Already a fast-moving area, the pace of change in the technology, media and telecommunications (TMT) sector increased further during the COVID-19 pandemic, with this trend likely to continue in 2021.
In this three-part series, the Corrs TMT team unpack some of the key issues we think general counsel should be following closely this year.
In part one, we consider:
- AI and copyright law;
- FIRB and the new national security test;
- regulatory changes impacting the digital health tech sector; and
- key developments in Australian privacy and data law.
Access part two and part three.
AI to challenge traditional authorship constructs under copyright law – Eugenia Kolivos
Creative works produced substantially or wholly through artificial intelligence will challenge the fundamental position under the Copyright Act that copyright only subsists in original works authored by an Australian citizen or resident. We are seeing a rise in AI-generated creativity (particularly in terms of literary, musical and artistic works) as machine learning enables computers to absorb vast amounts of creative data, analyse the features and patterns of this data and generate something entirely new.
We expect the number of AI-authored works to grow as human-to-human collaboration is disrupted by the COVID-19 pandemic and replaced with human-to-computer collaboration.
If these works are not protected by copyright because they have not been created by a human author then, theoretically, they could be freely exploited. This could have a chilling effect on creative AI investment in Australia. Commonwealth jurisdictions such as New Zealand and the UK have updated their copyright laws to account for the increasing role of technology and AI in creative works, but Australia is lagging behind.
We anticipate that Australian lawmakers will soon turn their minds to attributing authorship of AI-generated works to the creator of the AI system. In the interim, without default legal recognition, it will be necessary to continue to protect these assets contractually (to the extent possible).
FIRB and national security test for foreign buyers of Australian technology – Justin Fox
Foreign buyers of Australian technology assets will need to get used to dealing with FIRB. The market has welcomed the reintroduction of the monetary thresholds below which private foreign buyers do not require FIRB approval. However, in the same batch of changes, the Federal Government introduced a new national security test that is likely to mean that many technology deals still need FIRB approval.
The new rules impose mandatory notification for the acquisition of a direct interest in a ‘national security business’, irrespective of value. The definition of that term goes well beyond businesses that might intuitively be expected to raise national security concerns. We have previously discussed the application of these changes to technology assets, and made the point that many dual use technologies will be caught by the definition, and are therefore subject to mandatory FIRB notification.
FIRB’s net is cast even wider by the potential application of the Treasurer’s new call in powers. In essence, the Treasurer is now empowered to ‘call in’ a transaction for review on national security grounds up to ten years after it takes place. A foreign buyer can extinguish that power by voluntarily notifying a transaction.
Helpfully, FIRB has issued guidance that identifies a range of transactions they ‘suggest’ should be voluntarily notified. In practice, it will be hard for foreign buyers to ignore that suggestion where they are pursuing a transaction that fits the guidance.
In the technology space, FIRB suggests that foreign buyers voluntarily notify an intention to invest in:
- any business that provides ICT services to the defence force;
- a business or entity that develops, manufactures or supplies critical technologies in the following areas:
- material sciences and advanced manufacturing
- quantum technologies
- artificial intelligence and robotics
- communications and sensing
- space capabilities
- a business that has access to sensitive personal information of over 100,000 Australian residents;
- any business that owns or operates a data centre;
- a cloud provider that stores or processes data for the Commonwealth, a state or territory government or a critical infrastructure asset;
- a business that has access to sensitive network or operational information in relation to a Commonwealth or state or territory government entity, a critical infrastructure asset or more than five businesses in the water, energy, telecommunications, banking and finance, space and hospital sectors; or
- a business that provides services to any of those customers.
Foreign buyers of Australian technology will therefore need to form an early view as to whether mandatory or voluntary notification to FIRB should be made. This will require a relatively detailed understanding of the target technology, its applications and customer base. Unfortunately, all of this will inevitably play out in transaction timetables and costs.
Digital health tech sector expected to grow following major changes to the Australian regulatory framework – Frances Wheelahan
In 2020, we saw the COVID-19 pandemic strengthen the focus on digital health technologies due to our reliance on telehealth, increased use of remote monitoring technology and a record level of investment into the sector.
These events placed an even greater spotlight on an industry which had been calling for changes to the Australian medical device regulatory framework to relax the rules for lower risk digital health platforms, ‘lifestyle’ or ‘consumer’ products, mobile apps and software. In January 2021, the Therapeutic Goods Administration (TGA) announced a range of major changes to how software-based medical devices will be regulated in Australia. These changes commenced on 25 February 2021 and will have an immediate impact by:
- excluding or exemption certain software-based medical devices from regulation (including general health and well-being products which monitor body functions);
- introducing new classification rules for software-based medical devices (these will impact both existing entries on the Australian Register of Therapeutic Goods and new entries); and
- amending the essential principles, and introducing new essential principles, for software-based medical devices.
These changes provide important clarity and we expect to see significant growth in the sector and an increased focus on labelling, marketing and supply chains given their impact on classification under the new regime.
Key developments in Australian privacy and data law – Philip Catania
The Australian Government’s ongoing review of the Privacy Act 1988 (Cth) (Privacy Act) is a signal of the imminent changes about to sweep Australia’s privacy laws in response to increasing developments in the digital environment and the ACCC’s Digital Platforms Inquiry recommendations.
In particular, the Government is considering whether:
- individuals should be granted direct rights (i.e. compensation) to privacy obligations upon organisations in dealing with personal information;
- adjustments to enforcement powers and mechanisms under the Privacy Act are required (i.e. increasing fines and penalties to reflect those under Australia’s consumer law regime); and
- long established privacy terms and principles should be updated to align with technology developments (i.e. expanding the scope of ‘personal information’ to include technical data and online identifiers, and stricter requirements relating to how consent can be obtained).
In 2020, the Office of the Australian Information Commissioner (OAIC) finalised more than 900 Information Commissioner reviews, launched its first civil penalty proceedings for an interference with privacy, opened 11 Commissioner-initiative investigations and finalised 2,500 privacy complaints from individuals. The OAIC’s continued advocacy for the introduction of greater privacy safeguards and organisational accountability measures indicate their intentions to sustain their flurry of enforcement and investigative activity in 2021, except with better tools to do so.
For example, in its recent submissions to the Privacy Act reforms, the OAIC has called for the introduction of fairness and reasonableness standards for the collection, use and disclosure of personal information. Should this, and the proposed amendments outlined above, be adopted, navigating compliance with Australia’s increasingly comprehensive privacy framework must be an area of focus for every organisation that handles personal information.
Some of the key privacy and data issues to follow this year include:
- The introduction and implementation of data sharing regimes such as the Consumer Data Right and proposed Data Availability and Transparency Act, which will facilitate greater use of commercial and public data. These will be interoperable with Australia’s privacy laws, and subject to strict privacy safeguards.
- Greater use of technologies relying upon biometric data, and automated decision-making processes such as facial recognition technologies. Expect further consideration of ethical use issues with respect to data and artificial intelligence.
- The potential for Australia to be deemed to be ‘adequate’ for the purposes of international personal data transfers from the UK and Europe.
This article was originally co-authored by Justin Fox.
This publication is introductory in nature. Its content is current at the date of publication. It does not constitute legal advice and should not be relied upon as such. You should always obtain legal advice based on your specific circumstances before taking any action relating to matters covered by this publication. Some information may have been obtained from external sources, and we cannot guarantee the accuracy or currency of any such information.