part II of the regulatory enforcement and information disclosure strategies for addressing the problem of data breach. And following my assessment of tort remedies in Part III, I will offer some concluding thoughts, in a final Part, including a brief reprise on the potential for more proactive federal regulatory action under the mandate of the FTC.