Business Law Library & Tracker
Privacy & Data
Privacy notices, data handling, direct marketing and breach response obligations for Australian businesses.
Sources last reviewed 2 June 2026
Published law explainers
308
Curated from a much larger legal corpus
Topics
11
Plain-English clusters
Published case explainers
663
Selected from thousands of decisions
Tracked updates
11
New, amended & reviewed
These are plain-English explainers, not legal advice. They are a good starting point, but check the linked official source before you rely on a specific section, and get advice for your situation.
Talk to a lawyerLegislation
Privacy Act 1988
Privacy Act 1988 (Cth)
Spam Act 2003
Spam Act 2003 (Cth)
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
Online Safety Act 2021 (Cth)
Online Safety Act 2021 (Cth)
My Health Records Amendment (Strengthening Privacy) Act 2018
Privacy Amendment (Enhancing Privacy Protection) Act 2012
Privacy Amendment (Notifiable Data Breaches) Act 2017
Privacy Amendment (Office of the Privacy Commissioner) Act 2000
Privacy Amendment (Private Sector) Act 2000
Privacy Amendment (Public Health Contact Information) Act 2020
Privacy Amendment Act 2004
Privacy and Other Legislation Amendment Act 2024
Privacy Legislation Amendment (Emergencies and Disasters) Act 2006
Privacy Legislation Amendment (Enforcement and Other Measures) Act 2022
Privacy Legislation Amendment Act 2006
Work Health and Safety (Safety Data Sheets and Labelling Hazardous Chemicals - Lockheed Martin Australia Pty Ltd, HAAS/WESCO Group Australia Pty Ltd and Department of Defence) Exemption 2018
Personal Property Securities (Search Result Data) Determination 2011
Work Health and Safety (Preparation of Safety Data Sheets for Hazardous Chemicals) Code of Practice 2015
Spam (Consequential Amendments) Act 2003
Spam Regulations 2021
Tracker
- Case1 June 2026
Digital consumer law cases added
Digital, ecommerce and marketplace businesses now have selected cases for pricing interfaces, search ads, data disclosures and small-business unfair terms.
Consumer Law & TradingPrivacy & Data - Reviewed29 May 2026
Privacy Act added to the business law tracker
This gives founders and SMEs a single plain-English place to start before moving into privacy policies, data handling contracts and breach response planning.
Privacy & Data - Reviewed28 Feb 2026
Spam Act flagged for marketing compliance review
Businesses running email or SMS campaigns should confirm consent records, sender identification and working unsubscribe links.
Privacy & DataConsumer Law & Trading
Cases
Bilal v Australian Information Commissioner [2026] FCA 376
Business owners should read this as a process case, not a final ruling on privacy access rights. The Court’s message is that decision-makers must deal with the complaint that was actually made. In practice, your business should keep a clear record of what the individual asked for, what information you hold, whether you hold it for yourself or for another entity, and the exact legal basis for any refusal. If you rely on a contractual or statutory exemption, make sure your explanation matches the request. If a complaint later goes to the OAIC or another body, inaccurate descriptions can become central. This case also shows that procedural fairness can matter in privacy complaint handling. If a regulator or dispute body is considering sending the matter elsewhere, the affected person may need a real chance to respond first.
Outcome: The Federal Court allowed the judicial review application. Stewart J set aside the OAIC decision dated 22 August 2025 under s 16(1)(a) of the Administrative Decisions (Judicial Review) Act 1977 (Cth) and referred the complaint back to the Commissioner under s 16(1)(b) for decision according to law. The Court also declared that the respondent's conduct in failing to afford procedural fairness before making the s 41 decision was unlawful and ordered the Commissioner to pay the applicant's costs. The Court refused broader relief that would have prevented the Commissioner from again considering s 41 or forced determination under s 52, and it declined to make a declaration that the complaint was valid because that was not in dispute.
Browne v Assistant Commissioner of Police, North West Metro Region [2026] FCA 15
If your business is considering a measure that intrudes on privacy or restricts how people enter, move through, or participate in a space, start with discipline rather than convenience. Identify the exact legal, contractual or policy basis for the measure. Define the risk you are trying to address. Ask whether the measure is actually necessary for that purpose, whether a narrower option would work, and how long it should remain in place. Record those reasons at the time, not later. This case also shows the importance of expressly considering privacy impacts rather than treating them as incidental. In practice, that means documenting what information will be collected, what searches or directions staff may give, who can authorise the measure, where it applies, and when it ends. If the control is event-based or incident-based, keep it tied to that context. Broad, open-ended arrangements are harder to justify. A well-intentioned manager can still expose the business if they rely on a broad safety rationale without applying the actual decision criteria.
Outcome: The applicants succeeded in part. The Federal Court declared that the designated area declaration made on or around 25 November 2025 was affected by jurisdictional error and therefore invalid. It also declared that the declaration was incompatible with human rights within the meaning of s 38(1) of the Charter and therefore unlawful, and unlawful because the decision-maker failed to give proper consideration to the privacy right in s 13 as required by s 38(1). However, the Court rejected the constitutional challenge to s 10KA(1), holding that the face-covering provision did not contravene the implied freedom of political communication. The originating application was otherwise dismissed, and there was no order as to costs.
Gao v Australian Information Commissioner [2026] FCA 24
The strongest lesson is about evidence and process. If your business collects personal information during sign-up and sends it to a credit reporting body, you should be able to show exactly when the customer moved from enquiry to application, what information was requested, why it was needed, whether a credit check was explained, and how consent was obtained. In this matter, the OAIC considered correspondence, Lumo’s account of the sign-up process, and a call recording before deciding not to investigate further. The Court then dismissed the judicial review challenge to that decision. That does not mean every similar business practice is lawful. It means good records can be decisive when a complaint is assessed. Review your scripts, forms, website notices, welcome packs, SMS and email templates, and call recording practices so they all tell the same story.
Outcome: The Federal Court dismissed Mr Gao’s three interlocutory applications and dismissed his originating application for judicial review. The Court also made costs orders in favour of the respondent, subject to a process for fixing costs on a lump sum basis and allowing the applicant to seek a different costs order by written submission. The practical effect was that the OAIC’s decision not to investigate the complaint further remained in place. The available reasons do not support a broader statement that the Court finally determined all underlying privacy allegations against Lumo or illion on their merits.
Garvey v Australian Information Commissioner [2026] FCA 614
If your business is challenged over records, privacy issues or a cyber incident, do not assume a court will sort out every factual dispute for you. A reviewing court usually asks whether the decision-maker made a legal error, not whether someone strongly believes more documents must exist. The practical response is disciplined record-keeping. Keep a written search trail, identify systems and custodians checked, record reasons for any refusal or redaction, and preserve incident reports and internal assessments. If serious allegations such as fraud, hacking or deliberate concealment are raised, they need evidence. This case also warns against overreaching subpoenas. If documents are sought in court, there must be a genuine connection between the documents requested and the legal issues the court actually has to decide. For business owners, the safest position is a careful process, clear reasons and records that can be defended later.
Outcome: Justice Longbottom dismissed both originating applications. The Court held that the applicant had not established administrative error in either the Tribunal decision or the Information Commissioner decision and that, in substance, the applications impermissibly invited merits review. The Court also held that the proposed subpoenas lacked a legitimate forensic purpose because they were aimed at proving the applicant's factual case rather than addressing legal error in the review proceedings, and to the extent they were said to support fraud allegations they were a fishing expedition. Leave to issue the subpoenas was refused, a stay was refused, and the application for a suppression order by pseudonym was also refused. Costs followed the ordinary rule.
Kant v Australian Information Commissioner (No 3) [2026] FCA 51
Read this case as a warning against premature narrowing. A complaint can be messy, emotional, over-inclusive or legally confused, but that does not mean you can safely reduce it to one issue and close the file. If your business receives a privacy complaint that mentions multiple incidents, multiple recipients of information, several related entities or a mix of access and complaint issues, map each allegation before deciding whether an exemption, jurisdictional limit or internal policy point applies. If only part of the complaint falls outside your process, say so clearly and deal with the rest separately. Confirm your understanding in writing, ask clarifying questions where needed, and keep a record of the documents you relied on. This case is best understood as a complaint-handling and decision-framing case. It does not resolve the underlying privacy allegations, but it shows how a flawed characterisation can undo the decision that follows.
Outcome: The Federal Court granted relief in part. Justice Snaden held that the Commissioner erred by characterising the complaint or enquiry as pertaining solely to conduct attributable to ASIO, and that this was a jurisdictional error. The court issued certiorari quashing the OAIC decision made on 12 September 2023 and mandamus requiring the Commissioner to determine the complaint or enquiry according to law. The respondent was ordered to pay the applicant’s costs, with assessment if not agreed. The reasons also state that the other grounds relied on by Mr Kant were not made good. The result was therefore procedural rather than substantive: the refusal decision was set aside, but the underlying privacy allegations were not finally resolved.
Lumina BPO Pty Ltd v Cocoon Data Technologies Pty Ltd [2026] FCA 116
If you are supplying services to a group of related companies, decide up front whether you want one contracting entity or several. Then make the proposal, engagement letter, terms of trade, acceptance process and invoicing pattern all line up. In this case, the Court treated the contractual definition of the “Cocoon Data Group” as critical, and that contractual definition was not the same as every use of that phrase in the evidence. The Court also accepted that one entity could be the payroll and administration vehicle without being the only party liable. If you are the customer, read group engagement letters carefully before signing. A CEO or director signing once may be accepting liability for multiple entities if the document is drafted that way and the signatory has authority. Do not assume that because one company pays invoices, only that company is bound.
Outcome: The Federal Court held that each of the corporate respondents, together with Cocoon Data Australia, was a counterparty to the contract. As the contract expressly provided that where there was more than one client each client was jointly and severally liable for Lumina’s professional fees and expenses, the corporate respondents were liable for the unpaid debt. The Court entered judgment against the corporate respondents for $269,865.56 plus pre-judgment interest. The amount reflected Lumina’s invoiced claim less the dividend it had received under the DOCA of Cocoon Data Australia, with interest added. The claim against Mr Telford personally was dismissed when the matter came on for hearing, and the alternative claims for promissory estoppel and misleading or deceptive conduct were not pressed. Costs were left for further short minutes or submissions.
Pett v National Disability Insurance Agency (No 2)
Business owners should read this case as a document-handling and litigation strategy decision. The Court protected the spreadsheets because of a particular combination of factors: they contained non-public embedded formulae, they also contained highly personal information, they had only limited significance to the issues actually decided on appeal, and they originated in a tribunal process where a confidentiality order was still operating. The practical takeaway is not that you can simply label a document confidential and expect the court to agree. The test is necessity, and open justice remains the starting point. If your business wants protection, you need a clear explanation of what the document contains, why the sensitive parts matter, whether the information is already public, whether a narrower step such as redaction would work, and whether publication would cut across an existing confidentiality regime. If you use internal spreadsheets or calculators in disputes, control the format carefully. Native files can expose formulae and methods that are invisible in a PDF. Keep records showing how the document has been treated internally and in earlier proceedings. If another tribunal, regulator or court has already imposed confidentiality restrictions, make sure that issue is raised directly in any later proceeding.
Outcome: The Court made ongoing suppression and confidentiality orders over the identified spreadsheets in both native.xlsx and PDF form, together with copies or adaptations of them, until further order. Disclosure remained permitted to the Court, the parties and their legal representatives. The Court also directed the Registrar to note the restrictions on the Electronic Court File and to refer any inspection application to a judge. The Court held that suppression was necessary to prevent prejudice to the proper administration of justice because the material originated in a Tribunal process where confidentiality remained in place, the native files contained non-public formulae and methodology, the PDFs were derived from the same protected source and could reveal aspects of the formulae, and the spreadsheets had only a limited role in the appeal. The Court said open justice still applied, but those circumstances justified departure from ordinary public access.
Vinall v Bank of Western Australia Limited trading as Bankwest [2026] FCA 143
For business owners and lenders, the practical message is twofold. First, if you report hardship information, make sure the reporting can be traced clearly to the governing legislation, the Privacy (Credit Reporting) Code and the actual terms of the hardship or variation arrangement. A clean documentary trail matters, especially where an AFCA determination has directed how reporting should occur. Second, if you want urgent court orders to stop or reverse reporting, incomplete evidence can be fatal. The Court gave weight to missing documents, redactions and uncertainty about the transaction said to be at risk. It was also not persuaded that damages would be inadequate. Businesses should read this as an interlocutory decision only. It did not finally decide whether the reporting was lawful in the substantive proceeding. But it does show that urgent applications need complete, unredacted and commercially specific evidence, together with a persuasive explanation of why the requested orders do not cut across the purpose of the reporting regime.
Outcome: The application for interim injunctive relief was dismissed, with no order as to costs. The Court held that the applicant had not shown a prima facie case of sufficient strength to justify the extraordinary relief sought. On the material before the Court, the serviceability arrangement and the varied contract appeared to fall within the statutory concept of financial hardship arrangements, and the reporting appeared to fit the framework in section 6QA of the Privacy Act and the Privacy (Credit Reporting) Code 2025. The Court was also not satisfied that damages would be inadequate if the applicant later succeeded, particularly given the incomplete evidence about the property transaction and the redacted broker email relied on to show urgent commercial harm. Finally, the balance of convenience weighed heavily against relief because the orders would have prevented or obscured hardship information from being seen by prospective financiers, raising public policy concerns within the statutory credit reporting regime. The decision was interlocutory only and did not determine the substantive claims in the proceeding.
Australian Steel Manufacturing Pty Ltd v Selection Steel Trading Pty Ltd
Business owners should read this as a contract management case as much as an insolvency case. If you want your standard terms to govern future trading, make that clear at onboarding and keep a clean acceptance trail. Do not assume a purchase order automatically overrides a signed credit application, or that a signed credit application automatically wipes away earlier communications. If you are thinking about serving a statutory demand, first test whether there is any arguable dispute about the governing terms, delivery obligations, payment timing, defects, delay or set-off. If you receive a demand, act immediately. The court can set a demand aside where there is a genuine dispute or offsetting claim, but the response must be made within the statutory process and supported by evidence.
Outcome: The Federal Court allowed Australian Steel's review application, set aside key orders made by the Judicial Registrar, and ordered under s 459H that Selection Steel's statutory demand dated 5 June 2024 be set aside. The court also ordered Selection Steel to pay 70% of Australian Steel's costs. O'Bryan J confirmed that the review was by way of hearing de novo, so the matter was considered afresh on the evidence and law at the time of review. The result shows that the demand could not stand as an insolvency mechanism on the material before the court. Because the available reasons are incomplete, the full judgment should be checked for the court's complete reasoning on whether the decisive basis was a genuine dispute, an offsetting claim, or both.
Bain v International Capital Markets Pty Ltd (No 4)
Business owners should read this as a data minimisation case as much as a privacy case. The Court did not decide the merits of the underlying class action. It decided a procedural question about what information was necessary for an opt out notice and whether the applicants' lawyers should receive the customer list. The answer turned on whether the extra data was needed now, for this notice, and whether disclosure was proportionate given the privacy, confidentiality and security concerns. The Court accepted that names, email addresses and client IDs were enough for the notice's purpose. It was not persuaded that adding account numbers, balances, deposits and withdrawals was necessary, and it was concerned there was no evidence about the applicants' security controls if the list were handed over. If your business handles customer data in disputes, match the data used to the exact purpose, keep the notice focused, and document security measures before sharing any list externally.
Outcome: The Court rejected the applicants' request for a highly personalised opt out notice and refused, on the material before it, to require that the potential group member list be provided to the applicants. Justice Neskovcin held that the more limited information proposed by the respondents was sufficient to ensure potential group members were accurately informed of their right to opt out and could make an informed decision. The Court accepted that the additional account and transaction details sought by the applicants were private, confidential and sensitive, and it was not persuaded that including them would materially reduce the risk of the email being treated as a scam. The Court also relied on the absence of evidence about the applicants' security measures if the list were disclosed. The parties were directed to confer about the covering email and subject heading and to submit proposed orders by 5 September 2025, with orders to be substantially in the form sought by the respondents.
BDR21 v Australian Broadcasting Corporation (No 3)
Read this case as a warning against casual reuse of litigation documents. The Court did not give a general right to repurpose discovered material. It granted a narrow, purpose-specific release for identified documents and two verification affidavits so the first applicant could attempt in good faith to make a public interest disclosure. The decision also makes an important timing point. PID Act immunity attaches to making a valid disclosure, not necessarily to the earlier work of gathering information from discovered documents. If your business is in a dispute, treat discovered material as locked to that case unless a court order, statute or clear legal advice says otherwise. If someone wants to use those documents for a whistleblower report, regulator complaint, internal integrity process or another proceeding, the safest course is to seek advice on whether court leave is needed and how tightly any proposed use must be confined.
Outcome: The Federal Court granted the first applicant a limited release from the Hearne v Street obligation for the documents identified in Schedule 1 to the orders, including specified Tranche 01 and Tranche 02 discovery documents and two verification affidavits. The release was confined to the purpose of attempting in good faith to make a public interest disclosure under the PID Act. The Court otherwise dismissed the remaining parts of the amended interlocutory application dealing with the Hearne v Street issue and made no order as to costs on that aspect. The reasoning was that the PID Act immunity was not yet engaged before a valid disclosure had been made, and that special circumstances justified a tightly tailored release.
Bowcher (liquidator), in the matter of Blacktrans Express Pty Ltd (in liq) v Black
If your company enters liquidation, do not treat company books, passwords, keys, vehicles, trailers, plant or records as if they remain yours to hold back, sort out later or move elsewhere. This case shows that where liquidators make repeated requests and the evidence suggests assets or books are being withheld, concealed or moved, the Court may authorise a search and seizure warrant without first notifying the director. The orders can go beyond the search itself. Here, the Court also made confidentiality orders to avoid tipping off the defendant, required the liquidators to report back on what was seized, and ordered the defendant to later file an affidavit identifying the whereabouts of outstanding vehicles and keys and the basis for any ownership dispute. For business owners, the safest approach is clear asset registers, proper separation of personal and company property, prompt written cooperation with liquidators, and early legal advice if there is a genuine dispute about ownership or access.
Outcome: The Federal Court granted the liquidators' application. Derrington J allowed the matter to proceed ex parte, ordered the District Registrar to issue a section 530C warrant, and authorised the liquidators, with reasonably necessary assistance including police assistance, to search for and seize the listed vehicles and company books in the defendant's possession, custody or control at the Rand property. The Court also made confidentiality orders over the application materials until after execution reporting, required the liquidators to file an affidavit reporting on execution and listing what had been seized, and ordered later service of the court documents on the defendant. In addition, the Court made a section 597A order requiring the defendant, after service, to file an affidavit identifying the whereabouts of any outstanding vehicles and keys, possible holders of them, and the basis with supporting documents for any claim that they were not company property.
Emerald No 2 (SA) Pty Ltd v Matthews, in the matter of Sapphire (SA) Pty Ltd
If your company is already in liquidation, that does not automatically mean every restructuring option is closed. In some cases, the Court may allow a move back into voluntary administration so creditors can consider a deed proposal. But the Court will not do that just because a director wants another chance. You need a practical reason for the change, evidence that creditors may do better than they would in liquidation, a suitable and independent appointee, and a process that avoids wasting money repeating work already done. This case also shows that strained relationships with an incumbent liquidator can matter, but only where replacement is just and beneficial overall and tied to a real proposal. Most importantly, the Court generally leaves the commercial decision to creditors, provided there is no obvious impropriety in putting the proposal to a vote.
Outcome: The Court granted the application. It removed the incumbent liquidator and appointed Mr Richard Trygve Rohrt as liquidator. It then granted leave for Mr Rohrt to be appointed as voluntary administrator of Sapphire (SA) Pty Ltd. The Court also made truncated administration orders so the administration could proceed without repeating steps that had little utility after an 11-year external administration, including dispensing with a first creditors’ meeting and certain investigation and reporting requirements. The winding up was stayed from the time of Mr Rohrt’s appointment as administrator, and the Court ordered that the winding up be terminated once a deed of company arrangement substantially in the identified form had been fully effectuated and notice given to ASIC. There was no order as to costs.
Gogulwar v H.B. Fuller Company Australia Pty Ltd
Business owners should read this case as a reminder to separate three issues that often get blurred together in workplace disputes. First, identify the actual source of the requirement, such as a public health direction or another legal rule. Second, ask only for the information genuinely needed to comply with that requirement or to assess whether the employee can perform the role. Third, if disciplinary action is being considered, make sure the evidence shows the decision was made for that operational or legal reason, not because the employee complained, questioned management, raised safety issues or referred to privacy rights. The available judgment supports the view that the employer succeeded because the court accepted its explanation of why it acted. Businesses should still be cautious about making broad assumptions from this case. Public health directions change, workplace facts differ, and the available judgment does not contain the full reasoning on every issue argued.
Outcome: The Federal Court dismissed the appeal. The orders and catchwords make that result clear. On the available judgment text, the court did not disturb the primary judge’s conclusion that the employer had rebutted the section 361 presumption. The visible material supports the employer’s position that the dismissal was connected to the employee’s refusal to disclose vaccination status, the operation of the Victorian public health directions, and the resulting inability to attend the workplace and perform the inherent requirements of his on-site role. Because the available text is truncated, it is safer not to go further than that in describing the court’s detailed reasoning on each pleaded claim.
Haverkort v Qantas Airways Limited
Business owners should read this as a communications and privacy process case, not a final ruling on refund liability. If you need to contact customers about a dispute, class action, remediation program or regulatory issue, do not assume that using your brand or domain is always the safest option. The Court looked closely at whether the sender identity matched the true source of the communication, whether recipients might be confused, and whether extra personal details were genuinely necessary. It preferred a structure where customer data was used behind the scenes by a distribution agent, but not exposed in the notice itself. It also supported verification steps such as links on a known company webpage and the Court website. In practice, businesses should settle notice wording, sender identity, hotline ownership, privacy controls and third-party undertakings early, before any mass communication goes out.
Outcome: The Court approved the opt out notice, fixed the opt out deadline at 4.00 pm AEST on 24 April 2026, approved a detailed distribution process and approved the expert questions in Annexure C. It held that the notice should not be sent from an email address ending in qantas.com because the notice was not a communication from Qantas and using that domain could create an incorrect or misleading impression, cause confusion and lead to misdirected enquiries. The Court also held that booking references and cancelled flight dates should not be included in the notice itself because recipients might be concerned by unexpected personal and confidential information, and because including that information might not reduce scam concerns and could heighten them. The Court instead ordered a confidential third-party distribution process using Qantas' records in the background.
HKW25 v National Disability Insurance Agency
Read this case as a decision about anonymity in litigation, not as a general statement of Australian privacy law. It does not create a new rule requiring businesses to conceal identities, and it is not authority that all health or disability disputes should proceed confidentially. What it does show is how the Federal Court approaches suppression applications where serious mental health evidence is put forward. The Court required more than general assertions, allowed further evidence to be filed, noted that the NDIA did not oppose the application, and then made an order limited to what was necessary. If your business is involved in a dispute touching sensitive personal information, think separately about pre-litigation privacy obligations, what must actually be filed in court, and whether there is evidence strong enough to justify a targeted anonymity application. Also remember that an order made until further order can later be revisited.
Outcome: The Court granted the application and ordered, until further order, that the applicant continue to be known as "HKW25" and that information revealing or tending to reveal his identity not be disclosed or published. The Court accepted that identifying the applicant would likely aggravate his serious mental health conditions and create a threat to his safety. It also considered that open identification would prejudice the proper administration of justice because it would likely worsen the disabilities connected to the proceeding and undermine the applicant's safe access to the Court. The Court further noted a possible chilling effect on similarly situated litigants. The order was expressly left open to later reconsideration if sought by a party, the media or the public.
Horizon Solsolutions Australia Pty Ltd v National Disability Insurance Agency
If your business depends on fast decisions from a government payment system, do not assume the usual turnaround time will continue once integrity concerns arise. This judgment shows that a court may be slow to force immediate decisions where the agency can point to statutory duties around fraud prevention, risk control and stewardship of public money. The case was not a ruling that Horizon committed fraud or breached privacy law. The court’s decision turned on the high threshold for proving unreasonable delay, not on the merits of the underlying allegations. Even so, the background shows how disputed issues about billing, records, audit findings and data handling can combine to trigger manual review and serious cashflow stress. Businesses should keep claim documentation strong, train staff on privacy and billing practices, respond quickly to regulator concerns, and plan for the possibility that payment cycles can blow out from days to weeks while reviews continue.
Outcome: The Federal Court dismissed both applications with costs. The published catchwords state that the court was not satisfied there had been unreasonable delay by the NDIA in deciding Horizon’s claims for payment. The judgment also records that unreasonableness must be assessed objectively in light of all the circumstances and that it is not the court’s role to supervise the administration of the agency absent an issue involving legality. The decision should be read as a ruling about the high threshold for proving unreasonable delay, not as a final judicial finding on the truth of the disputed allegations that formed part of the background to the NDIA’s manual review.
Jacksons Drawing Supplies Pty Ltd v Jackson's Art Supplies Ltd (No 2)
If you are launching or localising an online store for Australia, clear the brand early and test the whole customer journey for confusion. This case shows that courts assess the combined effect of naming, website structure, currency, local contact details, warehouse references and customer service conduct. A disclaimer may be ordered, but only as tightly controlled corrective relief, not as a general permission slip to keep trading in a confusing way. Here, the court required a specific disclaimer, a pop-up that blocked access until acknowledged, and a repeat statement at or near the bottom of each page. It also refused to require a hyperlink to the Australian business's website because the purpose of the order was to correct confusion, not to drive traffic. Businesses should read this as a warning that localisation decisions made by marketing, web and support teams can create ACL and passing off exposure just as readily as formal advertising claims.
Outcome: The court declared that the first and second respondents had contravened section 18, section 29(1)(g) and section 29(1)(h) of the Australian Consumer Law and had engaged in passing off. On and from 26 September 2025, they were permanently restrained from operating the identified Australia-specific site and any other website, subdirectory or subdomain with specified Australian characteristics unless a prescribed disclaimer was displayed. The disclaimer had to appear prominently in a pop-up at least once in any browser session, block access until acknowledged, and also appear at or near the bottom of each page. The court ordered an inquiry as to pecuniary relief, otherwise dismissed the amended originating application and the cross-claim, and made lump sum costs orders with a 15% discount applied to the assessed sum.
Lattouf v Australian Broadcasting Corporation (No 2)
If a worker’s public comments trigger complaints, slow the decision down enough to separate legal grounds from commercial pressure. Check the contract, any enterprise agreement, any applicable policy, and whether the worker has been given a clear direction or only informal advice. Record who made the decision, what information they had, and the exact reason for the action. If the issue is framed as misconduct or policy breach, follow the disciplinary steps that apply, including notice of the allegation and an opportunity to respond where required. This case is a reminder that a short engagement does not remove legal risk. A rushed decision can create liability both for the reason behind the termination and for skipping the process that should have been followed.
Outcome: The Court declared that the ABC contravened s 772(1) of the Fair Work Act by terminating Ms Lattouf’s employment for reasons including that she held a political opinion opposing the Israeli military campaign in Gaza. It also declared that the ABC contravened s 50 by breaching specified clauses of the ABC Enterprise Agreement 2022-2025. The ABC was ordered to pay Ms Lattouf $70,000 in compensation. The Court did not finally determine pecuniary penalties in the orders reproduced here, instead directing that there be a further hearing to decide whether any penalty should be imposed and, if so, in what amount.
Leigh v National Disability Insurance Agency
Do not assume the Federal Court will keep names, allegations or documents private just because the material is sensitive or because another forum already granted anonymity. This case shows that the Court requires cogent evidence and a close fit between the order sought and the statutory ground relied on. General privacy concerns, distress, embarrassment, or broad claims that publicity may be misused elsewhere are not enough. For business owners, the practical response is to plan confidentiality early. Decide what really needs to be filed, whether redactions or narrower annexures are possible, and whether there is evidence to support any application for suppression or non-publication. If you are relying on safety concerns or prejudice to other proceedings, you will need concrete material showing a real and legally relevant risk, not just understandable concern.
Outcome: The Court dismissed the interlocutory application. It held that the applicant had not shown the requested orders were necessary on the grounds relied on. The judgment says generalised privacy concerns, including concerns about medical and health-related information, did not satisfy the statutory test. The Court also held that an earlier AAT pseudonym order did not automatically justify the same result in the Federal Court because the AAT was applying a different and less demanding provision. On the evidence before it, the Court was not satisfied that suppression was necessary to prevent prejudice to the proper administration of justice in the other proceedings identified by the applicant. The published reasons available here also indicate the safety case was not made out on the material summarised.
Leigh v National Disability Insurance Agency (Extension of Time and Leave to Appeal)
If your business needs confidentiality in Federal Court proceedings, do not assume sensitivity alone will be enough. Work out early exactly what protection is sought, which statutory ground may apply, and what evidence can show the order is necessary. Also check whether any existing confidentiality order comes from a different legal regime, because tribunal protections do not automatically transfer to the Federal Court. This case is also a reminder to treat interlocutory appeal deadlines seriously. A late application usually needs both a satisfactory explanation for delay and a proposed appeal with real prospects. If either element is weak, the Court may refuse to let the appeal proceed at all.
Outcome: The Federal Court dismissed the application for an extension of time and leave to appeal. The judgment records that the application was filed more than two months late, there was not a complete explanation for the delay, and the proposed appeal had no reasonable prospects of success. In assessing the proposed appeal, the Court accepted the primary judge’s reasoning that the applicant’s concerns were too general to establish that pseudonym and suppression orders were necessary under the Federal Court Act. The Court also accepted that earlier AAT orders did not control the Federal Court outcome because the statutory tests were different and more demanding in the Court. As a result, the applicant could not overcome either the lateness problem or the weak merits of the proposed appeal.
McGinn v Australian Information Commissioner (No 2)
Businesses should read this case as a reminder to separate three issues that often get mixed together in customer disputes: whether an event happened, whether a record of that event exists, and whether your business holds personal information that must be given under APP 12. The Court accepted that an OAIC delegate could treat those as different questions. If your business genuinely does not hold the requested record, privacy law may not require you to create one just to answer the request. But that is not a licence for poor systems. You still need to know which entity holds what, search properly, explain your position consistently, and keep a clear written trail. Confusion across head office systems, third-party platforms or related entities can turn an ordinary complaint into a costly privacy dispute.
Outcome: The Federal Court dismissed the originating application in full. Jackman J held that the delegate had afforded procedural fairness by providing a preliminary view, supplying the substance of the adverse material, inviting a response and considering that response before making the final decision. The Court also rejected the allegations of actual bias, irrelevant considerations, failure to consider relevant material, unreasonableness, no evidence and misconduct. It found that the delegate had cogent reasons for accepting North Shore BMW's position that it did not hold a record dated 15 May 2017 and that the decision had an evident and intelligible justification. The applicant was ordered to pay the respondent's costs.
Miciulis v Cimic Group Limited
Business owners should read this as a class action settlement approval case, not as a new statement of privacy law. The Court did not finally decide whether CIMIC breached continuous disclosure or misleading conduct laws. Instead, it approved a no-admissions settlement and the machinery for distributing the settlement fund. The practical lesson is that process matters. If your business is defending a representative proceeding, the headline settlement figure is only part of the picture. The Court may closely examine legal costs, funding commissions, administration costs, reimbursement payments, registration rules, objections and confidentiality requests. If your business could be a claimant or group member in a class action, registration deadlines matter as much as opt out deadlines. Missing them can affect whether you receive any payment even if you remain bound by the outcome. For listed businesses, strong governance around market disclosures, financial reporting and investor communications remains critical because those issues can become the foundation of long-running and costly litigation.
Outcome: The Federal Court approved the settlement and the settlement distribution scheme. Neskovcin J held that the proposed settlement was fair and reasonable and in the interests of group members as a whole. The Court granted the funder leave to intervene for the settlement approval application, approved the deed of settlement signed on 27 November 2024, appointed an administrator, and ordered that only registered group members and certain deemed-registered late group members could receive distributions. The Court adopted the costs referee's report, approved specified costs and expenses, made a common fund order requiring participating group members to contribute pro rata to the funding commission, and made confidentiality and non-publication orders over identified materials. The parties were directed to seek final dismissal and bar orders after completion of settlement administration.
Norden Holdings Pty Ltd (Trustee) v Martens Investments Pty Ltd (Trustee), in the matter of Amazonia IP Holdings Pty Ltd (No 6)
Read this case as a warning about court process, not as a general statement that privacy lets businesses withhold records. The court treated the real problem as non-compliance with existing orders. Redacted documents were non-compliant because there was no order permitting redactions. Incomplete emails without attachments were non-compliant. A trial balance was not accepted as compliance where general ledgers had been ordered. The court also rejected the idea that direct access required some special, near-impossible threshold. In the circumstances, the question was whether stronger procedural relief was justified, and the answer was yes in part because there had been delay, admitted non-compliance and no acceptable plan to fix it. If your business has confidentiality concerns, the safe course is to seek protective orders or a variation from the court before altering production.
Outcome: The application was allowed in part. Wheatley J held that most of the specific document types sought under the May orders and the expert requests had not been provided, and that the June 2024 orders had not been complied with because the required general ledgers were not produced. The court decided that direct access to the relevant systems should be granted so the applicant could satisfy itself about documents that should already have been produced. The reasons emphasised non-compliance with previous orders, delay, the oppression context of the proceeding, the need to avoid further delay and increased costs, and the absence of any reasonable or acceptable proposal for compliance. The court said it would hear further on the precise form of orders and separately on costs.
Pigozzo v Mineral Resources Ltd (No 3)
The main lesson is procedural but commercially important. Once information goes into pleadings, affidavits or other court documents, your ability to claw it back can become limited. This case shows the Federal Court may make tailored confidentiality, suppression and file-access orders after settlement, but it will not treat those outcomes as automatic. The Court distinguishes between material already used in open court and material that has not been publicly deployed, and that distinction can affect what protection is available. Businesses should therefore review draft court documents carefully, avoid unnecessary detail, identify confidential material early, and seek narrow protective orders on proper grounds before hearings if possible. Settlement terms should also be drafted realistically. A private agreement can require the parties to ask the Court for certain orders, but it cannot guarantee the Court will make them.
Outcome: The Court made a tailored set of orders on 18 September 2025. It dismissed a number of interlocutory applications with no order as to costs, upheld objections to parts of the applicant’s affidavit evidence and struck out identified passages, and discharged some earlier suppression and confidentiality orders. It also prohibited disclosure of the statement of claim filed on 1 June 2022 and the amended statement of claim accepted for filing on 19 June 2023 until further order, subject to specified exceptions. The Registrar was directed to remove certain documents from the Court file and store them as voided and suppressed records, while other documents were made confidential and unavailable for non-party inspection unless leave was granted. The result reflects a controlled, rule-based approach rather than automatic approval of all settlement-driven secrecy.
Reiche v Neometals Ltd (No 3)
If your business is in Federal Court, do not treat filed evidence as automatically private once it is used in open court. This case shows that affidavits and exhibits read or relied on in court will usually be open to inspection by outsiders, including the media. At the same time, the Court can protect specific categories of information through non-publication orders, especially struck-out material and private personal details of natural persons. The decision was procedural and the orders were made after the parties consented to the Court's proposed approach. For business owners, the practical message is to prepare evidence carefully. Before filing and before trial, review whether names, addresses, email addresses, phone numbers and similar details are really needed. If sensitive information must be included, consider early applications for tailored protection rather than broad claims of secrecy.
Outcome: The Court granted leave for Adele Ferguson of the ABC to inspect the affidavits and exhibits listed in paragraph 1 of the orders because those documents had been tendered and used as evidence in the proceeding. It refused leave to inspect four other affidavits because they were one or more of unsigned, not read in open court, or not relied on in open court, and therefore were not part of the evidence received. The Court also made non-publication orders until further order over specified struck-out paragraphs and over specified personal information concerning natural persons, including names in some circumstances and contact details. The reasons make clear that the orders were procedural, grounded in open justice principles, and made after the parties consented to the Court's proposed approach.
Reurich v Savills (SA) Pty Ltd
Business owners should read this case as a process and evidence case. The Court accepted that disability protections were engaged and that assistance-animal protections can extend beyond a person being presently accompanied by the animal. Even so, the claim failed because the applicant did not prove the required legal elements. The practical lesson is not that bans are unlawful, but that bans and removals must be defensible on the facts and capable of being explained without reference to disability, an assistance animal, or retaliation for a complaint. If your staff or contractors can exclude people from premises, they need training on when discrimination risk arises, how to state the actual reason for action taken, and when repeated or long-term bans should be escalated for management or legal review.
Outcome: The Federal Court dismissed the application. The Court's published orders on 30 April 2025 dismissed the proceeding and set a timetable for any costs application to be determined on the papers. In the visible reasons, the Court said Mr Reurich failed to establish his claims of direct discrimination, indirect discrimination, victimisation or incitement against any of the respondents. The Court nevertheless accepted important threshold points, including that he had a disability for the purposes of the Act, that the allegations concerned access to public premises, and that assistance-animal protections can extend beyond present possession of an animal. The claim failed because the Court was not satisfied that the statutory tests were proved on the evidence.
Roberts-Smith v Fairfax Media Publications Pty Ltd (Admission of Recording)
The practical reading for business owners is narrow but important. This was not a court endorsement of secretly recording or circulating private conversations. Nor was it a final finding that the recording proved the alleged misconduct. The court was deciding an evidence question only: whether the recording and derivative versions could be admitted despite objections under sections 135 and 138 of the Evidence Act. The answer was yes, largely because the recording was treated at its highest for admissibility purposes, had mid-range probative value, and was central to a grave allegation raised in the reopening application. In practice, businesses should have clear rules on recording, access, storage and disclosure, and should get legal advice before sharing recordings that may involve privacy rights, privileged information or active proceedings.
Outcome: The Full Court admitted the recording and derivative versions of it. On section 135, it held that the recording's probative value had to be taken at its highest and assessed that value as lying in the middle range. It found no unfair prejudice substantially outweighing that value, particularly in a judge-alone setting where the alleged deficiencies could be considered when assessing weight. On section 138, the Court assumed in the respondents' favour that Person 17 had communicated the recording unlawfully under Queensland law, but still held that the desirability of admitting the evidence outweighed the undesirability of admitting evidence obtained that way. The recording was central to the application and was said to raise a grave allegation, which strongly influenced the result.
Vehicle Monitoring Systems Pty Limited v SARB Management Group Pty Ltd trading as Database Consultants Australia (No 13)
If your business is in patent litigation, do not treat the money stage as something that can be worked out later with broad estimates. This case shows the court may require a claimant to elect between damages and an account of profits once it considers enough information has been provided, even if the claimant would prefer to wait for more evidence or testing. In practice, businesses should prepare early for remedy-stage disputes by identifying what records exist, how revenue was generated, what costs are said to be attributable, and how internal spreadsheets or apportionment formulas were built. If you are producing affidavit evidence, it needs to comply with the court’s orders and explain the methodology clearly. If you are receiving that evidence, assess early whether it is enough to force the other side to commit to one remedy path. Finance, operations and legal teams should work together from the start, because the quality of business records can directly affect litigation strategy.
Outcome: The Federal Court ordered VMS to notify the City in writing of its election between damages and an account of profits within 21 days of 4 September 2025. The court also ordered VMS to pay the costs of the 10 July 2025 hearing and preparation for it, and the costs related to its application to re-open and rely on the affidavit of Mr Piesiewicz sworn 21 July 2025. On the material visible in the judgment, the court concluded that the balance favoured requiring an election now rather than allowing VMS to defer the choice while keeping both remedies open. The decision therefore narrowed the remaining dispute and reinforced the court’s case management emphasis on efficiency once sufficient information has been produced.
Court House Capital Pty Ltd v RP Data Pty Limited
If your business is using a commercial litigation funder, do not assume the downside sits only with the claimant on the court record. This case shows that a funder backing litigation for profit may be exposed to an adverse costs order if the claim fails and the court considers the funder sufficiently connected to the case. The absence of an adverse-costs indemnity was not enough to protect the funder here. Nor was it decisive that the funded parties formally retained the right to instruct their lawyers. If your business is defending a funded claim, think early about whether to seek disclosure of the funding arrangement, whether security for costs is worth pursuing, and whether a later non-party costs application may be available. If your business is being funded, review the agreement carefully and understand who carries what risk if the case is lost after trial or appeal.
Outcome: The Full Court dismissed the appeal. It held that Court House had not established any reviewable error in the primary judge’s discretionary decision to make a non-party costs order. The court confirmed that the Federal Court’s costs power under s 43 extends to non-parties and that the relevant inquiry is whether the non-party has a sufficient connection with the litigation and whether making the order is fair in all the circumstances. It rejected the suggestion that there is a rigid checklist for these cases and said it is not necessary to prove impropriety or abuse of process before a non-party costs order can be made. The court also rejected Court House’s arguments based on RP Data’s failure to seek security for costs earlier. Court House was ordered to pay RP Data’s costs of the appeal as agreed or taxed.
Hardingham v RP Data Pty Limited (Third Party Costs)
Read this case as a practical warning about risk allocation, not just funding mechanics. A commercial funder cannot assume it is insulated from adverse costs merely because the claimant remains the named party, the agreement says the claimant instructs the lawyers, or the funder did not promise to cover adverse costs. Here, the funder only actually paid senior counsel's fees, but that did not save it. The Court focused on the commercial reality: the funder backed the case for profit, had rights requiring consultation and consent before compromise, and attended mediation. For claimants, funding agreements should be reviewed for control rights, settlement rights, pricing and downside exposure. For defendants, investigate whether a funder is involved, consider security for costs where appropriate, and keep open the possibility of a later third party costs application if the claimant cannot pay.
Outcome: The Federal Court ordered Court House Capital Pty Ltd to pay RP Data's costs of the proceeding excluding the cross-claim, on a party and party basis up to 11.00 am on 28 June 2019 and on an indemnity basis thereafter. Court House was also ordered to pay RP Data's costs of the interlocutory application dated 3 February 2023. The costs were to be paid by way of lump sum, with a Registrar to fix the amount if the parties could not agree. Thawley J held that Court House was a commercial litigation funder seeking to profit from the proceeding, that it had a sufficient connection to the litigation, and that it was fair for it to bear the costs risk when the funded claim failed. The Court rejected the argument that RP Data's failure to seek security for costs earlier prevented that result.
ACCC v Google
Businesses collecting location or behavioural data should make privacy and consumer disclosures match the real product settings. Privacy wording can also be consumer law risk.
Outcome: The Federal Court found Google had made misleading representations to some Android users about location data settings during the relevant period. The decision showed that consumer law can apply to privacy and product-setting representations, not just classic sales advertising.