My practice traverses multiple public and private industry sectors including financial services, mining and resources, government, health, pharmaceutical and biotechnology, ecommerce and telecommunications.

I bring a heightened understanding and sharp commercial focus to technology transactions, having established and managed a software start-up.

I am a frequent commentator, platform speaker, author and guest lecturer on a wide range of legal and commercial issues across the technology sphere.

• Australian Unity: on as-a-service arrangements for the procurement of cloud-based spend management software.
• Hostplus: on the outsourcing of its core IT functions, including end user computing, platform services, network services, security services, access management services and messaging and collaboration services.
• Australia Post: on the procurement of its whole-of-enterprise telecommunications requirements (including data, telephony, security, mobility and digital media). We also advised on a number of significant variations to this contract, including in relation to the Australia Post Digital Mailbox (APDM) service.
• 7-Eleven: on the re-negotiation of its whole-of-enterprise telecommunications arrangements with Telstra (covering voice, mobile and data).
• SingTel Optus: on its A$1b+ whole-of-enterprise telecommunications agreement with ANZ to provide domestic and international voice and data services, mobile services, contact centre and managed services globally for a further five years.
• NBN Co Limited: on numerous IT procurements (including for platform services), updating its standard master services agreement for the procurement of IT services, and various other IT-related issues.
• Emergency Management Victoria (part of the Department of Justice): on strategic issues relating to the renegotiation of emergency telecommunications arrangements, having regard to the Victorian Government's Long Term Communications Plan.
• RMIT: in relation to numerous technology projects, including the procurement of data centre services (for its disaster recovery centre) from NTT; the procurement of digital transformation services from Cap Gemini; and the procurement of a replacement learning management system.
• Victorian Department of Premier and Cabinet: on the TPAMS2025 whole of government telecommunications procurement project, which creates a new state purchasing and management strategy to procure whole-of-government data, voice, mobile and internet services.
• Victorian Department of Premier and Cabinet: on the Service Victoria project, which involved the procurement of platform development and systems integration services to create a single point of contact portal for individuals interacting with the Victorian Government.
• Victorian State Revenue Office: advised on the platform agreement between the State Revenue Office and Property Exchange Australia (PEXA) relating to the implementation of the landmark national electronic conveyancing system for the online processing of conveyancing, settlement and lodgement of land dealings in Australia (which included addressing payment and risk allocation issues).
• Recognised for his expertise in Best Lawyers in categories of Information Technology, Outsourcing, and Privacy & Data Security; in Chambers and Partners (Asia Pacific) in IT & Telecommunications; and in Legal 500 Asia-Pacific in IT & Telecoms.

Education
LLM, LLB (Hons), BComm

• Member, Advisory Board for the University of Melbourne's Centre for Media and Communications Law

• Decrypting the Decryption Bill

  By Paul Kallenbach |October 2018

• Decrypting the Decryption Bill

  By Paul Kallenbach |October 2018

• When IT Hurts, it Hurts: Cyber Attacks and Regulatory Action

  By Paul Kallenbach, James Patto |August 2016

• Google can be sued for defamation over auto-completions and image search results
  The High Court has held that search term auto-completions are capable of being defamatory and stated that search engines should not be immune from defamation claims.
• Facebook found to be carrying on a business in Australia by the Federal Court
  

  The Full Federal Court has found that there is a prima facie case that Facebook Inc is carrying on a business in Australia.

• ASIC’s call to mitigate cyber risk – or face regulatory consequences
  

  The regulatory stakes for financial services organisations were highlighted in a recent case, with judicial recognition of the heightened cyber risk environment and the obligation to take steps to mitigate that risk.

   

• Decrypting the decryption Bill
  

  Following a short period of public consultation, the Telecommunications and Other Amendments (Assistance and Access) Bill 2018 (Cth) (Bill) has been introduced into Parliament. Despite the extensive public concerns raised with the Exposure Draft version, only a small number of amendments have been made to the Bill.

  
  

• APRA updates guidance on cloud computing
  

  APRA has released updated guidance for regulated institutions operating and managing cloud computing services, to assist in enhancing their associated risk management practices.

• Manners maketh the copyright infringer: Court awards $60,000 'additional damages' for defendants' behaviour in copyright case
  
• Is your organisation ready for Smart Legal Contracts?
  

  Smart legal contracts are different from the classic 'smart contracts' on which media hype has focused. Their key features mean that smart legal contracts may be used to effectively automate certain functions, helping to reduce costs and increasing efficiency. We look at their key features in a three part series.

• The ethics of artificial intelligence: laws from around the world
  In this article, we examine the creation of frameworks for the ethical use of AI in Australia and globally.
• How to address technology and cyber risk during the COVID-19 pandemic
  As organisations and governments across the globe mobilise to deal with the significant health, economic, social, political and logistical challenges raised by COVID-19, it's important that technology and cyber issues arising from the pandemic are recognised and appropriately addressed.
• SOCI | Consultations open for critical infrastructure risk management program rules
  

  Consultation has begun on the risk management program requirements under the new Part 2A of the Security of Critical Infrastructure Act 2018 (Cth). What do the proposed rules look like – and what steps should affected organisations take in preparing for their implementation?

• How to navigate the cloud services procurement process
  

  Our experts explain how to overcome the challenges that may arise during cloud contract negotiations.

• Breaking down the Facebook copyright post that went viral
  
• Lessons from the Financial Services Royal Commission about how to use technology
  Organisations in all industries can learn from the Financial Services Royal Commission about how technology can be used to ensure compliance and create a better customer experience.
• What next for the St Kilda schoolgirl?
  
• Twitter's terms of service do not allow unlimited use of content by third parties
  
• Caution: certain facial recognition technology contravenes privacy law
  

  The use of facial recognition technology is on the rise, but the regulator cautions about privacy compliance requirements.

• The federal government continues pledge to innovation in the FY18/19 budget
  

  The federal government has continued its pledge to innovation in the FY18/19 budget. In part, the government is funding the commitments via various changes to the R&D Tax Incentive scheme, which is projected to save $2.4 billion over 4 years.

• Sherlock Holmes and the case of the literary character copyright protection
  
• You spent $3.5m on what?! Spice DAO, Dune, NFTs and copyright
  

  Cryptocurrency-backed consortium Spice DAO purchased a rare copy of an adaptation of 'Dune' under the apparent misconception that by owning the physical book, the group would also own the underlying intellectual property rights in the book. This highlights some important misconceptions around buying NFTs.

• My learned friend (request): social media and legal ethics
  
• Incident reporting and asset register obligations now in effect under SOCI
  

  On 6 April 2022, the Minister for Home Affairs enacted the Security of Critical Infrastructure (Application) Rules (LIN 22/026) 2022 (Cth) (Rules), which 'turn on' the incident reporting and asset register obligations for some sectors and assets under the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act).

   

• Think before you link - defamation and hyperlinking
  
• Instagram's backflip
  
• The Pirate Bay claims copyright infringed by anti-piracy group
  
• 'SUNNY ROO' infringes 'SUNNY BOY'
  
• Patent licences - some guidance from the courts
  
• Is the ACCC becoming a second privacy regulator?
  The ACCC has issued proceedings against Google for allegedly mising consumers about the collection and use of location data.
• All signs point to mandatory data breach notification in Australia
  
• FSRC Final Report: technology and data implications
  

  Our team discusses how technology can assist in implementing the Financial Services Royal Commission's recommendations.

• Decryption laws update - what's the latest?
  
  
• Google fined $60 million for misleading and deceptive conduct
  

  In the first public enforcement outcome arising from the ACCC's Digital Platforms Inquiry, Google has been fined for mising consumers.

• Notifiable Data Breach scheme: the Australian Privacy Watchdog's latest figures
  The OAIC has released its latest Notifiable Data Breach reporting statistics. In this article we crunch the numbers and summarise the key highlights of and take-outs from the OAIC's report.
• Changes to critical infrastructure laws in 2021: is your sector impacted?
  

  The Security Legislation Amendment (Critical Infrastructure) Bill 2020 (Cth) is currently before Parliament and may increase the regulatory burden for those responsible for critical infrastructure assets in designated 'critical' sectors, as well as the government's powers over those assets.

• Early cracks in the 'Crypto Winter': Will regulation beat the chill?
  

  2022 saw many regulatory developments in Australia's crypto ecosystem, and 2023 is bound to see more. We go through the timeline of significant crypto events in Australia and globally, and their implications.

• Super injunctions, privacy and the media
  
• SOCI Round 2 - Security of Critical Infrastructure regime update
  

  Part two of the Security of Critical Infrastructure law and the Part one Rules have been released as exposure drafts for comment. We consider their content and potential impacts.

• When is an exclusion clause not an exclusion clause?
  
• ACCC appeals: the dispute with Medibank continues
  

  The ACCC has appealed the decision of the Federal Court in proceedings commenced by the ACCC against Medibank Private Limited in relation to its communications (or failure to communicate) with its members.

• Victorian Parliament considers regulation of R18 computer games
  
• Federal Government considers mandatory data breach notification
  
• New privacy bill proposes tougher penalties and powers for serious privacy breaches
  

  In the wake of recent high profile data breaches, the federal government has introduced proposed amendments to Australian privacy law to significantly increase the penalties for privacy breaches, and give the regulator greater powers.

• SOCI equivalent incident reporting and asset register obligations now in effect for Telcos
  

  A new licence condition and determination have been issued by the Minister for Communications, imposing SOCI equivalent obligations on carriers and eligible carriage service providers (CSPs).

• What you can learn from the new proceedings issued against Google
  

  We look at the ACCC's increasing willingness to scrutinise privacy-related consumer issues, and provide some useful guidance around organisations' compliance with privacy protections through the lens of consumer law.

• Penalties and technology contracts after Andrew v ANZ
  
• Termination for convenience clauses - be clear and be aware
  

  Termination for convenience clauses are a common enough feature of technology contracts. But just how convenient are they when a party comes to exercise their termination rights under them?

• Should you get bent out of shape pursuing trade mark registration for a shape?
  
• ACCC recommends protections for consumers using customer loyalty schemes
  On 3 December 2019, the ACCC released its Final Report in relation to Customer Loyalty Schemes, and called for a range of privacy and consumer reforms.
• OAIC investigation clears Centrelink of wrongdoing over public release of personal information
  

  The OAIC controversially confirms Australian entities can publicly release individuals' personal information in broader circumstances than you might expect.

• Map to the future: Australian Government releases a roadmap for developing AI capability in Australia
  The global race to in AI is underway. The Commonwealth Government has recently contributed to the discussion with the release of Australia's AI Roadmap. It promotes strategies designed to advance Australia's AI capability and realise AI's potential for boosting industry productivity, creating jobs and economic growth, and improving the quality of life for Australians.
• COVID-19: Navigating privacy laws in the workplace
  

  Organisations need to consider privacy laws in deciding how to respond to COVID-19 in the workplace. This applies to taking employees’ temperatures and notifying others when an employee is diagnosed as having COVID 19 or may potentially have the disease. We consider the privacy laws for private sector organisations in NSW and Victoria. (Similar considerations will likely apply in other states and territories.)

   

• How should government manage data from C-ITS and autonomous vehicles?
  

  On 27 September 2018, the National Transport Commission released its discussion paper 'Regulating Government Access to C-ITS and Automated Vehicle Data'. The following article looks at its implications.

• How might the new Identify and Disrupt laws impact you?
  

  Federal parliament has passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Identify and Disrupt Law), which introduces new law enforcement powers to combat serious online crime.

• Exclusive patent licences and standing to sue – a green light for commercial 'work arounds'
  
• Is it legal to pay a ransomware demand – and other critical questions
  

  With ransomware attacks a growing concern across the financial services sector, our experts have answered some key questions around how to mitigate and manage the risk.

• UK expands fair dealing exceptions, but not as far as planned (yet)
  
• Is 'reproduction' for copyright infringement a chicken & egg debate?
  
• Full steam ahead: High Court dismisses Valve Corporation’s application for special leave
  High Court dismisses Valve Corporation’s application for special leave to appeal finding of mising and deceptive conduct in online sale of games.
• Back to basics negotiating IP rights in technology development agreements
  

  Whether you are commissioning an app or having a developer create a website, it is important to ensure that you enter into a robust agreement with the developer that protects your IP and confidential information and maximises your return on investment.

• Now is the time for action on cyber risk management says MinterEllison
  

  Cyber attack a heightened business risk in the COVID-19 environment & beyond –MinterEllison Perspectives on Cyber Risk 2020 Report launched.

• ACCC calls for privacy law reform and a move towards GDPR-style privacy laws
  

  The ACCC's Digital Platforms Inquiry Final Report (Report) confirms what is already clear – there is a proliferation of digital data and the broad range of ways that organisations (not only digital platforms) now use data has resulted in a complex inter-relationship between innovation, data commercialisation, privacy rights and consumer rights.

  According to the ACCC, amendments to the Privacy Act are necessary to address an imbalance that have arisen in these relationships.

• What does 'material breach' mean?
  
• Private and confidential: dealing with personal and confidential information in the liquidation process
  
• $2.9m fine for misleading conduct relating to disclosure of personal information
  

  Where misuse of personal information amounts to mising deceptive conduct under the Australian Consumer Law, the ACCC has shown that it will take action.

• The Consumer Data Right – opening data access to drive competition
  

  The Turnbull government has committed $65 million over four years to reform the national data system. A cornerstone of those reforms will be the introduction of a Consumer Data Right.

• Demystifying Smart Legal Contracts
  

  We demystify smart legal contracts, set out the difference between smart legal contracts, 'smart contracts' and electronic data interchange systems, and explain how blockchain fits in.

• Corby family in the copyright spotlight
  
• COVID-19: Managing electronic execution while keeping socially distant
  

  With social distancing rules implemented as a result of COVID-19, we have seen a renewed and pressing focus to adopt electronic execution. There are several implications and considerations that organisations need to be aware of to ensure their contracts are still enforceable.

• Apotex v Sanofi-Aventis continued: High Court upholds patentability of methods of medical treatment - but finds no infringement
  
• Facial recognition technology: who’s watching?
  

  We look at recent developments in facial recognition technology, including the investigation into technology developed by Clearview AI.

• 2017 Perspectives on Cyber Risk
  

  In late 2016 we conducted our second annual cyber security survey, to assess changes in Australian organisations’ cyber resilience over the past 12 months.

• Non-fungible tokens and digital assets – what's the deal?
  

  The art world is abuzz as a bizarre and potentially lucrative new market has emerged for digital artists known as non-fungible tokens (or NFTs). People operating in the digital marketplace need to understand the rights attached to NFTs so that they can trade with confidence.

• Tobacco plain packaging: when a taking is not an acquisition
  
• The sung sound of a song: copyright is in the air
  

  A recent case around Australian pop classic, 'Love is in the Air' has added a layer of complexity to copyright considerations in songs. Two species of copyright work comprised in a song – musical and literary – are no longer strictly separate.

• SOCI Risk Management Program requirements now in effect
  

  On 17 February 2023, the Security of Critical Infrastructure Risk Management Program Rules commenced. The clock is now ticking for impacted responsible entities to become compliant with the risk management program obligation under the Security of Critical Infrastructure Act.

   

• The 'Australia tax' and the report into IT pricing
  
• The vexed issue of 'orphan' copyright works
  
• Cyber risk threat increasing and a top governance risk
  

  Perspectives on Cyber Risk 2021 highlights the increased action of regulators on cyber risk and how it is a key governance issue for boards and senior executives.

• Consequential loss - a state of confusion
  
• The ACCC continues its foray into data privacy in ACCC v Google
  

  The ACCC has partially succeeded in its action against Google for mising consumers about the collection and use of user location data, in a decision that may encourage further enforcement action in the context of data and privacy.

• Will the show go on? Victory for iiNet in the Federal Court
  
• Service providers to be guided into the safe harbour: Copyright Amendment (Service Providers) Bill 2017 (Cth)
  After intense lobbying from various parties on both sides of the debate, additional service providers are on the verge of being welcomed into the copyright safe harbours.
• Video: Australia's new privacy regime - overhauling of the Commonwealth Privacy Act
  
• Current state of play for the Consumer Data Right
  The proposed legislative framework for the new CDR, which was to come into effect through the Treasury Laws Amendment (Consumer Data Right) Bill 2019 (Bill) has lapsed in Parliament. In this article, we provide an update on the status of the CDR regime.
• OAIC releases its annual report for 2019-2020
  

  The OAIC's 2019-2020 annual report (OAIC Report) was published on 15 October 2020, and provides a thorough review of the OAIC's functions over 2019-2020. This post details some of the key items set out in the OAIC Report.

• Unfair contract terms regime extended to 'small business contracts' - implications for IT contracts
  
• Canadian Federal Court considers online copyright infringement
  
• Lessons on privacy, data protection and trust in financial services
  Financial institutions are faced with a number of regulatory, social and ethical considerations and challenges in approaching the protection of their customers' data. The right approach isn't always easy to determine.
• SOCI Round 2 – law reform now enacted
  

  The second tranche of the Security of Critical Infrastructure laws passed on 31 March 2022 and commenced on 2 April 2022. The Rules will shortly undergo final consultation. We outline the latest amendments and need for prompt compliance action.

• Insights one year on from Australia's Notifiable Data Breach scheme
  A year on from the introduction of Australia's NDB Scheme, the OAIC finds that data breach notifications have increased by over 700% with the health and finance sectors most affected.
• Emerging standards for emerging technologies: consulting on AI Standards
  

  Standards Australia has commenced a consultation to carry forward standards-building efforts informing the development of artificial intelligence (AI) solutions in Australia.

• No copyright in White and Yellow Pages directories in Australia – Telstra’s appeal fails
  
• Business email compromise - do you know who that email is really from?
  

  Old and new combine in the form of business email compromise (BEC), a type of fraud, which has targeted everyone from individuals to major-multinational corporations. As one of the most common and successful contemporary frauds, how can organisations mitigate against them?

• Decoding the proposed Online Privacy Code and the Privacy Act Review
  

  The Attorney-General's Department is continuing to progress broad privacy reform to reflect the new requirements of the 'digital age'. In two parts, we examine in detail the recently published Privacy Act Review Discussion Paper and the exposure draft of the Online Privacy Bill.

   

   

• Increased potential for cyber attacks | Urgent steps to mitigate risk
  

  In light of the rapidly evolving situation in the Ukraine, organisations – especially owners and operators of critical infrastructure assets – should be on alert for potential cyber attacks, particularly through the use of malware and ransomware.

• Australia's evolving privacy regime
  

  Recent significant changes in Australia’s privacy and data protection regime, bring our legislation more in line with international standards. As a result, many Australian agencies and organisations are now subject to new compliance obligations under the notifiable data breaches (NDB) scheme and increased scrutiny.

• Australias new data retention laws
  
• Privacy decision highlights importance of collection notices
  
• Mitigating the risk of automation with smart legal contracts
  

  We discuss the risks around automation of contractual obligations and how well-drafted smart legal contracts (SLCs) can help mitigate this risk.

• COVID-19: Business continuity and software licensing risk
  

  COVID-19 will test an organisation’s business continuity and could potentially expose software licensing risks.

   

• Giving Redbubble hell – is it justified by law or is it ganging up?
  This article explores the recent judgment handed down by the Federal Court concerning infringement of intellectual property rights subsisting in the Hells Angels' insignia.
• Top tips for cloud procurement
  Cloud services continue to provide opportunities for customers to increase innovation and efficiency and decrease costs. But how do you protect your interests when procuring cloud services and ensure that the services live up to the hype? Here are our legal and commercial experts' top tips.
  
• A new chapter in Facebook: from self-regulation to 'inevitable' regulation?
  

  From 270,000 to 87 million – and counting

   

• Federal Court interprets 'personal information'. What's it all about people?
  
• Mitigating cyber threats in mining
  

  The mining sector faces an increasing risk of cyber attacks and heightened regulator proactivity. We reflect on cyber resilience in mining following a panel on 'How Mining and Resources can Better Mitigate Physical and Cyber Threats' at the 2022 International Mining and Resources Conference (IMARC).

• ACCC seeks to restore balance in the media industry
  The ACCC's Digital Platforms Inquiry Final Report (Report) has made recommendations that could significantly impact the regulation of the media industry and digital platforms, and the future for media organisations in the digital era.
• First international privacy standard released
  A new ISO standard will assist organisations to meet privacy-specific requirements, irrespective of the jurisdictions in which they operate.
• iSpy: how an Apple iOS feature can turn your iPhone into a listening device
  A feature on Apple iOS devices which allow users to hear a conversation up to 15 metres away has highlighted Australia's patchwork surveillance device laws, emphasising the need for national reform.
• US Supreme Court rejects challenge to warrantless surveillance laws
  
• Emerging trends from the OAIC Notifiable Data Breaches Report
  

  The Office of the Australian Information Commissioner released its Notifiable Data Breaches Report, covering January to June 2021. We break down the numbers and provide insights on the emerging trends.

• Latest developments on the Consumer Data Right
  

  With the Treasury Laws Amendment (Consumer Data Right) Act 2019 (Cth) receiving Royal Assent, the ACCC has released a lock-down version of the proposed Consumer Data Right Rules for the banking sector, as well as a 'phasing summary table', which outlines key dates for the adoption of Rules across all sectors.

• NZ infringer ordered to pay up
  
• When IT hurts it hurts cyber attacks business interruption and loss of intellectual property
  
• Copyright: 18 months of developments and decisions
  It's been an active and interesting 18 months in the ever-changing Australian copyright sphere. From copyright reform to copyright in compilations, from the dangers of litigation to the unlicensed use of stock photography, we've collated a summary of the more significant developments over that period which may be helpful or instructive when similar issues arise.
• OAIC releases its second quarterly report on the NDB scheme
  

  Our team reviews the Office of the Australian Information Commissioner (OAIC)'s second quarterly statistics report on the Notifiable Data Breaches (NDB) Scheme, and highlight some important lessons for organisations navigating the evolving privacy regulatory regime in Australia.

• Perspectives on cyber risk: new threats and challenges in 2022
  

  Our 2022 cyber risk report reveals an increasingly challenging cyber security landscape. Organisations face geopolitical threats, increasing ransomware attacks and new legislation. How can organisations mitigate risk?

• The copyright fair use debate: A European perspective
  
• Fearless Girl caught in corporate crosshairs
  

  This recent case is a timely reminder for businesses to obtain targeted legal advice when entering agreements relating to the use of intellectual property to ensure that the terms properly address what uses are permitted and restrictions are imposed.

• ACCC calls for competition reforms that will impact digital platform operators and beyond
  The ACCC has concluded its long-running Inquiry into digital platforms in Australia. It set out its findings and a detailed set of recommendations in its final report released on 26 July 2019.
  
• Trade mark ownership: the Insight scoop to avoid refusal
  The recent Full Federal Court decision of Pham Global Pty Ltd v Insight Clinical Imaging Pty Ltd highlights the danger of filing a trade mark application in the wrong name.
• New privacy law sees tougher penalties and enforcement powers for serious and repeated privacy breaches
  

  The Australian federal government has passed the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022.

• The robots are coming: artificial intelligence, ethics and the law
  

  How is artificial intelligence changing our daily lives? How do we ensure that change is for the better?

• Financial services institutions need to increase focus on cyber security
  

  How does cyber risk affect the financial services industry? We explore in our new report, Perspectives on Cyber Risk 2021.

• Schrems II: What the end of the EU-US Privacy Shield means in Australia
  

  A recent decision immediately impacts transfers of data from the European Union to the United States and may also have implications for Australian organisations wishing to transfer personal data from the EU to Australia. We discuss the case and its implications.

• The future of the decryption laws remains in limbo
  

  Following the controversial passage of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (TOLA Act) (colloquially referred to as the 'decryption laws') in December last year, the Senate referred the operation of the TOLA Act to the Joint Committee for inquiry and report.

• Cyber Security reforms | 6 key proposals
  

  The Australian Government is consulting on regulatory changes targeted at improving the country's cybersecurity infrastructure and readiness. Feedback is due by 27 August 2021.

• Privacy Commissioner's draft APP guidelines - white papers
  
• Software patents: some recent international developments (and their repercussions for Australia)
  
• Technology issues in M&As: how IT impacts deal value
  

  Realising maximum value is critical to the success of an M&A transaction – but information technology (IT) is an often overlooked, yet critical aspect of such transactions.

• Government invites comments on new data sharing and release laws
  

  The Commonwealth Government is planning to adopt new data sharing and release laws to facilitate greater access to Government data and is seeking feedback from the public on its proposals following the release of an issues paper.

• Perspectives on Cyber Risk 2020
  

  In our report, we reveal the trends and attitudes towards cyber risk over the last year. As 2020 ushers in a global pandemic, these risks and concerns have intensified, and the need for action is more urgent than ever.

• The COVIDSafe app - five key considerations
  

  The Australian government’s contact tracing app ‘COVIDSafe’ is now available for download. How can the personal data collected be used? We set out five key considerations about the COVID-19 app, looking at how privacy is protected.

• Copyright, compilations, originality and IceTV: Tonnex International v Dynamic Supplies
  
• eInventor 2.0 – Patents in the age of AI
  

  In a landmark decision, Justice Beach of the Federal Court of Australia has made the first judicial determination that recognises artificial intelligence as an inventor. We discuss the decision and its implications.

• The ACCC Digital Platforms Inquiry
  The Australian Competition and Consumer Commission's (ACCC's) ongoing Digital Platforms Inquiry will consider the impact of Digital Platforms on the state of competition in media and advertising markets.
• Victorian Government releases IP guidelines for the public sector (v1)
  
• Classifying copyright in compilations: Sports Data v Prozone
  
• Human Rights in a robot world: the promise and perils of new technologies
  In its Human Rights and Technology Discussion Paper, the Australian Human Rights Commission has outlined a number of proposed reforms to protect and enhance human rights in the context of new technologies (including AI).
• A new right - the Consumer Data Right and framework unpacked
  

  The proposed legislative framework for the Consumer Data Right (CDR), including its interaction with existing privacy laws, can be difficult to follow. In this article, we explain how the proposed framework has developed, some of the key concepts, including the roles of the key participants and obligations and what to expect next.

• Protestware: what organisations should be aware of when using open source software
  

  The recent inclusion of 'protestware' in popular open source software (OSS) codebases highlights some emerging risks to organisations that rely on OSS.

• AOC loses Full Federal Court appeal for Telstra I go to Rio advertisements
  In Australian Olympic Committee, Inc v Telstra Corporation Limited [2017] FCAFC 165 the Full Federal Court dismissed the Australian Olympic Committee appeal against the 2016 Federal Court decision Australian Olympic Committee, Inc. v Telstra Corporation Ltd [2016] FCA 857.
• Amazon wins another battle in US 'App Store' litigation
  In March 2011, Apple Inc. brought proceedings in the US District Court against Amazon.com Inc. relating to the use by Amazon of the term 'Appstore' in connection with the sale of 'apps' for Android devices and the Kindle Fire.
• Perspectives on Cyber Risk 2019
  

  Our latest research highlights the increasing need for decisive action on cyber threats.

• Health sector faces more cyber attacks than any other
  

  According to the OAIC, 23% of recent data breaches occurred in the health sector. Our report explores cyber risk trends, the unique challenges facing health organisations and how they can mitigate risk.

• Trusted Digital Identity Bill exposure draft released for public consultation
  

  The government has released an exposure draft of the Trusted Digital Identity Bill for public consultation. We explore what it means and the potential benefits for individuals, and the public and private sectors. 

   

• 2016 Perspectives on cyber risk
  We are pleased to announce the publication of our inaugural cyber security survey report - Perspectives on Cyber Risk.
• The unhappy herb company
  Against a background of widespread copying and communicating of copyright-protected images on the internet, this decision signals that courts expect parties to negotiate an appropriate licence fee once put on notice of copyright and, even if the infringing party otherwise acts as a model defendant, additional damages may be awarded simply to warn others against irresponsible practices.
• Unlocking business value with smart legal contracts
  

  We explore how smart legal contracts can help your business, and explain how you can identify clauses that may be amenable to automation.

• What universities need to know about cyber risk
  

  We outline recent developments and the key steps that higher education providers can take now to mitigate the risk of a cyber attack.

• New regulatory framework for sharing Commonwealth public sector data - the DATA Scheme
  

  The Data Availability and Transparency Act 2022 (Cth) (DATA Act) establishes a new regulatory framework for the controlled sharing of Commonwealth public sector data.

• Prudential Standard CPS 234 to impose new information security requirements
  We examine the new APRA Prudential Standard CPS 234 and outline the requirements under the standard.
• Release of the Privacy Act Review Issues Paper
  

  On 30 October 2020, the Attorney-General's Department published the Privacy Act Review Issues Paper, which outlines issues at the heart of the current privacy regime in Australia. We discuss the key considerations included in the broad-ranging review that privacy experts will need to be aware of.

• First Security of Critical Infrastructure Bill is now live
  

  On 2 December 2021 the Security Legislation Amendment (Critical Infrastructure) Bill 2021 (Cth) received royal assent and became law in Australia. We explore what it means going forward.

• Beyond Asimov's Three Laws: A new ethical framework for AI developers
  It's time for a discussion on the proposed Artificial Intelligence: Australia's Ethics Framework to inform the federal government's approach to AI ethics in Australia.
• Penalties in technology contracts after ANZ v Paciocco
  Earlier this month, however, the Full Federal Court in Paciocco v ANZ [2015] FCAFC 50 overturned this earlier decision, declaring that the bank's late fees were not penalties, and were therefore enforceable against its customers.