Other protection issues

As well as intellectual property and defamation, other issues related to online activities can affect legal rights.

Harassment and discrimination

Certain online communication practices, including giving unwanted attention or offensive material to another, may constitute discrimination or harassment under discrimination and workplace relations law.

Repeated email contact, chat room messages or posts to social networking sites with the intention of causing psychological harm or arousing in the recipient a reasonable fear for their safety (or that of others) may constitute the offence of stalking, punishable by fine or imprisonment.

For further information on workplace relations and discrimination law generally, see Discrimination and human rights.

Other types of material: vilification, discrimination and gambling

Material that denigrates a particular group of people may be prohibited under the Racial Discrimination Act 1975 (Cth). The Australian Human Rights Commission (AHRC) assesses this type of content. Complaints of racial vilification have been upheld against the publishers of online content. In Jones v Toben [2002] FCA 1150 the Federal Court upheld a decision of the AHRC, which found that the respondent had engaged in unlawful conduct by publishing on a website material that vilified Jews.

This decision has been applied in later cases, for instance Silberberg v The Builders Collective of Australia Inc [2007] FCA 1512. Although the posters of the offensive content were found liable, the website host was found to be not liable, because the failure to remove offensive content, despite having knowledge of it, was not necessarily connected to race.

In Eatock v Bolt (No 2) [2011] FCA 1180 the Federal Court found that section 18C of the Racial Discrimination Act had been contravened by the publication of articles (print and online) discussing the Aboriginal identity of identified individuals. The offensive conduct was assessed from the point of view and circumstances of the identified persons, and not general community standards. The publications were found to exhibit inflammatory and provocative language and the good faith exemptions for fair comment and genuine purpose in the public interest were not made out. For more information, contact the AHRC (www.humanrights.gov.au; 1300 656 419).

In Victoria, the Racial and Religious Tolerance Act 2001 (Vic) (“RRT Act”) specifically covers electronic communications, including email. The key section of the RRT Act is section 8(1), which provides that:

A person must not engage in conduct that incites hatred against, serious contempt for, or revulsion or severe ridicule of, that other person or class of persons.

Complaints can be made to the Victorian Equal Opportunity and Human Rights Commission (www.humanrightscommission.vic.gov.au; 1300 891 848).

For more information, see Discrimination and human rights.

Case example: vilification

Catch the Fire Ministries Inc v Islamic Council of Victoria Inc [2006] VSCA 284

The Islamic Council of Victoria lodged a complaint under the RRT Act arising out of statements made by a Christian pastor at a seminar that were also published on a website. The Victorian Civil and Administrative Tribunal (VCAT) upheld the complaint and ordered that corrective advertisements be published on the respondent’s website for a period of 12 months. The ministry’s appeal was upheld on the basis that VCAT applied an incorrect test in determining whether the RRT Act had been breached. However, the Court of Appeal confirmed that:

the corrective advertising order was not beyond VCAT’s power under section 136 of the Equal Opportunity Act 2010 (Vic); and

section 8 was valid and did not burden the implied freedom of communication about government and political matters.

Internet gambling

Australia regulates internet gambling and access by Australian-based customers to certain forms of interactive gambling is prohibited. This includes online casino-style games and live sports wagering. It is also an offence to provide particular forms of Australian-based interactive gambling to customers in specific countries. For more information, go to the Australian Communications Media Authority (ACMA) website (at www.acma.gov.au/Citizen/Take-action/Complaints).

Complaints about internet content not covered by specific legislation or procedures can be directed to the website operators.

Domain names and “cyber-squatting”

Domain names or Universal Resource Locators (URLs) are the unique web address in the form of a string numbers that follows the rules of the domain name registration system. Domain names are established by registration with an international body known as the Internet Corporation of Assigned Names and Numbers (in Australia the registration function is contracted to a number of corporations). Names are registered on a first come, first served basis.

“Cyber-squatting” describes the situation where a person registers domain names in which they have no legitimate interest, with a view to obtaining a profit from those with a genuine interest in the name. There is no specific anti-cyber-squatting legislation in Australia, but such actions may constitute trademark infringement, “passing off” (representing goods or services as your own, which are not) or breach of the Competition and Consumer Act 2010 (Cth). In Australia, cyber-squatting is usually dealt with under misleading or deceptive conduct, rather than trade mark infringement.

Australian law operates on the basis that domain names are a licence, held by the registrant under a contract with the authority in charge of managing and registering domain names. Because registration of a domain name is an administrative action, the act of registration does not give any legal rights, other than the contractual right acquired by registration. This means that domain names are not owned, but are contractual rights that are subject to terms and conditions as stipulated in the agreement for registration. The policy of the Australian Domain Name Administrator (auDA) (the regulator of the .au domain administration) states that:

2.1 There are no proprietary rights in a domain name. A registrant does not “own” their domain name, instead they hold a licence to use the domain name for a specified period of time and subject to the licence terms and conditions.

2.2 Because the registrant does not have a proprietary right in the domain name, it is not legally possible for the registrant to “sell” the domain name. By offering to sell their domain name to another party, the registrant is in breach of the Registrant Agreement.

Domain names were originally licensed on a “first come, first served basis”. The current policy provides for .com.au names to:

exactly match, or be an acronym or abbreviation of the registrant’s company or trading name, organisation or association name or trademark; or be otherwise closely and substantially connected to the registrant. The applicant must also warrant that it intends to use the name.

For further information on the registration of domain names go to the auDA site at www.auda.org.au.

Case authority exists that holding registration of a domain name may not constitute control over the website content. This is relevant, for example, when determining whether a party has power to publish corrective notices on a website. (See Australian Competition and Consumer Commission v Dynacast (Int) Pty Ltd (formerly Phoneflasher.com Pty Ltd) ACN 061 234 642 [2007] FCA 429.)

Domain name disputes are commonly dealt with according to uniform dispute resolution policy, which is regarded as a cheaper and simpler than court litigation. At an international level the policy is implemented by the Internet Corporation for Assigned Names and Numbers (ICANN). Domain name disputes at the .au level are dealt with according to auDRP, which is the dispute resolution policy of auDA, a not-for-profit Australian company with the responsibility of formulating and administering policy in relation to .au name space.

Disputes are dealt with by independent arbitration services that have been accredited to ICANN. These include the World Intellectual Property Organisation (WIPO); the National Arbitration Forum; The Asian Domain Name Dispute Resolution Centre; and CPR Institute for Dispute Resolution.

There is a new dispute resolution process for situations in which the company challenging the domain name owns a business name or trade mark identical to the domain name. If the challenger owned the name prior to the domain name owner registering the name, the name will be taken and disabled until the dispute is settled. This prevents the domain name owner from having possession of the name with which to bargain.

Case example: domain names

WIPO determined a complaint brought by the Melbourne 2006 Commonwealth Games Corporation concerning an attempted sale to the state of Victoria of a collection of registered domain names, which included melbourne-2006.com, melbourne2006.com, melbourne2006.info, melb2006.com and melb2006.info. These domain names were found to be either identical or confusingly similar to at least one of the trademarks in which the complainant had rights.

It was found that the respondent had no rights or legitimate interests in the domain names. The relevant date for determining whether the respondent to a domain name dispute has registered the domain name in bad faith is generally the date on which the respondent first acquired the domain name. In this case, the respondent’s offer to “rent” the various domain names to the complainant for a fee of $50,000 per month was found to be sufficient evidence that the respondent registered and used the disputed domain names in bad faith. WIPO ordered the domain names be transferred to the complainant.

Case example

Sheather v Staples Waste Removals Pty Ltd (No 2) [2014] FCA 84

The domain name “staples.com.au” was registered by an IT services company that paid the fees for registration and renewal of that domain name without seeking reimbursement. The business for whom it was registered, Staples, never in fact used the domain. A USA company – also called Staples – sought to purchase the domain name. A representative of the IT services company transferred the domain name to himself, then sold the domain name for $82,500, and retained the proceeds. The judge characterised the transfer and sale as a dishonest and fraudulent design to defeat Staples’ right to the domain name.

Privacy laws

The Privacy Act 1988 (Cth) (“Privacy Act”) imposes Australian Privacy Principles (APPs) on the federal public sector and on private sector organisations. The principles set the minimum standards for the collection and handling of personal information by businesses and other private sector organisations. The IPPs are relevant, for example, when collecting personal information from contributors to an online forum. There are current exemptions for small business and for media organisations acting “in the course of journalism”.

Providing a privacy policy for your website as well as terms and conditions of use are the mechanisms commonly used to manage the various legal risks associated with online publishing.

For more information on privacy laws, see Privacy and your rights.


Changes to the Privacy Act came into effect on 12 March 2014. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) amended sections of the Privacy Act and included a set of new, harmonised, privacy principles that regulate the collection, use, storage and disclosure of personal information by Australian Government agencies and some businesses. These new principles apply to the collection and use of personal information, including online storage of personal information.

Cyber-bullying and cyber-stalking

Cyber-bullying is offensive, menacing or harassing behaviour that is conducted by using technology.

Examples of cyber-bullying include:

posting hurtful messages, images or videos online;

repeatedly sending unwanted messages online;

sending abusive texts and emails;

excluding or intimidating others online;

creating fake social networking profiles or websites that are hurtful;

participating in nasty online gossip and chat; and

any other form of digital communication that is discriminatory, intimidating, intended to cause hurt or make someone fear for their safety.

Under the Criminal Code Act 1995 (Cth) (“Criminal Code”), it is an offence to use the internet, social media or a telephone to menace, harass or cause offence. The maximum penalty for this offence is three years imprisonment or a fine of more than $30,000.

There are also stalking offences in each state and territory. Stalking involves a persistent course of conduct that is intended to make the victim feel fearful, uncomfortable, offended or harassed. When the conduct occurs online (e.g. by email or on social networking sites) or via text message, it is still a criminal offence. Stalking offences carry heavy maximum penalties.

More information is available from the Australian Cybercrime Online Reporting Network (ACORN) (www.acorn.gov.au/learn-about-cybercrime/cyber-bullying).

Revenge porn

Revenge porn (also called “image-based abuse”) is the exploitative sharing of intimate or sexual material of a person without their consent, with the intention of causing that person harm. “Image-based abuse” is the term preferred by academics and government agencies as not all perpetrators are motivated by revenge, and not all images can be described as “pornography” (see R v Silva [2009] ACTSC 108 for discussion on what is “sexual material”).

There are specific laws in Victoria and South Australia that criminalise the distribution of an intimate or “invasive” image without consent. In both Victoria and South Australia, it is also a criminal offence to threaten to distribute an intimate or invasive image (seeSexting”).

The Criminal Code Amendment (Private Sexual Material) Bill 2016 (Cth) was introduced to the House of Representatives on 17 October 2016. At the time of writing (30 June 2017), we await the further passage of this Bill.

Currently, section 474.17 of the Criminal Code – “using a carriage service to menace, harass or cause offence” – has been used to respond to image-based abuse. But without the perpetrator demonstrating a clear intention to menace, harass or cause offence, the law is vague. While criminal and civil laws exist in some states and territories to provide victim compensation, there is no national consistency.


“Sexting” is “the creating, sharing, sending or posting of sexually explicit messages or images via the internet, mobile phones or other electronic devices” (Law Reform Committee 2013, Inquiry into Sexting, Victorian Parliament, Parliamentary Paper No. 230, p ix).

The Victorian Parliament passed the Crimes Amendment (Sexual Offences and Other Matters) Bill 2014 (Vic) on 15 October 2014, which amended the Summary Offences Act 1966 (Vic) (“Summary Offences Act”) and the Crimes Act 1958 (Vic) (“Crimes Act”). This legislation creates the new offences of distributing an intimate image (s 41DA) and threating to distribute an intimate image (s 41DB) under the Summary Offences Act.

It also creates four exceptions to the offence of publication or transmission of child pornography to protect young people who engage in consensual sexting from being treated as child pornographers.

The new section, 70AAA of the Crimes Act, implements a key recommendation arising from the inquiry into sexting. The law now recognises that teenagers who engage in consensual peer-to-peer sexting are categorically distinct from child pornographers. Young people who engage in this behaviour will no longer be placed on the sex offenders register.

Social networking sites and personal information

Social networking sites, such as Facebook and LinkedIn, enable members to use a personal profile to interact with other people online.

Most social networking sites have a privacy policy governing how they store and control access to the information that users upload on their profiles. In many instances, these policies provide that such information can be viewed by other site users or anyone who has access to the internet. Social networking sites can give rise to privacy and safety concerns, as it can be difficult to confirm the identity of other social networking site members. Users should always exercise caution when sharing personal information online.

All existing publication laws apply on social networking sites – including defamation, copyright, vilification, contempt and other restrictions around publication, such as identification of victims of sexual offences, or discussion of Children’s Court or Family Court matters. If you use a profile that identifies you as an employee or associate of a particular organisation, you will usually be subject to social media and professional conduct guidelines of that organisation.

A common problem on social networking sites is the establishment of false or impersonation profiles, designed to mislead users as to the identity of the person posting the information. An online reporting facility exists on Facebook and Twitter where requests can be made to remove or modify the “false” page or user.

Internet dumping

Internet dumping (also known as “modem jacking”) is the practice of switching a user from their current internet service provider (ISP) to a premium rate telephone number without their knowledge or consent. Internet dumping can occur when certain websites are accessed. Such a practice is likely to breach the Competition and Consumer Act 2010 (Cth), or various state Fair Trading Acts, and may also be a breach of the customer’s ISP contract.

If the ISP cannot resolve a complaint concerning internet dumping or an aspect of the ISP service, complaints can be made to the Telecommunications Industry Ombudsman. Call 1800 062 058 or visit their website at www.tio.com.au.


Spam is a generic term used to describe unsolicited commercial electronic messaging (electronic junk mail) generally delivered by SMS or email. Under the Spam Act 2003 (Cth), spam can only be sent with consent, although consent can be reasonably inferred from a business relationship. Subsequent commercial messages must include an “unsubscribe” facility.


Phishing is a form of identity theft where fake emails and websites – designed to look like legitimate businesses, financial institutions and government agencies – are used to deceive internet users into disclosing financial account information or other personal details. More information, including how to complain about spam and phishing, can be obtained from the ACMA (seeMore information”).