The campaign for next month’s election is in full swing and while it may appear that the bulk of our politicians’ work involves breakfast TV interviews, press conferences, and signing large cheques for constituents in marginal seats, they also draft, propose, amend, and vote on legislation.

During the COVID-19 disrupted 46th Australian parliament, 378 bills passed both houses and were given Royal Assent.

Included in that was a set of bills that demonstrate the Coalition’s agenda when it comes to the impact, use, and development of digital technology in Australia.

Five bills in particular stand out for their scope, the manner in which they were passed, and their implications for Australian civil society in the 21st century.

First was the Treasury Laws Amendment (Consumer Data Right) Bill 2019 which created the Consumer Data Right (CDR), allowing consumers to share more of their information across institutions.

Since the laws’ passage, the CDR has been rolling out in stages across the economy starting with the banking sector.

The reform scheme was intended to give consumers more choice and transparency over available products by providing competitors with personalised, granular data and opened the ability for other companies to alter plans or change services using application programming interfaces (APIs).

Taking on big tech

In early 2021, the government passed the next aspect of its digital technology agenda – the Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Bill 2021.

A controversial law, the news media bargaining code put in place requirements for tech giants – namely Facebook and Google – to pay Australian news outlets for content that is shared and cited on their platforms.

It was part of the government’s public efforts to fight ‘big tech’, choosing to do so in a way that gave a financial shot in the arm to large news organisations like News Corp and Nine (formerly Fairfax) – the latter signing a $30 million per year agreement with Google alone.

The debate around the code saw Google threaten to shut off its search function in Australia and resulted in Facebook temporarily banning users from posting news content.

Protests from Facebook and Google helped the laws pass in a slightly watered down form but the core idea of compensating major media players for advertising revenue lost to big tech remains and has helped inform similar legislation in Canada, which critics have pointed out creates a form of paracopyright around news that could hamper the way it is spread, discussed, and critiqued.

In mid-2021, the government passed its next piece of digital reform aimed at limiting the powers of ‘big tech’ – the Online Safety Bill 2021.

This bill empowers the eSafety Commissioner with greater censorship powers in an effort to combat cyberbullying, imaged-based abuse (also known as ‘revenge porn’), and the spread of abhorrent violent material or content that has been classified as X18+ or refused classification.

With its new powers, the office of the eSafety Commissioner can issue removal notices to digital platforms demanding they take down the offending content, or face hefty fines.

Tech platforms and civil society groups alike protested the bill, warning that the current broadcast classification system was not built for this purpose, calling the warrantless powers “quasi-judicial”, and saying that cloud providers should not be expected to remove specific content on their hosting platforms.

Security and surveillance

In the second half of 2021, the government finalised two major pieces of security and surveillance legislation which have the potential to impact the ICT landscape for years to come.

First was the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 which handed law enforcement a new tranche of unprecedented hacking powers – including the ability to demand IT workers help them hack a target or face 10 years in prison.

Officers with the Australian Federal Police or the Australian Crime Commission can gain three new warrants for disrupting and changing data, intercepting network activity, and taking over accounts.

While the bill was being reviewed by parliamentary committees, human rights advocates expressed their extreme concern that these powers widely expanded the remit of Australian law enforcement to become more akin to domestic spy agencies at the cost of our civil liberties.

Finally, the government passed its Security Legislation Amendment (Critical Infrastructure) Bill 2021 in October last year.

Designed to secure Australian information networks against foreign cyber security and other threats, the Critical Infrastructure Bill created a new set of reporting and protection requirements for specific industries.

Responses to the legislation were mixed with some industry groups saying the bill created “an unworkable set of obligations” for organisations, including a 12-hour notification period for security incidents.

The bill passed with an expanded group of relevant industries labelled as ‘critical infrastructure’ – four were originally named but that grew to 11 – and a concession to allow for 84 hours to provide written reports of security incidents provided a verbal notification is made sooner.