Australia: Proposed reform to the Competition and Consumer Act 2010 (Cth)

Latest developments

On 14 December 2021, Treasury released a Regulation Impact Statement (RIS) for consultation, which included recommendations for reforming the Australian Consumer Law (ACL), including introducing a civil prohibition for failing to provide a consumer guarantee remedy. The consultation process has now been completed. The recommendations in the RIS were foreshadowed in the Cybersecurity Discussion Paper (referred to in chapter 5) as providing consumers with more options to directly enforce consumer guarantees respect of cybersecurity incidents and digital goods.

Summary

The Cybersecurity Discussion Paper (referred to in chapter 5) commented that Australia should “assess its overall cyber posture by viewing remediation and victim support as a key measure of security.” The Home Affairs Department notes that:

• While companies cannot make misleading or deceptive representations about the cybersecurity of their products, there is no positive disclosure obligations in respect of cybersecurity under the ACL; and
• While the consumer guarantees may extend to digital goods, such application is untested.

Introducing a civil prohibition on failing to provide a consumer guarantee remedy is, in the view of the Home Affairs Department, desirable as it would provide the ACCC with more options to directly enforce the consumer guarantees under the ACL and address barriers associated with applying the guarantees in a cybersecurity context, for example:

• Consumers’ lack of technical expertise to determine whether a breach of the consumer guarantees occurred because a good was not ‘fit for purpose’ or a service was not provided with ‘all due care and skill’; and
• Determining whether a relevant transaction involves a ‘good’ or ‘service’ (as required under the ACL). As digital goods and services may consist of multiple components such as hardware, software and technology services, the Home Affairs Department notes that interpretations of current ACL provisions in previous cases (such as Valve Corporation v ACCC [2017] FCAFC 224) suggest that these components may not all fall within the scope of the ACL.

How could it be relevant for you?

Businesses offering goods and services to consumers should be aware of the consumer guarantees set out in the ACL and how they might apply to digital goods and services or any cybersecurity incidents which occur. Such businesses should also be aware that enforcement action may result in response to non-compliance with the guarantees if the reforms suggested by the RIS are enacted into law. Businesses should be aware of the increased risk of breaching the ACL or in using unfair contract terms (see below).

Next steps

Consultation on the RIS was completed on 11 February 2022 and Treasury is currently in the process of reviewing submissions to determine the preferred policy/law reform approach to adopt. It is unclear at this stage whether the Albanese Government will pursue these reforms. 

*Information is accurate up to 27 November 2023