Earlier this year, the Australia Competition and Consumer Commission (“ACCC”) commenced proceedings in the Federal Court against Google. The ACCC alleges Google mislead Australian consumers to get them to agree to allow Google to increase the scope of personal information that is collects about them.
This court proceeding brings to light two different legal issues that are discussed in this article:
- Misleading and deceptive conduct; and
- Privacy policies.
Misleading and deceptive conduct
The law around misleading and deceptive conduct can be found in the Australian Consumer Law (“ACL”), or more specifically, in Schedule 2 of the Competition and Consumer Act 2010 (Cth).
Section 18 of the ACL says: “A person must not, in trade or commerce, engage in conduct that is misleading or deceptive or is likely to mislead or deceive.”
In a guideline published by the ACCC, it is explained that the key question to ask when determining whether conduct is misleading or deceptive is whether the “overall impression created by the conduct is false or inaccurate”.
An example of misleading and deceptive conduct is the recent Federal Court ruling against online ticket re-seller Viagogo. In 2019 the ACCC brought Viagogo to court, alleging it had misled consumers by failing to disclose that it was not an original ticket seller, among other things. The court ultimately decided that Viagogo was guilty of making misleading representations to consumers, such as representing that it was the original seller of tickets, that tickets were scarce, and that tickets could be bought at a lower price than what they actually were (due to administration fees). Viagogo was handed a $7 million fine.
In regards to the current case that the ACCC has against Google, the ACCC is alleging Google did not properly inform consumers (and therefore did not gain their informed consent) about “its move in 2016 to start combining personal information in consumers’ Google accounts with information about those individuals’ activities on non-Google sites that used Google technology…”
The court proceedings also relate to privacy, because the ACCC is alleging that the change meant “Google significantly increased the scope of information it collected about consumers…” including “potentially very sensitive and private information about their activities on third party websites”.
Google presented consumers with a chance to click an “I agree” button to consent to the changes being made to its privacy policy. However, the ACCC says this was misleading because consumers could not have fully understood the nature of the changes Google was proposing and, therefore, their consent was not properly informed.
Privacy policies
A privacy policy is a document that sets out how an organisation or agency will use its clients’ or customers’ personal information. The law surrounding privacy policies is contained in the Privacy Act 1988 (Cth). All organisations and agencies covered by the Privacy Act must have a privacy policy.
Not all organisations and agencies are covered by the Privacy Act, so it’s a good idea to seek legal advice if you are unsure whether you fall under it. Broadly, organisations that generate more than $3 million in annual turnover and that also handle personal information are covered by the Privacy Act, and so are organisations that generate less than $3 million in annual turnover, but “trade in personal information”.
If you are covered by the Privacy Act, you have to abide by the 13 National Privacy Principles (“NPP’s”), which are set out in Schedule 1 of the Privacy Act. The 13 NPP’s cover the following things:
- Open and transparent management of personal information
- Anonymity and psuedonimity
- Collection of personal information
- Dealing with unsolicited personal information
- Notification of the collection of personal information
- Use or disclosure of personal information
- Direct marketing
- Cross-border disclosure of personal information
- Adoption, use or disclosure of government related identifiers
- Quality use of personal information
- Security of personal information
- Access to personal information
- Correction of personal information.
If you would like to read more about the laws around privacy policies and the NPP’s, you can have a look at some of our previous articles:
- Commercial Law: Are you keeping your clients safe?
- Does your business comply with the new privacy laws?
Our advice for organisations and businesses
In this article we have touched on two high profile court proceedings brought by the ACCC – against Google and Viagogo. In light of this, we strongly advise all business owners to be extra vigilant in ensuring they are complying with all laws that apply to them, including the ACL and the Privacy Act.
If you would like any advice about your privacy policy, representations you are making about your goods and/or services and/or are launching a new endeavor or marketing campaign, please do not hesitate to contact Lynn & Brown Lawyers for expert legal advice about your rights and obligations.
About the author:
Chelsea McNeill is in her fifth year of studying Law + Journalism at Murdoch University and is employed with Lynn & Brown as a Law Clerk. This article has been authored by Steven Brown who is a Perth lawyer and director at Lynn & Brown Lawyers. Steven is a Perth lawyer and director, and has over 20 years’ experience in legal practice and practices in commercial law, dispute resolution and estate planning.