Quay Regulatory Update for October 2023

This Quay Regulatory Update looks at a few regulatory actions in the areas of competition law, consumer protection, telecommunications, media, digital platforms, data and cyber over October 2023 as well as a few actions from the early days of November 2023.

Competition Law

• Australian Competition and Consumer Commission (ACCC) authorises Brookfield and MidOcean’s acquisition of Origin Energy: While the ACCC was not satisfied that the proposed acquisition would not be likely to substantially lessen competition, authorisation was granted on the basis that it would result in public benefits that outweigh the potential public detriments.  The ACCC was persuaded by Brookfield’s (very limited) pledges in relation to an accelerated transition to renewable energy.  See the ACCC’s media release here.  Nonetheless, shareholders do not seem as impressed by the offer price and doubt exists as to whether the deal will proceed.
• ACCC consults on Australian Clinical Labs proposed divestiture remedy for Healius acquisition: Australian Clinical Labs has proposed to provide a court enforceable undertaking to the ACCC to divest 95 approved collection centres in an attempt to have the regulator waive through its acquisition of Healius.  If the merger goes ahead, the merged entity would be the largest provider of community pathology services in every Australian jurisdiction in which it would operate.  The ACCC’s media release regarding its public consultation on the undertaking is here.
• ACCC looks at completed acquisitions by Petstock: Petstock completed a number of acquisitions between 2017 and 2022, none of which were notified to the ACCC under its informal merger clearance process.  These are now being investigated by the ACCC, after they came to light as part of the ACCC’s review of the proposed acquisition by Woolworths of a 55% interest in Petstock.  It is not clear whether the ACCC will accept proposed enforceable undertakings for divestiture offered by both Woolworths and Petstock as an alternative to other regulatory action, if it considers there is a concern that the acquisitions were anticompetitive under section 50 of the Competition and Consumer Act.  The ACCC’s media release is here.
• ACCC accepts a court enforceable undertaking from Brilliant Lighting: The ACCC found that Brilliant Lighting engaged in resale price maintenance by attempting to prevent a number of its resellers from advertising or selling its lights, fans and other electrical products below a specified minimum price.  Under its enforceable undertaking, Brilliant Lighting must send corrective notices to all affected retailers and distributors and establish a compliance program.  For more information, see the ACCC’s media release here.

Consumer Protection

• Australian Communications and Media Authority (ACMA) takes action against telcos on scam texts: Vonage Business and Twilio have been ordered by the ACMA to comply with the Reducing Scam Calls and Scam SMS Code.  The orders were made after both telcos allowed customers to send SMS messages using text-based sender IDs without appropriate processes in place to prevent scams.  These orders were made as part of the ACMA’s ongoing crackdown on scams, which continue to harm many Australians.  The ACMA’s media release is here.
• ACMA continues to crack down on spam: The ACMA also has an ongoing focus on preventing spam marketing.  In October and early November 2023, Kmart was issued with an approximately $1.3 million fine for sending spam emails to customers who had previously unsubscribed; Ticketek was fined approximately $500,000 for the same breach; and Uber was fined a little under $500,000 for sending spam emails which were mischaracterised as non-commercial and which also had no “unsubscribe” facility.  The ACMA’s media releases are here, here and here.
• ACCC continues to seek broader powers to fight online scam activities: ACCC Chair, Gina Cass-Gottlieb has reaffirmed the ACCC’s support for the imposition of mandatory obligations on all digital platforms to address scams.  In this regard, the ACCC is closely following developments in generative AI, both as the technology may be useful in the fight against scams and because it poses a risk of facilitating greater volumes of sophisticated scams across the internet.  For more information see the Chair’s speech here.
• Australian Securities & Investments Commission (ASIC) also focusses on scams: ASIC has announced a new initiative working with Netcraft to remove or limit access to malicious phishing and investment scam websites.  This supports ASIC’s other initiatives to limit investment scam activities and integrates with the work of both the ACCC and ACMA to combat scams in their different areas of regulatory focus.  For more information see ASIC’s media release here.

Telecommunications

• Consultation on registration requirement for carriage service providers (CSPs): The Australian Government is consulting on a registration requirement for CSPs.  It appears very likely that this proposal will be implemented as the ACMA has long lobbied in favour of such a regime.  The ACMA’s view is that a simple registration requirement will not create a barrier to entry into the service provider market, which could have a negative impact on competition, but will provide necessary visibility of market participants.  More information is available here.
• New consultation on connected cars: The Australian Government has also commenced consultation on whether CSP obligations should apply to the manufacturers and distributors of connected vehicles.  Depending on the structure of the arrangements entered into with customers, these entities often fall within the “intermediary” category of CSPs under section 87 of the Telecommunications Act.  The Discussion Paper issued by the Department of Communications does not put forward a preferred regulatory model, though acknowledges that a new approach is required as it is not appropriate to treat such providers in the same manner as “traditional” telcos.  Any new approach may serve as a model for other OTT providers that may also be considered to be CSPs.  For more information see here.
• ACCC finally accepts NBN Co’s varied Special Access Undertaking (SAU): After a two year process, the ACCC has accepted NBN Co’s proposed varied SAU, which sets out the regime for broadband providers to access the NBN until 2040.  From the perspective of the ACCC, a key benefit of the varied SAU is that it will support greater pricing stability for consumers.  It is also thought that the varied SAU will facilitate better service quality for consumers – an ongoing area of complaint.  The ACCC’s final decision and NBN Co’s proposed variation to the SAU are available here.

Media

• Seven fined for online gambling advertising rule breach: The ACMA determined that Seven breached the rules in Schedule 8 of the Broadcasting Services Act by showing gambling advertising on its online services outside of the permitted times during live sport coverage in December 2022.  For more information, see the ACMA’s media release here.

Digital platforms

• Tech firms need to be more responsive: In her second report under the Online Safety Act looking at the steps being taken by the largest online service providers to address child sexual exploitation, the eSafety Commissioner has found that there is still much work to be done to tackle this terrible problem.  In addition, the eSafety Commissioner found that X (formerly Twitter) and Google did not adequately comply with requests issued under the Online Safety Act for information on the processes that they implement to remove such content from their services.  As a consequence, Google was issued with a formal warning while X has been fined over $600,000.  The eSafety Commissioner’s media release is available here.

Data

• OAIC takes first action in relation to data breaches: Having foreshadowed this step in her appearance before Senate Estimates in late October 2023, the Australian Information Commissioner has commenced legal proceedings under the Privacy Act against Australian Clinical Labs in relation to a February 2022 data breach involving both health and financial information of approximately 100,000 Australians.  The fact that this action has been taken suggests it is likely that the Australian Information Commissioner will also commence proceedings in relation to the other significant data breaches impacting Australians over the last year, namely those by Medibank, Optus and Latitude Financial.  The Commissioner’s media release is here.

Cyber

• The fight against ransomware continues: The International Counter Ransomware Initiative, to which Australia is a party, has reaffirmed the commitment of members to international cooperation in combatting ransomware.  The Minister for Home Affair’s statement is here.  In this context, it is hoped that the Government will soon release its 2023-2030 Cyber Security Strategy which will look at cyber related issues and risks, and both the public and private sector’s roles in promoting cyber resiliency, more broadly.