AUSTRALIA: An Introduction to TMT: Media

This year has again seen significant activity in the media content space in Australia.

Defamation 

2023 witnessed a result in what was the longest and most expensive defamation trial in Australia's history. The Nine Network was successful in defending a defamation claim brought against it by former Australian soldier and Victoria Cross winner, Ben Roberts-Smith, in which the court found Roberts-Smith had committed three murders.

At the time of writing, the decision is subject to an appeal by Roberts-Smith.

The decision was lauded by many journalists as a win for free speech and investigative journalism. But others pointed to the extraordinary cost involved in the case as an example of how the law in Australia is not particularly aligned to free speech.

The serious harm requirement introduced in July 2021 was the focus of the courts of Australia and the jurisprudence on this crucial issue continues to develop. There is a growing trend which assumes that if a publication is made in the mainstream media then it will cause serious harm.

The so-called "stage two" of defamation law reform - focusing mainly on digital intermediaries - moved further forward in 2023. It is proposed these reforms will be passed in each Australian jurisdiction and commence on 1 July 2024. However, the courts of South Australia have already indicated they are going to treat these matters differently, so Australia might end up with even less uniformity.

The provisions that will take effect next year include:

1. An exemption from liability for a digital intermediary in relation to the publication of digital matter using a caching service, conduit service or storage service provided by the intermediary (the "passive intermediary exemption").

2. An exemption from liability for a search engine provider in relation to the publication of digital matter included search results and the publication of digital matter comprised of content from other websites to which the results facilitate access by providing a hyperlink. The exemption will only apply to organic search results, not sponsored search results.

3. A new defence for digital intermediaries whereby:
a. the defendant must prove: (i) the defendant was a digital intermediary in relation to the publication of the defamatory digital matter; (ii) the defendant had, at the time of the publication, an accessible complaints mechanism for the plaintiff to use;
b. if the plaintiff gave the defendant a written complaint about the publication containing certain basic information (including what the matter is and where it can be located), the defendant must prove that reasonable access prevention steps, if steps were available, were taken by the defendant or another person in relation to the publication before the complaint was given or within seven days after the complaint was given;
c. the defence will be available to defendants who moderate content by taking steps to detect or identify, or steps to remove, block, disable or otherwise prevent access by persons to content that may be defamatory or breach the terms or conditions of the online service.

The defence seeks to overcome the problems with the defence of innocent dissemination (which will continue to operate as it does currently) in the following ways:

(a) it expressly applies to digital intermediaries;
(b) it makes clear a complaint including the basic information that is received by a digital intermediary operates as notice of the defamatory matter;
(c) it provides a specific timeframe for action to be taken to have the benefit of the defence.

The digital intermediaries covered by the defence would generally be considered publishers at general law, including forum administrators and digital intermediaries providing social media platforms or review websites.

The defence may be defeated only if the plaintiff proves the defendant was motivated by malice in establishing or providing the online service by means of which the matter was published.

4. A provision which allows an offer to make amends to include an offer to take access prevention steps. These steps may involve removing the matter or instead blocking, disabling or otherwise preventing access to the matter. This can be offered instead of, or in addition to, either or both mandatory remedial offers. For example, there may be circumstances in which it would not be possible to publish a correction or clarification without republishing the defamatory matter.

Regulation of Digital Platforms  

The eSafety Commissioner has continued to drive regulatory activity in the digital space in 2023 under the Online Safety Act 2021 (Cth) and the related Online Safety (Basic Online Safety Expectations) Determination 2022 (BOSE Determination).

Increasing from 212 notifications in 2022, 601 notifications were made to internet service providers on adult cyber abuse and 77% of that content was removed within 24 hours. A further 534 removal requests were successfully made to remove child cyberbullying content from online service platforms.

The eSafety Commissioner showed a tougher stance in 2023 on enforcing transparency and accountability from online service providers, with 13 separate non-periodic reporting notices issued under the BOSE Determination. Companies including Google, TikTok and X Corp were required to report on measures taken to proactively address child sexual exploitation and abuse, among other harmful material.

Throughout 2023, the eSafety Commissioner has continued to work with online industry participants to develop mandatory industry codes, regulating certain classes of illegal and restricted online material. Five industry codes will come into effect on 16 December 2023, for social media services, internet carriage services, equipment providers, app distribution services and hosting services. The codes will predominantly focus on addressing regulation of child sexual exploitation material and terrorist material hosted by service providers.

Further industry codes and standards are being developed for internet search engine services, relevant electronic services and designated internet services, to come into effect in early 2024.

Privacy and Data  

The Commonwealth Government provided its response to the Attorney-General's report on the review of the Privacy Act 1988 (Cth), indicating that it has agreed, or agreed in principle, with the majority of the proposals outlined, and committed to introducing the first tranche of legislative reforms in 2024.

Of note, the government has agreed in principle to:

• New rights which will enable individuals to:

o request the erasure of their personal information (Proposal 18.3);

o challenge the collection, use and disclosure of their personal information (Proposal 18.2); and

o request the de-indexing of internet search results containing their personal information (Proposal 18.5).

• A new direct right of action for individuals (including a group) who have suffered loss or damage as a result of breaches of the Privacy Act (Proposal 26.1).

• A new statutory tort for serious invasions of privacy (Proposal 27.1). This long-anticipated tort would cover conduct outside the scope of the Privacy Act.

In response to a series of high-profile data breaches in the second half of 2022, the government increased the maximum penalties for serious or repeated breaches of the Australian Privacy Principles.

The government has also expanded the extraterritorial reach of the Privacy Act by removing the last limb of the existing "Australian link" test.

In July the Federal Court imposed a AUD20 million fine on Meta’s subsidiaries, Facebook Israel and Onavo Inc, for breaching the Australian Consumer Law by misleading users about the way those companies used customers’ data.

Four data breach class actions have been commenced against Optus and Medibank. These matters will require courts to assess whether certain technical and operational cybersecurity controls and practices are necessary to comply with regulations that are largely principles-based. The proposed new direct right of action that individuals could bring for a breach of the Privacy Act 1988 (Cth) (above) will facilitate such breach class actions in the future.

Mergers and Acquisitions  

There was no significant merger and acquisition activity in the media sector in the last year, although there is some optimism that there might be some activity in this area in 2024.