[ad_1]
JUDGMENTS
Business purchaser did not have ongoing implied software
licence
On 8 June 2021, the Federal Court considered the factors to be
taken into account when determining the existence of an implied
software licence: QAD Inc v Shepparton Partners Collective
Operations Pty Ltd [2021] FCA 615. The proceedings related to
an alleged infringement of copyright by the purchaser, based on its
continued use of software licensed by the plaintiff to the vendor.
The licence agreement between the plaintiff and the vendor required
the plaintiff’s consent to an assignment, and the plaintiff
subsequently stipulated a transfer fee as a condition of
assignment. The purchaser declined to pay the transfer fee but
contended it had an implied licence to continue using the software,
essentially on the basis that the plaintiff had not objected to the
ongoing use of the software during the course of negotiations.
Thawley J concluded that an implied licence existed during the
period of negotiations between the parties regarding the transfer
fee, but once those negotiations lapsed, the implied licence came
to an end. It followed that the purchaser infringed the
plaintiff’s copyright through its continued use of the
software. Compensatory damages of $662,408.80 were awarded, being
the amount of the transfer fee plus a year’s maintenance fee,
together with exemplary damages under section 115(4) of the
Copyright Act 1968 for the purchaser’s “flagrant
breach”. In the latter regard, the court noted that the
software had been essential to the ongoing functioning of the
business, but this was no excuse: “The fact that,
commercially, [the purchaser] had little choice other than to use
the software does not make the infringement less flagrant; rather
it explains the reasons why the infringement was so
flagrant”.
Information Commissioner determines that Uber breached
APPs
On 30 June 2021, the Information Commissioner made a
determination under section 52(1A) of the Privacy Act 1988
that Uber Technologies Inc. and Uber B.V. interfered with the
privacy of approximately 1.2 million individuals in Australia by
failing to adequately protect the personal data of customers and
drivers which was accessed in a cyber-attack in October and
November 2016. The attack was directed at data stored in Amazon Web
Service’s Simple Storage Service. Specifically, Uber was found
to have breached Australian Privacy Principle (APP) 11.1 by failing
to take reasonable steps to protect personal information against
unauthorised access, and APP 11.2 by failing to take reasonable
steps to delete or de-identify personal information which was no
longer needed for a permitted purpose. Related to these breaches,
the Information Commissioner further determined that Uber had
breached APP 1.2 by failing to take reasonable steps to implement
practices, procedures and systems relating to its functions and
activities that would ensure that they complied with the APPs. In
making these findings, the Information Commissioner rejected
Uber’s submission that it did not, for the purposes of section
5B of the Act, “carry on business in Australia” due to
the absence of any direct contractual or other relationship with
riders or drivers in Australia, with the Information Commissioner
observing that “the fact that an activity which occurs in
Australia might be controlled or facilitated by actions of the
entity taken remotely and without the need for employees in
Australia, does not necessarily mean that no relevant activity is
performed by the entity in Australia”.
Federal Court overrides exclusive jurisdiction clause in Apple
case
On 9 July 2021, the Full Court of the Federal Court allowed an
appeal by Epic Games against a temporary stay of proceedings
granted to Apple Inc in a dispute over an Apple Developer License
Agreement: Epic Games, Inc v Apple Inc [2021] FCAFC 122.
In November 2020, Epic had commenced the proceedings in the Federal
Court alleging that Apple’s conduct in requiring developers to
(a) distribute iOS apps to Australian users through Apple’s
Australian App Store, and (b) only use Apple’s payment
processing system for in-app purchases, contravened Pt IV of the
Competition and Consumer Act (2010). As we have previously
reported in an earlier TMT Update and analysed in a separate article on our website, Apple had
sought a stay because the agreement provided that any dispute
relating to it must be litigated in the Northern District of
California, and in April 2021 Apple was granted a temporary (3
month) stay by the trial judge: Epic Games, Inc v Apple Inc
(Stay Application) [2021] FCA 338. Epic asserted in its appeal
that the primary judge erred in failing to give effect to
“overriding” public policy considerations that militated
against the granting of a stay, and in failing to find that there
were strong reasons to permit the proceeding to continue in the
Federal Court notwithstanding the existence of the exclusive
jurisdiction clause. Relying on the principles espoused by the High
Court in Akai Pty Ltd v People’s Insurance Co Ltd
(1996) 188 CLR 418, the Full Court concluded that the primary judge
had erred in granting a stay because, amongst other things,
enforcement of the exclusive jurisdiction clause would offend the
public policy of the forum, observing that “if contraventions
of Pt IV of the CCA are determined by foreign courts they will be
determined through the prism of expert evidence about the content
of Australian law . This process is not the same as ascertaining
and applying the law directly . One of the difficulties and
uncertainties involved in proving foreign law is the risk that
important aspects of the foreign law will be lost in
translation.” The Court acknowledged that exclusive
jurisdiction clauses are a significant feature of global commerce,
but this was outweighed by public interest factors such as the
forensic disadvantage of Epic litigating the matter before a
foreign court, the fact that the conduct in question was undertaken
in an Australian sub-market, and the fact that “the focus
should not only be on the nature of competition law, but the
significance of the statutory provisions which allow the Commission
to intervene, private parties to get the benefit of factual
findings and admission, and the relevance of the Federal Court
being chosen by Epic Games as the court of its choice”.
Software developer liable for breach of copyright
On 19 July 2021, the Federal Court of Australia ruled that a
software developer infringed copyright when developing software to
replace a program which had been sold to the applicant:
Campaigntrack Pty Ltd v Real Estate Tool Box Pty Ltd
[2021] FCA 809. The Applicant had previously purchased the
intellectual property rights in a product which competed with its
own real estate online software system. The vendor then created a
new product which the applicant alleged reproduced parts of the
source code of the purchased product. Thawley J rejected the
respondent’s contention that the original assignment related
only to the then-current version of the software, stating that such
an interpretation would be “defeating the whole purpose
underlying the parties’ transaction”. A breach of
copyright was evidenced by “many lines of source code which
matched exactly”, especially after taking account of “the
functionality of the matching code”. His honour also ruled
that the developer had, for the purposes of section 36(1A) of the
Copyright Act, authorised infringement by other developers
over whom he exercised supervision and control. The court found
that, in addition to breaching copyright, the respondent had
misused confidential information derived from the source code,
noting that it “would have been clear to a reasonable
person..that he was not free to deal with the information as his
own”.
Technology manufacturer liable for breach of confidence
On 26 July 2021, the Queensland Supreme Court delivered a
judgement which focusses attention on the effectiveness of
Non-Disclosure Agreements (NDAs) in technology
development contracts: Madritsch KG & Anor v Thales
Australia Ltd [2021] QSC 170. Bradley J ruled that the
defendant, a small arms manufacturer and supplier to the
Commonwealth, had infringed an NDA with the plaintiffs, both of
which were also involved in the firearms industry, regarding
details of a technological solution to a functional problem
affecting a service rifle used by the Australian Defence Force. The
defendant had been provided with technical details relating to the
Madritsch product with a view to deciding whether to manufacture
the Madritsch solution under licence. The defendant subsequently
opted, however, to develop its own solution and the principal issue
was whether Thales had made use of confidential Madritsch
information in the process. His Honour found for the plaintiffs and
in so doing, a number of fundamental considerations regarding the
effectiveness of NDAs were confirmed. These included: if the
subject matter of an NDA is precisely defined, the risks of the
agreement being void for uncertainty are reduced; the fact that the
information could have been independently created by the recipient
is of no relevance if the recipient in fact relied upon
confidential information provided by the discloser; information is
not necessarily in the public domain by virtue of the fact that it
has previously been disclosed in confidence to a third party; and a
time limit on the duration of the confidentiality obligation will,
if it is reasonable, reduce the risk of the obligation becoming an
unenforceable restraint of trade in circumstances where the
Restraints of Trade Act 1976 (NSW) applies. For a detailed
analysis of the case, refer to the article by Gordon Hughes on our website.
Blockchain invention deemed patent eligible
On 21 July 2021, the Australian Patent Office delivered a
decision discussing the patentability of inventions directed to
solving business problems using computer technology: Advanced
New Technologies Co Ltd [2021] APO 29. The patent application,
titled ‘Method and apparatus for processing transaction
request’, relates to a method for processing transactions using
a blockchain network, a form of distributed ledger characterised by
decentralisation, openness, and transparency. The invention
proposed to solve the problems surrounding privacy security issues
due to the decentralised nature of blockchains. Prior to the
hearing, the Examiner characterised the substance of the invention
as an abstract scheme on the basis that the invention was not
technical in character and required only generic computer
implementation, but the Delegate took a more nuanced approach,
reviewing the state of the art at the priority date with respect to
blockchain technology to better understand and distinguish the
invention. Although the Delegate was not satisfied that preserving
the privacy of blockchain nodes was a technical problem, they
considered that the invention nevertheless provided a technical
solution as “the critical steps of converting the transaction
data into an indecipherable data abstract and then generating a
transaction abstract based on digitally signed approvals from the
transaction nodes involves the application of information
technology techniques”, clarifying that the “fact that
[a] technique may be well-known does not make it any less
technical”. In deciding that the invention, although a
computer implemented technology, was more than a mere abstract
scheme, the Delegate acknowledged that preventing breach of privacy
data was a practical and useful result, where there is, on balance,
no reason why “technical improvements to fundamental
mechanisms” within a blockchain should not be patentable. The
case has, however, been remitted back to examination to reconsider
potential issues of inventive step. For a more detailed discussion
of this decision, see the article by Richard Brown, Isaac Tan and
Angie Chen on our website.
Data collection notification requirements under NSW privacy
legislation
On 27 July 2021, the New South Wales Civil and Administrative
Tribunal determined that a local council failed to comply with the
Information Privacy Principles contained in the Privacy and
Personal Information Protection Act 1998 (NSW) when handling a
complaint about a draft local strategic planning statement: EMF
v Cessnock City Council [2021] NSWCATAD 219. The proceedings
arose out of the council’s internal dissemination of a
complaint made by the applicant regarding a confidential code of
conduct issue. One interesting aspect of the decision related to
the means of satisfying Information Privacy Principle 3 in section
10 of the Act (“Requirements when collecting personal
information”), specifically, the requirement to notify an
individual as to the intended recipients of their personal
information. The Tribunal concluded that in accordance with IPP 3,
the council was required to take reasonable steps to notify the
Applicant prior to, or as soon as reasonably possible after, the
information had been collected. The Tribunal was of the view that
this requirement could have been met if the council’s webpage
(where complaints were lodged) had contained a link to a privacy
collection notice. The Tribunal commented that “while not
necessarily an IPP 3 notice, this is the general public privacy
statement of (or promise by) the Respondent to individuals about
the way the Respondent will handle their personal information and
any statements in it will, in the absence of an IPP 3 statement,
prevail over any inconsistent rights or exemptions given to Council
under the LG Privacy Code”. The link would probably have
sufficed because it could have been “referred to by
individuals in deciding whether to provide their personal
information to the Respondent”. The Applicant was awarded
compensation of $30,000.
Complex technology contract interpreted by Queensland Supreme
Court
On 28 July 2021, Justice Ryan in the Supreme Court of Queensland
delivered directions regarding the interpretation of a complex
contractual relationship between a US wireless network supplier, a
wholly-owned subsidiary and a Brisbane-based microwave and
millimetre wave radio technology supplier: BSO Network Inc and
Anor v EMClarity Pty Ltd (No 2) [2021] QSC 192. Her
Honour’s ruling had previously been handed down on 9 April 2021
but a redacted version has only now been published. Her Honour
found that the defendant supplier, EMClarity, had failed to comply
with its delivery obligations under a series of contracts and had
repudiated the principal supply contract by indicating an intention
to vary the timing of delivery. The defendant had advised the
plaintiffs that there would be a “pause” in delivery
whilst a “quality review” of its processes and products
was undertaken, but the court rejected the defendant’s
contention that this delay was permissible because the timing of
supply was conditional upon the completion of development of the
products pursuant to an earlier development agreement. Justice Ryan
relied upon well-established principles of interpretation in
finding that the parties had reached agreement on the terms of the
supply contract, notwithstanding the fact that the agreement was
concluded by laypersons and was not “legally perfect”. It
was an implied term of the principal supply agreement that the
goods would be delivered within a “reasonable time”,
although the court declined to speculate as to what a
“reasonable time” in this context would actually be. With
respect to the alleged disclosure of confidential material by the
defendant to a competitor of the plaintiffs, the court considered
the juxtaposition between contractual and equitable obligations of
confidentiality, concluding that whilst an equitable obligation can
co-exist with a contractual obligation, the equitable obligation
will not convert a contractually authorised disclosure into a
breach of a broader equitable obligation.
A machine can be an “inventor”
On 30 July 2021, the Federal Court of Australia ruled in a
world-first decision that artificial intelligence (AI) can be named
as the inventor on a patent application: Thaler v Commissioner
of Patents [2021] FCA 879. The invention was described as
“DABUS”, being an acronym for a device for the autonomous
bootstrapping of unified sentience. Dr Thaler was the owner of
copyright in the DABUS source code and the owner and operator of
the computer on which DABUS operates, but he was not named as an
inventor because the substantive innovative work was autonomously
generated by DABUS using artificial neural networks. Beach J noted
that there is no definition of “inventor” in the
Patents Act 1990 (Cth), the Act does not mandate that the
named entity be an actual inventor, and the Act does not state that
the inventor must be a human. His Honour considered that to deny
grant of a patent for an otherwise patentable invention because the
inventor is not a natural person would be the antithesis of the
object of the Act to “provide a patent system in Australia
that promotes economic wellbeing through technological innovation
and the transfer and dissemination of technology.”. He further
observed that the recognition of AI as being capable of
inventorship would incentivise the development of creative machines
and lead to new scientific advantages, where they might otherwise
be protected as trade secrets. The Australian patent application at
issue was filed by Davies Collison Cave on behalf of Dr Thaler -
for a detailed analysis of the decision, refer to the article by
David Webber, Claire Gregg and Courtney White on our website.
Google Ads suggesting government affiliation were
misleading.
On 13 August 2021, the Full Court of the Federal Court upheld an
appeal by the Australian Competition and Consumer Commission (ACCC)
against a trial judge’s ruling that Google Ads for a workplace
relations consultancy were not misleading: Australian
Competition and Consumer Commission v Employsure Pty Ltd
[2021] FCAFC 142. The trial judge had rejected the ACCC’s
assertion that the Google Ads falsely represented that the company
had a government affiliation. The Full Court overturned the trial
judge’s decision, finding that the respondent had infringed
sections 18, 29(1)(b) and 29(1)(h) of the Australian Consumer
Law. Section 18 prohibits a company engaging in misleading or
deceptive conduct; section 29(1)(b) prohibits a false or misleading
representation that services are of a particular quality or
standard; and section 29(1)(h) prohibits a false or misleading
representation that a person has a sponsorship, approval or
affiliation. Whilst the finding is in some respects fact-specific,
the reasoning of the Court is instructive. The target audience in
this case comprised “business owners who are employers and who
search for employment-related advice on the internet”, and the
Court considered that the primary judge erred by attributing to
this audience “too high a level of shrewdness or wariness,
digital literacy, and/or commercial sophistication” and also
in the view he reached “as to the level of attention or
scrutiny that the ordinary or reasonable business owner was likely
to give to the advertisements”. Specifically, the Court
considered that it was incorrect for the trial judge to conclude
that “an ordinary or reasonable business owner taking
reasonable care of his or her own interests would have discerned
that each of the Google Ads was an advertisement for privately
provided employment-related advice which was not associated with
any government agency”.
Disclosure of settlement deed to insurer does not infringe the
privacy of litigant.
On 21 August 2021, the New South Wales Civil and Administrative
Tribunal ruled that the disclosure of a settlement deed by the
Police Force to its workers compensation insurer did not contravene
the Privacy and Personal Information Protection Act 1998
(NSW): BVV v Commissioner of Police [2021] NSWCATAD 250.
The settlement involved a holistic resolution of a number of
issues, some of which related to a workers compensation claim and
some of which were unrelated. The Applicant claimed he was unaware
that an insurer was represented at the mediation which led to the
settlement. The case essentially turned on section 18 of the Act
which places limits on the disclosure of personal information by
public sector agencies. Section 18(1)(a) permits disclosure if
“the disclosure is directly related to the purpose for which
the information was collected, and the agency disclosing the
information has no reason to believe that the individual concerned
would object to the disclosure”. The Tribunal concluded that
the Applicant’s personal information contained in the Deed
(including information not relating to the workers compensation
claim) was collected by the Respondent for the purpose of managing
the Applicant’s claims and complaints, and disclosure of the
Deed to the insurer in order to facilitate the payment of
settlement sums was “directly related” to the collection
of that information. The Tribunal also considered that, on the
facts, it was “difficult to understand how the Respondent
could possibly have had reason to believe that the Applicant would
object to the disclosure of the Deed”.
Federal Court grants injunction to US video game
publisher.
On 27 August 2021, the Federal Court issued declaratory and
interlocutory injunctive relief for copyright infringement in
favour of a US video game publisher against a local developer:
Take-Two Interactive Software Inc v Anderson [2021] FCA
1024. The respondent’s program “Infamous” allowed
players of the applicant’s game “Grand Theft Auto” to
gain certain advantages over other players by taking actions
in-game that players who did not have the software installed could
not. A self-executing order, with which the respondent had failed
to comply and which the respondent unsuccessfully sought to set
aside, had been issued on 16 April 2021 requiring the respondent to
file and serve evidence within 7 days or else judgement would be
entered in favour of the applicant. In rejecting the
respondent’s application to set aside the earlier judgement,
Nicholas J took into account four considerations: the
respondent’s explanation for the default; whether the
respondent had an arguable defence; whether the respondent would
suffer prejudice if the order were not made; and whether the
applicant would suffer prejudice if the order were made. The Court
ruled that the applicant was entitled to declaratory and injunctive
relief for copyright infringement and also, subject to proof, any
applicable pecuniary remedy. The Court declined, however, to grant
relief in respect of alleged contraventions of Part V Division 2A
of the Copyright Act, his honour noting that there was no
evidence at this point to indicate whether the applicant’s
anti-cheat tools which the respondent interfered with were
“technological protection measures” within the meaning of
s 116AO of the Act or “access control technological protection
measures” as defined in s 10 of the Act.
NEW LEGISLISATION & GUIDELINES
Intergovernmental data sharing scheme commences
On 9 July 2021, the Intergovernmental Agreement on Data
Sharing between Commonwealth and State and Territory
Governments came into effect when it was signed by the
National Cabinet. The Agreement commits all Australian
jurisdictions to share public sector data as a default positon,
subject to the process being completed “securely, safely,
lawfully and ethically”. The Agreement is premised on the
proposition that “access to data is critical for policy,
service delivery, and government decision making”, and that
“data held by one government can be valuable to another
government in delivering its activities”. The Agreement
encompasses, amongst other things, routine administrative data,
statistics and reference data, and de-identified and identifiable
data required for emergency situations. “Identifiable
data” is defined as “data consisting of personal
information, where an individual is identifiable or reasonably
identifiable”. A schedule to the Agreement establishes a
mechanism for determining “national priority areas” and a
prioritisation process. The operation of the Agreement will be
reviewed after two years.
POLICIES, REPORTS & ENQUIRIES
Government commences consultation on online safety
expectations.
On 8 August 2021, the Australian Government commenced public
consultation on an exposure draft of the Online Safety (Basic
Online Safety Expectations) Determination 2021. We have
previously reported that on 23 June 2021, the Australian Parliament
passed the Online Safety Act 2021. The Act will commence
on 23 January 2022. The draft Determination includes the
Government’s core expectations, which are specified in the Act,
as well as a number of additional expectations. Service providers
are expected to take reasonable steps to meet these expectations in
order to uphold the safety of Australian end-users on their
services. The eSafety Commissioner also has the power to require
service providers to report on their compliance with these
expectations. Until now, the Government’s expectations of
industry have been articulated in the soon-to-be-superseded basic
online safety requirements Enhancing Online Safety Act
2015, the safety Commissioner’s Safety-by-Design
Principles, and the Online Safety Charter, none of which have any
legal or regulatory enforceability. Part 4 of the new Act sets out
the requirements for the determination of the basic online safety
expectations for social media services, relevant electronic
services and designated internet services, and the requirements for
compliance reporting by industry. The ultimate objective is to
establish a benchmark for online service providers to take
proactive (rather than reactive) steps to protect the community
from abusive conduct and harmful content online.
Discussion paper foreshadows cyber security code under the
Privacy Act.
On 26 August 2021, the Australian Government issued a Discussion
Paper seeking public feedback on Australia’s cyber security
laws: Strengthening Australia’s cyber security regulations
and incentives. Two issues of particular interest raised for
discussion involve the prospect of a Security Code being issued
under the Privacy Act 1988, and the prospect yet again of
enacting a statutory privacy right. In relation to the Privacy
Act, the Paper drew particular attention to Australian Privacy
Principle 11 which establishes an obligation to keep personal
information secure, and Part IIIC which establishes the mandatory
data breach notification scheme with respect to “eligible data
breaches”, and expressed concern that current laws may not
provide “sufficient clarity about cyber security
expectations”, whilst the Information Commissioner’s
enforcement powers were compromised because they were based on an
“escalation model”. The Privacy Act nevertheless
had “the greatest potential to set broad cyber security
standards (albeit only in relation to personal information)”,
particularly if a privacy code could be established under Part IIIB
of the Act to provide clear expectations about how Privacy
Act entities should meet their existing cyber security
obligations under APP 11. A cyber security code could
“harmonise international standards and offer opportunities to
Australian businesses to market their security credentials
internationally”. In relation to a statutory privacy right,
the Discussion Paper postulated that “a direct right of action
could give individuals greater control over their personal
information and provide an additional incentive for entities
covered by the Privacy Act to comply with their
obligations under the Act”.
HEALTH PRIVACY ISSUES
Medical information is not always “personal
information”
On 16 August 2021, the New South Wales Civil and Administrative
Tribunal delivered a ruling on whether information regarding a
police officer’s medical fitness for work was “personal
information” within the meaning of section 4(3) of the
Privacy And Personal Information Act 1998 (NSW): DTN v
Commissioner of Police [2021] NSWCATAD 240. The applicant had
been discharged from the Police Force due to a workplace injury,
and he complained that inaccurate information about his condition
had been provided by his employer to its workplace insurer, in
breach of the “accuracy principle” in section 16 of the
Act. The respondent contended that it was exempt from compliance
with the accuracy principle by virtue of section 4(3)(j) which
excludes from the definition of “personal information”
any “information or an opinion about an individual’s
suitability for appointment or employment as a public sector
official”. The application was rejected by the Tribunal which
ruled that the “content of the information collected and
contained in the Document relates to DTN’s fitness to continue
working” and that “the context in which the information
relates has been stored by the Respondent to assess the ability of
DTN to continue in his employment specifically from a medical
perspective”, thus enlivening the section 4(3)(j)
exemption.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
[ad_2]
Source link
