Staying legal

Privacy

The Commonwealth Privacy Act 1988 establishes National Privacy Principles (NPPs) which apply to:

  • all private sector organisations with an annual turnover of more than $3m
  • health service providers
  • traders in personal information
  • contractors to the Australian Government as far as their activities are for the purposes of the contract.

There are limited exceptions from the coverage of the NPPs for employee records, contractors to state governments and journalism. The NPPs represent best practice so it is a good idea to follow them even if they are not compulsory in your particular situation.

The NPPs establish standards for the collection, use, storage and disclosure of personal information:

  • You can only collect personal information if it is necessary for the function or activity of your organisation.
  • You should not use or disclose personal information for a purpose different from the original purpose of collection, except in limited circumstances.
  • You must take reasonable steps to ensure that personal information collected is accurate, complete and up-to-date.
  • You must take reasonable steps to protect the personal information collected. This may mean that you will need to set up appropriate computer hardware and software systems for protection of data.
  • You can transfer personal information to a person or organisation outside Australia only in limited circumstances. These include the requirement that you reasonably believe that the recipient is governed by comparative privacy laws, or that the individual whose personal information is being transferred consents to its transfer.

Although you are allowed to collect and use personal information, you are not allowed to collect and use ‘sensitive information’ about individuals unless they first consent. Sensitive information includes information regarding race, gender, political opinion, religious beliefs, philosophical beliefs, membership of a trade union or professional organisation, or sexual preference or practices.

The NPPs also require you to explain your personal information collection and use practices to the people using your website at the time when you collect their information. The best way to do this is to incorporate the above principles into a ‘Privacy’ page on your site with a link to the Privacy page at the bottom or top of every other page on your site.

More information

  • Further information on the NPPs and the obligations of business can be obtained from the Privacy Commissioner's website http://www.privacy.gov.au.
  • Electronic Frontiers Australia is a nonprofit organisation promoting online civil liberties. See http://www.efa.org.au/ for more information on online privacy issues.

Defamation

If your website displays defamatory material, or is linked to other sites that display defamatory material, you may be sued for defamation.

Whether material is defamatory depends on where it is published. Under Australian law, publication on the internet of defamatory material is at the time and place that information is downloaded. Defamation laws vary between Australian states and other countries, therefore you may be liable for defamation actions anywhere that information from your site can be downloaded – in other words, anywhere in the world.

To minimise legal risks, you should incorporate disclaimers into your website, particularly if you allow other people to post material on your website or allow links to and from your website. Disclaimers in relation to defamation should clearly state that your organisation will not accept any liability for defamation in relation to third party material on your website. However, you must remember that disclaimers are not a guarantee against a person suing you.

You should also include a clause in your terms and conditions stating that anyone who posts material on your website, or links your website to theirs, will indemnify you for any loss or damage resulting from a defamation action as a result of their posted material or link.

Terms and conditions for use of your site

It is important that you outline terms and conditions on your website which govern the way in which the site is to be used. While you can’t control user behaviour with information on your site, outlining the conditions for use does help to limit your organisation’s legal liability.

These general terms and conditions should include:

  • a statement outlining the terms of use of the website, such as what the user is allowed to do
  • a warning stating that if the user does not agree with any of the terms and conditions they should immediately exit the website
  • a statement that users posting information on the site will indemnify you for any loss suffered as a result of using that information
  • a statement setting out the terms for linking to other sites
  • a privacy statement
  • a statement asserting ownership of copyright and all intellectual property rights
  • a disclaimer for all liability in accordance with the law
  • terms and conditions outlining online purchasing

Terms and conditions for online purchasing should be present on the website in the form of an agreement known as a clickwrap agreement. This means that the person using your website needs to view and then agree to the terms and conditions via an ‘I agree’ button at the bottom of the terms and conditions, before being able to proceed.

Terms and conditions for online purchasing should contain as a minimum:

  • the applicable price and other associated costs
  • a statement detailing payment options and information on currency, defaults, cancellation, refund and delivery of goods/services
  • a statement that the terms and conditions (whether for general use or purchasing) cannot be varied by any person unless there has been a prior written agreement.
  • a statement outlining which law applies to the agreement
  • a warranty that the purchaser is over 18 and has authority to enter into the contract
  • where possible, a statement specifying the countries in which the goods or services are available for purchase
  • a disclaimer for liability as permitted by law, Trade Practices Act etc.

The above lists are not exhaustive and will depend on your specific online operations. In order to minimise your legal risks it is best to obtain legal advice about your appropriate terms and conditions.

Tax

Online activities and business are not exempt from taxation. You will need to comply with any tax obligations that are relevant to your website operations.

Issues which may affect your tax obligations include:

  • the type of organisation
  • the source of income
  • whether the organisation is a permanent one
  • how various tax and corporations provisions apply to your operations.

Generally, the Goods and Services Tax (GST) will apply to internet sales for goods and services (which are not supplied in electronic form) if the supplier and the recipient are both resident in Australia, unless the goods or services are specifically listed as exempt under the GST Act.

GST will generally not apply if a supplier resident in Australia sells goods or services to a recipient outside Australia. However, you must be able to determine the location of the recipient for the transaction to be GST-free.

If GST applies to your online subscriptions and sales, the prices that you display on your website must include the GST component in the total price. You must also provide the recipient with a tax invoice if it is requested.

GST may also apply to other incidental transactions relating to your organisation’s online operations. It is therefore a good idea to get qualified tax advice on these.

Copyright

Generally websites themselves are not protected by copyright. However, parts of your site, such as text, artworks and logos will probably be protected.

Copyright protection is automatic in Australia and your website does not need to have a copyright notice on it to be protected. As a result of international treaties Australian copyright owners are protected in most other countries.

Copyright owners enjoy certain exclusive rights in relation to their creations. You should take measures to protect your rights by:

  • obtaining an assignment or licence of the copyright in the material created by your website designers so you can control future website designs and amendments
  • obtaining assignments of copyright or licences from third party consultants to use copyright material that they have created
  • displaying the copyright symbol (c), the name of the author, year of publication and terms of use, particularly on pages where users are able to download or copy material from your website
  • setting out in your general terms and conditions, or on a separate copyright page, a statement that users of the website must obtain permission (assuming you want them to) before copying, downloading or altering material from your website
  • providing a contact for users if they wish to use any material on the site.

Your website might also contain or use material in which other people hold copyright (‘third party’ copyright material). You should make sure to protect yourself from infringing third party copyright rights by:

  • obtaining licences to use and reproduce the copyright material before you place the material on your website
  • complying with any terms of use attached to the material
  • ensuring that if you link your website to third party websites, you only do so in accordance with their terms and conditions.
  • You should also protect yourself from liability if those using your website infringe someone else's copyright (i.e. when posting material to your website) by:
  • stating in your terms and conditions that you maintain authority to use and remove any material as you see fit without obtaining permission, that you are not responsible for the content of any posted material, and that under no circumstances are you authorising an infringement of copyright
  • requiring parties posting to your website to indemnify you for any loss arising from copyright infringement
  • ensuring that any infringing material is removed as soon as it is identified
  • providing statements limiting your liability where applicable.

Protecting your copyright

While copyright is copyright whether it is in a book, or text on a website, the reality is that it is physically easy to copy material from a website whether it is lawful or not.

Some organisations don’t see the enforcement of copyright as a high-priority, but if it is an issue for you and you have the time and resources there are ways to deter unauthorised copying or lifting of material from your site. These include requiring a password before people can download material, or encrypting information so that it can’t be read without a decryption device.

Your contract with your web developer should spell out each party’s responsibility in relation to copyright.

Digital rights management (DRM)

Digital Rights Management is a growing field so it is worth knowing what it is even though you are unlikely to have to do much about it unless your website includes sound and video files.

DRM refers to the process of protecting media such as music and video that increasingly exist mainly in a digital form. Digital media files can be duplicated an unlimited number of times without loss of quality. The popularity of the internet and file sharing tools have made the distribution of copyrighted digital media files simple.

DRM is the attempt by digital media publishers to control the duplication and dissemination of their content.

To date, all DRM systems such as physical protection, certificate-based encryption, product activation and digital watermarking have failed to meet the challenge of protecting the rights of the copyright owner while also respecting the rights of the purchaser of a copy. None have succeeded in preventing organised copyright infringement.

More information

  • The Australian Copyright Council website contains a wealth of information about copyright, its application and protection. In particular see their fact sheet.
  • Electronic Frontiers Australia is a nonprofit organisation promoting online civil liberties. See http://www.efa.org.au/ for more information on online, copyright and censorship issues.

Confidential information

You should not publish confidential information on your website as (obviously) it will lose its confidential status.

If confidential information has been provided to you by a third party and you publish it on your website you may be sued by that person for breach of confidence.

Digital signatures

Digital signatures are electronic codes specific to individual users, which can be used to identify the originator of a message or file, and to indicate approval of information transmitted. There are different types of digital signatures available (i.e. public key infrastructure, asymmetric cryptography, account numbers and passwords), and the level of security you require will dictate which method you use.

The Electronic Transaction Act 1999 gives legal recognition to the use of electronic signatures and you may find them useful in executing electronic contracts on your website.

Even if your internet contracts use digital signatures they may still be unenforceable, for example, if the person whose digital signature is on the contract is not the same individual who is agreeing to be bound by the terms of that contract. However, the risk of you dealing with parties who misuse digital signatures is similar to the commercial risk of fraud that arises through forgery of signature on a paper contract.

For more information on security issues, see this Australian Government fact sheet How do I make sure my digital certificates and keys are secure?

Jurisdiction

The laws that apply to your electronic transactions will be governed by the applicable jurisdiction (the state, country etc where those laws apply). This can be a complicated issue in relation to the web, particularly regarding contracts where the contract is formed between parties in different countries.

Each contract, as well as your website terms and conditions, should specify the applicable law. Your website business can limit the online transactions to contracting with Australian residents only as this will avoid the international jurisdictional problem. However, there may still be State-based issues which you will need to address, so it is important to state the applicable law exactly.

Jurisdictional issues may arise where loss or damage is caused, such as copyright infringement, defamation and other torts. It is therefore important to specify the applicable law in your terms and conditions and ensure that other legal issues are addressed before problems arise.

Disability discrimination

Your organisation must comply with state and Commonwealth disability discrimination legislation. The general principle is that the goods and services provided on your website must be accessible to all members of the community, including those who have disabilities. You will be exempt from breaching discrimination laws if the adjustments required to enable use of the goods and services on your website would cause unjustifiable hardship for you as the provider.

The World Wide Web Consortium has created accessibility guidelines for compliance with such disability discrimination laws. These include; providing equivalent alternatives to auditory and visual content, not relying on colour alone, using plain language and explaining abbreviations. It may be useful to get specialist advice to assess the accessibility of your website.

Document ID: 1997, Last Updated: Wednesday, 23 January 2008 9:12am