Categories

It’s been all systems go from the beginning of this year on the public policy front! From consultations on policies and legislation affecting the telecommunications sphere such as NBN, USO and information sharing, to meetings with government and other industry stakeholders. In 2023, IAA will continue to represent our members and the general wellbeing of the Internet and Internet industry.

Completed Submissions

C647 NBN Co Access Transfer Code | Communications Alliance

Communications Alliance and the Working Committee have drafted an Industry Code regarding NBN Co Access Transfers. Among other changes, the Code will mandate provisioning customers with AVC IDs so they can be used when transferring NBN services. This is intended to stop non-authorised transfers. Our response expressed our overall support for the Code but made some recommendations to improve its clarity, as well as regarding the retention of personal information to better encourage best practice privacy measures.

Telecommunications Universal Obligation (Standard Telephone Service – Requirements and Circumstances) Determination 2022 | Department of Industry, Transport, Regional Development, Communications and the Arts

The Draft Determination pertains to the USO for the supply of a standard telephone service. In our submission, we noted our support for the USG over the USO given the contemporary technological landscape. However, in light of the USO continuing, we made recommendations to improve the clarity of the instrument so that customers will not be unreasonably denied service due to unclear legislation.

Telecommunications Legislation Amendment (Information Disclosure, National Interest and Other Measures) Bill 2022 | Senate Standing Committee on Environment and Communication

Among other changes, the Bill primarily seeks to remove the need for an ‘imminent’ threat to a person’s life or health in order for information to be disclosed to law enforcement and emergency services agencies. To ensure sufficient oversight in light of this significant change, there will also be changes to record-keeping rules for telecommunications providers. In our submission, we noted that only a targeted consultation was conducted, despite the changes affecting all telecommunications providers. As such, we recommended greater engagement measures to be taken to ensure sufficient awareness raising and guidance for industry to implement the changes once legislated.

Open Submissions

Record Keeping Rule for fixed line superfast broadband networks | ACCC | 10 February 2023

ACCC is developing the RKR for NBN Co regarding its service quality and network performance.

Digital Platforms: Government consultation on ACCC’s regulatory reform recommendations | Treasury | 15 February 2023

The Treasury is seeking views on the ACCC’s recommendations for the regulation of Digital Platform Services as per the inquiry since 2020.

NBN Co SAU variation (November 2022) | NBN Co & ACCC | 17 February 2023

NBN Co have lodged their revised SAU variation with the ACCC following consultation regarding its previous SAU variation, which was withdrawn in July.

The SAU variation includes changes to product and pricing commitments, the framework for NBN Co’s cost recovery, rules for how the ACCC assesses network expenditure and the service standards framework.

While we’re sure we would all like to pretend that the telecommunications sector’s participation and compliance with the Consumer Data Right (CDR) won’t be mandatory, that’s far from the truth.  

According to the draft rules, telcos with at least 30,000 services in operation will be subject to the scheme with smaller telcos able to elect to participate in the scheme, which will apply to fixed internet services and public mobile services. 

While the rollout timeline does not yet specify the telco sector, the Department of the Treasury continue to work on the standards and rules which will apply. We do know that once the rules come into place, the implementation will be through a 2-part process, requiring Telstra, Optus and TPG to be subject to the obligations, followed by the rest of applicable telcos in the second tranche.  

We encourage you keep an eye on the development of the standards and rules and respond to the consultations where you can.  

The rules will be in place with your compliance mandatory before you know it… 

The government has passed legislation that will amend the Competition and Consumer Act 2010, which includes the Australian Consumer Law (ACL). The new amendments, which will come into effect from late 2023 (12 months after Royal Assent), include big changes, primarily with respect to penalties for anti-competitive conduct and breaches of the ACL.

The amended maximum penalties will be the greater of $50 million, if the court is able to calculate the value of the benefit, then 3 times that amount, or if the court is unable to calculate the value of the benefit, 30% of adjusted annual turnover during the period in which the breach occurred. These represent significant fines, so it is important to check your current contracts.

The ACL’s unfair contract terms regime will also expand ‘standard form’ contracts and ‘small business’ contracts, meaning you may now find that your business falls under the regime.

As the amendments don’t kick in for another 12 months following Royal Assent, this period is intended to allow businesses time to review their contracts. It will also only apply to new contracts (and renewals) entered into on or after the legislation comes into effect.

We recommend that affected members seek legal advice to ensure your contracts are free of unfair contract terms before the amendments come into effect, so you aren’t subject to these hefty fines.

Please note that the contents of this article do not constitute legal advice and are not intended to be a substitute for legal advice. You should seek legal or other professional advice in relation to any matters you or your organisation may have.

The policy team met with NBN Co to discuss their preliminary questions before the launch of their Low-Income Forum. The Forum aims to address the issues facing low-income and other vulnerable consumers with respect to the provision of NBN Co products and services. The Forum will likely kick off in 2023 Q1.

We emphasised that the focus should be on ensuring concrete changes to NBN Co products, features, processes and services so they work efficiently for both consumers and industry. In this way, there will not be any need to develop specific low-income products. RSPs should not need to get involved in determining whether a consumer is a low-income, or an otherwise vulnerable, consumer. We took the view that if services are easy and affordable for industry to get, operate and offer, consumers will also be able obtain affordable and reliable services.

In response to their question as to the scope of the Forum, we suggested that while the primary remit should be NBN Co products and services, this sort of forum could present a good space for industry and other stakeholders to address issues concerning low-income consumers and telecommunications services that could be fed back to government, which they could then use to develop funding, educational and/or awareness programs and services.

NBN Co is considering what sort of form the Forum will take, with the likely view that there will be specific working groups for different issues including the appropriate stakeholders. IAA will continue to be involved to represent our members on matters that affect RSPs. If you have any thoughts or concerns, please get in touch!

The Public Policy Advisory Panel plays a fundamental role in informing IAA’s advocacy work. The Panel began in 2022, with the first meeting being conducted in April. Since then, IAA’s policy team have established its public-policy principles, released various educational material, responded to over 15 consultations and made a genuine impact in policy affecting the telecommunications sector.

In our last meeting for 2022, we had a chance to review and consider with the Panel the strategy and focus of IAA’s policy work for the future; our stance on Australia’s privacy and security regimes that is likely to continue being points of focus in the next year; and other policy areas of concern for Panel members. We were also grateful to have APNIC speak to us about its policy development process and consider areas that may be useful for IAA to be involved where IAA’s members are concerned.

We are very grateful for each Panel members’ time and assistance over the past year and very much looking forward to continuing our advocacy efforts with their help in 2023!

It has been another busy month for the policy team, from responding to consultations and meeting with NBN Co over the launch of the Low-Income Forum to holding our last IAA Public Policy Advisory Panel meeting for the year – while 2022 may be coming to a close, there’s still lots of work being done on the public policy front. Make sure to read our articles for more information on the work we’ve been doing this month. As always, if you would like to discuss any of the below reforms or if there are any other policy areas/issues of concern, please feel free to shoot us an email.

Completed Submissions

Variation of the Telecommunications Numbering Plan 2015 | ACMA
We didn’t see any substantive issues arising from ACMA’s proposal to vary the Telco Numbering Plan. However, if these variations are effected, this may mean some changes for the industry and your business, such as an obligation for donor CSPs to check the registration status of other CSPs to which they have assigned numbers. As such, we primarily advocated for ACMA to ensure efficient and reliable notification mechanisms and to conduct an awareness campaign to ensure CSPs are aware of any new obligations or systems. The Numbering Plan is set to sunset in 2025 and so we anticipate there will be further reforms in the future.

Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 | Attorney General’s Department
In our response to this fast-tracked legislation, we raised our concerns about the government’s focus in the wake of the recent major data breaches in Australia. While IAA acknowledges the importance of having adequate laws to ensure a strong security posture, we are concerned about the efficacy of the Bill. The Bill, which was further reviewed by the Senate Committee on Legal and Constitutional Affairs at a public hearing on 17 November, is primarily focused on increasing penalties for serious and/or repeated breaches of the privacy regime. However, this suggests that many companies are wilfully negligent about their privacy obligations. We argued that companies, particularly smaller businesses, struggle with the complexity of regulation and the lack of sufficient training and resources provided. Meanwhile, the sophistication and frequency of attacks only increases. We emphasised that the more pressing issues that require government attention are clarifying different regimes that mandate how much data companies should collect and retain, and provide support, particularly to small businesses, to ensure improved security and privacy practices. As the Privacy Act is still undergoing review by the AG Department with the Government report expected by the end of the year, IAA will continue to be involved in ensuring the development of an effective and practical privacy regime in Australia.

Open Submissions

WBA5 – First Consultation Paper on Implementing a Varied SAU | NBN Co | 6 December 2022
The NBN Co has issued its first consultation paper detailing some of the prioritised changes that will be implemented by the varied SAU. If you have any comments on these changes you would like us to include in our submission, please contact us.
Utilisation-based billing: NBN will change the TC4 Billing Model from ‘provisioned’ CVC to ‘utilised’ for TC-4 Bundling so that RSPs no longer have to actively forecast and manage CVC provisioning and will only be charged for what is utilised.
CVC inclusions adjustment: defined rules for bi-annual adjustments to CVC inclusions reflecting actual changes in end-user download usage over time for TC4 Bundled Offers.
Voice-only bundling offering: new voice-only $12/month at 12/1Mbps speed tier. Different prices applying to voice online and broadband will be based on a threshold data test.
Overbooking of CVC TC4 on NNI: NBN Co will allow RSPs to order aggregate CVC TC4 capacity in excess of NNI capacity.
Overage waiver: during the transition between bundled TC4 to flat rate offers, the overage waiver will be modified by changing the waiver threshold.

Superfast Broadband Access Service Final Access Determination Inquiry | ACCC | 9 December 202
The ACCC has released its draft decision on the SBAS Determination. The new measures proposed include regulation of access prices at the 50/20 Mbps speed tier, and charges for customer connections, transfers and appointments. There are also new requirements purported to improve the transparency of SBAS network performance and reliability.

7 November 2022

The Internet Association of Australia Ltd (IAA) today raised concerns that the Privacy Legislation Amendment Bill will not address Australia’s urgent need for data security and privacy protection.

IAA asserts that more so than enforcement measures, the government should focus on encouraging compliance by both increasing its education efforts and mitigating the harm to individuals in the case of a data breach by reviewing its data retention laws so that companies don’t hold unnecessary personal information in the first place.

“Legislative reform is obviously necessary to improve Australian businesses’ security posture and we support the government in this, but we need to really consider what that should entail,” said IAA CEO Narelle Clark. “In today’s context of ever increasing sophisticated online attacks, do stronger enforcement measures effectively address the actual data security issues that we are currently facing? Where is the focus on proper training, consumer redress and harm-mitigation measures? Where’s the guarantee that the revenue from the proposed hefty fines will actually go to redress or training?”

IAA’s submission to the proposed Bill particularly points to the disproportionate effect the increased penalties would have on smaller companies, and the potential to fail in achieving its intended outcome to create incentives for compliance.

“The increased penalties, while reflective of the serious nature of data breaches, suggests that companies are being wilfully negligent of their privacy compliance obligations,” said Clark. “What we see more often is that companies, especially smaller entities, struggle with the complexity of legislative and regulatory obligations. What we don’t want to see is more effort placed in the paperwork associated with privacy, than in actually improving data security. We need incentives to change the culture of data hoarding.”

“We look forward to continue working with government, industry and other stakeholders to ensure a privacy and data security framework that is genuinely effective and best serves all Australians,” said Clark.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill is currently with the Senate Legal and Constitutional Affairs Committee for review and closed its submission due date on 7 November.

 

October continued to be a busy month for IAA’s policy team, keeping up to date with industry news and legislative reforms on the horizon while attending meetings and regulatory information sessions. We expect we will continue to be busy, particularly responding to consultations surrounding privacy in the wake of the Optus data breach.

IAA’s Policy Officer also moderated a NetThing panel discussion on 28 October on ‘Defamation for ISPs and Other Internet Intermediaries’. Read more about it here.

As always, if you would like to discuss any of the below reforms or if there are any other policy areas/issues of concern, please feel free to shoot us an email.

Open Submissions

Telecommunications Numbering Plan Variation 2022 (No. 1) | ACMA | 4 November 2022
ACMA is proposing changes to the Telecommunications Numbering Plan 2015. Changes include CSPs requiring registration before being assigned numbers, decreasing the size of the standard unit for premium rate and mobile numbers from 100,000 to 10,000 and removal of the Location Independent Communications Services.

Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 | Attorney General | 7 November 2022
In response to the Optus data breach, the government is looking to increase penalties for serious or repeated privacy interferences, expand the Australian Information Commissioner’s enforcement powers, and provide the Commissioner and ACMA greater information sharing powers.

Draft SOCI Risk Management Rules 2022 | Department of Home Affairs | 18 November 2022
Following the recent amendment of the Security of Critical Infrastructure Act earlier this year, one of the new obligations is for critical infrastructure assets to have and comply with a critical infrastructure Risk Management Program. These draft rules will set out the specific requirements of this new obligation.

Completed Submissions

5 Year Productivity Inquiry – Australia’s Data and Digital Dividend Interim Report | Productivity Commission
The Productivity Commission’s interim report for its 5 Year Productivity Inquiry sought feedback and insight into data and digital technology in Australia. Our submission primarily raised concerns about the lack of transparency and genuine consultation by government when it comes to collaborating with industry to improve the data and digital landscape. Focusing on areas including government investment, the tech skilled workforce, cyber security and the policy landscape, we called for more comprehensive planning and multistakeholder input in future works involving the Internet and telecommunications industry to ensure the accelerated growth of data and digital technology for Australia’s future.

Industry Codes of Practice for the Online Industry (Class 1A and Class 1B Material) | Online Safety
IAA submitted to Industry Codes of Practice for the Online Industry (class 1A and class 1B Material). Our response made recommendations on the reporting requirement in recognition of the limited role ISPs play on the content layer. We also made recommendations to the proposed requirement that would see ISPs responsible for notifying host providers of harmful material being posted via their servers. This requirement would see ISPs having to take reasonable steps to identify the host provider, and would not be limited to providers with whom ISPs have a partnership or other relationship, thereby being too broad and burdensome for ISPs.

The findings from the Telecommunications Industry Ombudsman (TIO) Independent Review were released earlier this month. After consultation held in May this year, the review looked into the TIO’s compliance with the Australian Government’s benchmarks for industry-based customer dispute resolution.  

The TIO has accepted the majority of the 26 recommendations made by the review. However, it did not accept Recommendation 4 which suggested the removal of the refer-back process within the complaints handling model. IAA supports the refer-back step remaining as part of the scheme. In the absence of sufficient efforts by the TIO to guide consumers on the requirement to not only raise their complaint with the telecommunications provider first, but also give the provider a reasonable time to respond prior to raising a complaint with the TIO, it is crucial that, at the least, the TIO is able to refer consumers back to providers where it is clear that the complaint can be handled more easily and quickly directly, without TIO assistance. 

Although the review did consider the concerns raised by IAA and other industry representatives regarding this point that consumers were raising complaints with the TIO without first trying to resolve the complaint directly with the provider, it is disappointing that they seem to have missed the point. While the TIO Terms of Reference explicitly states providers must be given a ‘reasonable opportunity to consider the issues’, IAA raised in our submission that this is not always happening. Nowhere else on the TIO’s website or complaints form is there a reference to this illustrious ‘reasonable opportunity’. The review suggests that consumers making a complaint, formal or not, is sufficient, but where does the opportunity come into play for providers to consider and respond so the issue does not have to be referred to the TIO? 

If there is a gap in how industry, consumers and the TIO interpret what is a ‘reasonable opportunity’, then this is something that should be addressed so that everyone understands and uses the same process.  

We are hopeful that other recommendations made (and accepted) including the call for the TIO casework staff to collect more relevant information at the commencement of a case, increased systematic investigation and increased publication about the performance of the TIO will mean that the overall operation of the TIO will improve. Other concerns that IAA heard from our members during the consultation period to inform our submission centred on the lack of efficiency and a recurring issue where RSPs were being held accountable for network failures outside of the RSP’s control.   

IAA recognises the importance of an industry ombudsman and believes it to be a critical role in our industry. However, with the review suggesting that the TIO should play a greater function in the industry, taking on a more regulatory role instead of being primarily responsible for dispute resolution, it seems there is a need for a broader discussion within industry regarding the future of the TIO.  

You can read the review, TIO’s response and submissions on the TIO website 

Sign up to IAA's mailing list

Complete this form to receive all our latest news, events and updates.