Discrimination, harassment and vilification laws can apply to online activities. Cyber squatting, identity theft, phishing, modem jacking and spamming are other practices being cracked down on. National privacy laws regulate the collection, use, storage and disclosure of personal information by the public and private sector.
As well as intellectual property and defamation, other issues related to online activities can affect legal rights.
Certain online communication practices, including giving unwanted attention or offensive material to another, may constitute discrimination or harassment under discrimination and workplace relations law.
Repeated email contact, chat room messages or posts to social networking sites with the intention of causing psychological harm or arousing in the recipient a reasonable fear for their safety (or that of others) may constitute the offence of stalking, punishable by fine or imprisonment.
For further information on workplace relations and discrimination law generally, see Discrimination and human rights.
Material that denigrates a particular group of people may be prohibited under the Racial Discrimination Act 1975 (Cth). The Australian Human Rights Commission (AHRC) assesses this type of content. Complaints of racial vilification have been upheld against the publishers of online content. In Jones v Toben  FCA 1150 the Federal Court upheld a decision of the AHRC, which found that the respondent had engaged in unlawful conduct by publishing on a website material that vilified Jews.
This decision has been applied in later cases, for instance Silberberg v The Builders Collective of Australia Inc  FCA 1512. Although the posters of the offensive content were found liable, the website host was found to be not liable, because the failure to remove offensive content, despite having knowledge of it, was not necessarily connected to race.
In Eatock v Bolt (No 2)  FCA 1180 the Federal Court found that section 18C of the Racial Discrimination Act had been contravened by the publication of articles (print and online) discussing the Aboriginal identity of identified individuals. The offensive conduct was assessed from the point of view and circumstances of the identified persons, and not general community standards. The publications were found to exhibit inflammatory and provocative language and the good faith exemptions for fair comment and genuine purpose in the public interest were not made out. For more information, contact the AHRC (www.humanrights.gov.au; 1300 656 419).
In Victoria, the Racial and Religious Tolerance Act 2001 (Vic) (“RRT Act”) specifically covers electronic communications, including email. The key section of the RRT Act is section 8(1), which provides that:
A person must not engage in conduct that incites hatred against, serious contempt for, or revulsion or severe ridicule of, that other person or class of persons.
Complaints can be made to the Victorian Equal Opportunity and Human Rights Commission (www.humanrightscommission.vic.gov.au; 1300 891 848).
For more information, see Discrimination and human rights.
Catch the Fire Ministries Inc v Islamic Council of Victoria Inc  VSCA 284
The Islamic Council of Victoria lodged a complaint under the RRT Act arising out of statements made by a Christian pastor at a seminar that were also published on a website. The Victorian Civil and Administrative Tribunal (VCAT) upheld the complaint and ordered that corrective advertisements be published on the respondent’s website for a period of 12 months. The ministry’s appeal was upheld on the basis that VCAT applied an incorrect test in determining whether the RRT Act had been breached. However, the Court of Appeal confirmed that:
•the corrective advertising order was not beyond VCAT’s power under section 136 of the Equal Opportunity Act 2010 (Vic); and
•section 8 was valid and did not burden the implied freedom of communication about government and political matters.
Australia regulates internet gambling and access by Australian-based customers to certain forms of interactive gambling is prohibited. This includes online casino-style games and live sports wagering. It is also an offence to provide particular forms of Australian-based interactive gambling to customers in specific countries. For more information, go to the Australian Communications Media Authority (ACMA) website (at www.acma.gov.au/Citizen/Take-action/Complaints).
Complaints about internet content not covered by specific legislation or procedures can be directed to the website operators.
Domain names or Universal Resource Locators (URLs) are the unique web address in the form of a string numbers that follows the rules of the domain name registration system. Domain names are established by registration with an international body known as the Internet Corporation of Assigned Names and Numbers (in Australia the registration function is contracted to a number of corporations). Names are registered on a first come, first served basis.
“Cyber squatting” describes the situation where a person registers domain names in which they have no legitimate interest, with a view to obtaining a profit from those with a genuine interest in the name. There is no specific anti-cyber squatting legislation in Australia, but such actions may constitute trademark infringement, “passing off” (representing goods or services as your own, which are not) or breach of the Competition and Consumer Act 2010 (Cth). In Australia, cyber squatting is usually dealt with under misleading or deceptive conduct, rather than trade mark infringement.
Australian law operates on the basis that domain names are a licence, held by the registrant under a contract with the authority in charge of managing and registering domain names. Because registration of a domain name is an administrative action, the act of registration does not give any legal rights, other than the contractual right acquired by registration. This means that domain names are not owned, but are contractual rights that are subject to terms and conditions as stipulated in the agreement for registration. The policy of the Australian Domain Name Administrator (auDA) (the regulator of the .au domain administration) states that:
2.1 There are no proprietary rights in a domain name. A registrant does not “own” their domain name, instead they hold a licence to use the domain name for a specified period of time and subject to the licence terms and conditions.
2.2 Because the registrant does not have a proprietary right in the domain name, it is not legally possible for the registrant to “sell” the domain name. By offering to sell their domain name to another party, the registrant is in breach of the Registrant Agreement.
Domain names were originally licensed on a “first come, first served basis”. The current policy provides for .com.au names to:
exactly match, or be an acronym or abbreviation of the registrant’s company or trading name, organisation or association name or trademark; or be otherwise closely and substantially connected to the registrant. The applicant must also warrant that it intends to use the name.
For further information on the registration of domain names go to the auDA site at www.auda.org.au.
Case authority exists that holding registration of a domain name may not constitute control over the website content. This is relevant, for example, when determining whether a party has power to publish corrective notices on a website. (See Australian Competition and Consumer Commission v Dynacast (Int) Pty Ltd (formerly Phoneflasher.com Pty Ltd) ACN 061 234 642  FCA 429.)
Domain name disputes are commonly dealt with according to uniform dispute resolution policy, which is regarded as a cheaper and simpler than court litigation. At an international level the policy is implemented by the Internet Corporation for Assigned Names and Numbers (ICANN). Domain name disputes at the .au level are dealt with according to auDRP, which is the dispute resolution policy of auDA, a not-for-profit Australian company with the responsibility of formulating and administering policy in relation to .au name space.
Disputes are dealt with by independent arbitration services that have been accredited to ICANN. These include the World Intellectual Property Organisation (WIPO); the National Arbitration Forum; The Asian Domain Name Dispute Resolution Centre; and CPR Institute for Dispute Resolution.
There is a new dispute resolution process for situations in which the company challenging the domain name owns a business name or trade mark identical to the domain name. If the challenger owned the name prior to the domain name owner registering the name, the name will be taken and disabled until the dispute is settled. This prevents the domain name owner from having possession of the name with which to bargain.
WIPO determined a complaint brought by the Melbourne 2006 Commonwealth Games Corporation concerning an attempted sale to the state of Victoria of a collection of registered domain names, which included melbourne-2006.com, melbourne2006.com, melbourne2006.info, melb2006.com and melb2006.info. These domain names were found to be either identical or confusingly similar to at least one of the trademarks in which the complainant had rights.
It was found that the respondent had no rights or legitimate interests in the domain names. The relevant date for determining whether the respondent to a domain name dispute has registered the domain name in bad faith is generally the date on which the respondent first acquired the domain name. In this case, the respondent’s offer to “rent” the various domain names to the complainant for a fee of $50,000 per month was found to be sufficient evidence that the respondent registered and used the disputed domain names in bad faith. WIPO ordered the domain names be transferred to the complainant.
Sheather v Staples Waste Removals Pty Ltd (No 2)  FCA 84
The domain name “staples.com.au” was registered by an IT services company that paid the fees for registration and renewal of that domain name without seeking reimbursement. The business for whom it was registered, Staples, never in fact used the domain. A USA company – also called Staples – sought to purchase the domain name. A representative of the IT services company transferred the domain name to himself, then sold the domain name for $82,500, and retained the proceeds. The judge characterised the transfer and sale as a dishonest and fraudulent design to defeat Staples’ right to the domain name.
The Privacy Act 1988 (Cth) (“Privacy Act”) imposes Australian Privacy Principles (APPs) on the federal public sector and on private sector organisations. The principles set the minimum standards for the collection and handling of personal information by businesses and other private sector organisations. The IPPs are relevant, for example, when collecting personal information from contributors to an online forum. There are current exemptions for small business and for media organisations acting “in the course of journalism”.
Changes to the Privacy Act came into effect on 12 March 2014. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) amended sections of the Privacy Act and included a set of new, harmonised, privacy principles that regulate the collection, use, storage and disclosure of personal information by Australian Government agencies and some businesses. These new principles apply to the collection and use of personal information, including online storage of personal information.
Social networking sites and personal information
Social networking sites, such as Facebook and LinkedIn, enable members to use a personal profile to interact with other people online.
All existing publication laws apply on social networking sites – including defamation, copyright, vilification, contempt and other restrictions around publication, such as identification of victims of sexual offences, or discussion of Children’s Court or Family Court matters. If you use a profile that identifies you as an employee or associate of a particular organisation, you will usually be subject to social media and professional conduct guidelines of that organisation.
A common problem on social networking sites is the establishment of false or impersonation profiles, designed to mislead users as to the identity of the person posting the information. An online reporting facility exists on Facebook and Twitter where requests can be made to remove or modify the “false” page or user.
Internet dumping (also known as “modem jacking”) is the practice of switching a user from their current internet service provider (ISP) to a premium rate telephone number without their knowledge or consent. Internet dumping can occur when certain websites are accessed. Such a practice is likely to breach the Competition and Consumer Act 2010 (Cth), or various state Fair Trading Acts, and may also be a breach of the customer’s ISP contract.
If the ISP cannot resolve a complaint concerning internet dumping or an aspect of the ISP service, complaints can be made to the Telecommunications Industry Ombudsman. Call 1800 062 058 or visit their website at www.tio.com.au.
Spam is a generic term used to describe unsolicited commercial electronic messaging (electronic junk mail) generally delivered by SMS or email. Under the Spam Act 2003 (Cth), spam can only be sent with consent, although consent can be reasonably inferred from a business relationship. Subsequent commercial messages must include an “unsubscribe” facility.
Phishing is a form of identity theft where fake emails and websites – designed to look like legitimate businesses, financial institutions and government agencies – are used to deceive internet users into disclosing financial account information or other personal details. More information, including how to complain about spam and phishing, can be obtained from the ACMA (see “More information”).