IPMojo

BOOK AN APPOINTMENT

Scott Coulthart

by

Back in our Privacy 2.0 series, we unpacked the upcoming Children’s Online Privacy Code — a new legal framework aimed at improving how kids’ personal information is handled online. Now, we’re hearing more from the people it’s meant to protect.

Children themselves have made it clear: they don’t want to be tracked, profiled, or buried in unreadable consent forms. And for companies whose business depends on that data, the reforms aren’t just a policy shift — they’re a threat to the model.

What Children Say

Our earlier blog post focused on the what: a binding industry code to strengthen children’s data protections under the Privacy Act 1988 (Cth).

Now we’re seeing more of the why — and it’s coming straight from the kids.

According to findings from consultations with children conducted by Reset Tech Australia, the message is loud and clear: children aren’t just passive subjects of data collection. They have opinions — strong ones.

Among the most consistent themes:

  • Nearly 90% of children surveyed want default privacy settings set to high, and geolocation turned off by default.

  • Many want simpler, age-appropriate explanations of how their data is used.

  • Crucially, they want the ability to delete their data — a right currently absent from Australia’s privacy framework.

As Privacy Commissioner Carly Kind put it (in her recent discussions with The Australian newspaper):

“Kids aren’t going to read 50 pages of terms and conditions when they sign up to an app… How do we give them actual choices, and not just the ability to click ‘I consent’ when they haven’t even read something, and it’s not a genuine form of consent?”

That question goes to the heart of what the Children’s Privacy Code — and broader privacy reform — is trying to fix.

Not Just Social Media — The Code’s Expanding Reach

Commissioner Kind also confirmed that the Children’s Privacy Code will work in parallel with the upcoming ban on under-16s using social media — but its scope is much broader. The Code will apply to:

  • Websites and online services accessed by children,

  • Wearable devices and fitness trackers, and

  • Education technology and apps, including those used in schools.

In other words, the Code is not just about excluding children from certain online spaces. It’s about protecting them wherever they are — especially in digital environments they’re required to engage with for school or social connection.

This dual approach — platform bans on one side, enforceable data safeguards on the other — reflects a recognition that meaningful participation in digital life shouldn’t come at the expense of privacy.

Who’s Worried — and Why

Stronger children’s privacy rules are good policy — but they’re also bad news for some very profitable business models. Behind the push for transparency and consent reform lies a quieter question: who stands to lose when kids gain more control over their data?

Let’s follow the data trail.

Adtech platforms are the obvious players at risk. Targeting, profiling, and retargeting of under-18s — even if indirect — fuels everything from engagement strategies to dynamic pricing models. If default privacy settings go “high” by law, or profiling becomes opt-in (or outright banned), that revenue stream starts to dry up.

Social platforms, even those ostensibly closed to under-16s, have powerful incentives to retain youth users — both for ad revenue and for maintaining long-term brand stickiness. The idea that kids might have a right to delete their data, opt out of tracking, or receive age-appropriate disclosures cuts into their legal risk model.

Then there’s edtech — the often-overlooked battleground. Many school-deployed tools gather extensive user-level data but offer limited controls to students (or even schools). Vendors that haven’t built privacy-by-design tooling may soon be scrambling to comply.

And finally, consumer IoT and smart toys — products that rely on voice input, biometric sensors, or location tracking — may find their compliance and legal risk profile radically changed if the Code’s protections become enforceable.

Most won’t publicly oppose child protection. But you can expect to see:

  • Lobbying for “flexible” implementation timelines,

  • Calls for “self-regulation”,

  • Quiet legal arguments around the scope of “reasonable access by children”, and

  • Industry pushback on making data deletion or privacy impact assessments mandatory.

What This Means for Industry

If your platform, app, device, or service is used by children, or may reasonably be accessed by children, you’ll need to start preparing for compliance now. That means:

  • Reviewing your default settings for privacy, location, and profiling;

  • Translating privacy policies into plain, age-appropriate language;

  • Building functionality for data deletion — even if not (yet) mandatory; and

  • Moving beyond consent as your only compliance crutch — especially if that consent comes from a user too young to legally or meaningfully provide it.

The consultations have made it clear: children want transparency, choice, and respect for their privacy — and regulators are listening.

by

Dealing with Daily Weakly

The High Court will shortly decide on how long a client has before they can no longer sue their lawyer for an earlier stuff up. 

In October 2024, the Federal Circuit and Family Court of Australia handed down a decision that every contracts lawyer — including those in the IP and tech law trenches — should pay attention to. Daily & Daily (No 4) [2024] FedCFamC1A 185 isn’t just a family law dispute — it’s a cautionary tale about negligence, professional responsibility, and the limits of liability when legal drafting goes sideways.

The facts were messy, as most long-running family property cases are. But at the heart of it lay this: a Binding Financial Agreement (BFA) that was meant to protect a husband’s property interests in case of divorce turned out to be void — thanks in part to inadequate legal advice when the agreement was first inked. The husband sued his former lawyers. They argued the claim was out of time and that their advice wasn’t negligent. The Court disagreed on both counts, upholding the finding of negligence and ruling that the claim was not out of time (although the damages award was to be reassessed at a new hearing).

Most significantly, the High Court has now granted special leave to appeal that part of the decision — signalling this issue is far from settled.

The current judgment underscores the point that lawyers — especially those drafting complex commercial or technology agreements — cannot rely on generic advice or boilerplate disclaimers.  In Daily & Daily, the solicitor didn’t draft the agreement originally, but did advise on and amend it.  The Court found that the advice given was cursory, failing to warn of the risk the agreement might be void for uncertainty or vulnerable under s 90K of the Family Law Act 1975 if the couple later had children.

Think of how many SaaS agreements, licensing terms, or IP assignments rely on template structures — or gloss over jurisdiction-specific requirements for enforceability. This case is a reminder of at least two things: First, when a client pays for certainty, delivering ambiguity is actionable. Second, but just as importantly, if you are asked to advise on and touch up an agreement you didn’t draft, you are taking responsibility for all of it, not just the bits you tweak.

One of the most interesting parts of the appeal will be about timing. The lawyers tried to argue that any negligence claim was statute-barred — that is, out of time. But the Court said no: in cases involving contingency-based loss (like a BFA only becoming relevant on separation), damage doesn’t “crystallise” until the adverse event happens. That’s a powerful precedent for all kinds of delayed-impact contract failures — including option agreements, royalties, or licensing deals that collapse years later.

The appeal will now head to the High Court, which could reshape how limitation periods apply to negligent drafting in complex personal and commercial transactions.

Specifically, when does damage occur after negligent drafting? At the time the agreement is entered into, or at the time there are financial consequences down the track?

The High Court’s answer may redefine professional liability timelines — and not just in family law.

by

For years, when an Australian company suffered a data breach, the script was pretty simple: notify the OAIC, maybe tell your customers, and brace for PR blowback. But in a landscape of ransomware gangs, deepfake scams, and real-world harm flowing from leaked personal info, that old approach started to feel… inadequate. The new privacy law amendments (to the Privacy Act 1988 (Cth)) try to fix that.

In this 5th instalment of our Privacy 2.0 series, we look at the new regime of EDB declarations and emergency declarations — new legal tools that give the government power to coordinate how personal data is shared during and after a crisis. If that sounds like overreach, it’s not. It’s actually quite surgical. These powers are about enabling targeted, temporary, lawful information sharing when the goal is harm minimisation — not surveillance.

Under new Division 5, Part IIIC, of the Act, which concerns EDB declarations and commenced with effect from 11 December 2024, the Minister can authorise specific entities to collect, use, or disclose personal information otherwise restricted by the APPs — but only for clearly defined, time-limited purposes like fraud prevention, identity verification, or cyber response, when there has been an eligible data breach that ticks certain boxes.

Banks, credit bureaus, and government agencies may be brought into the loop — but not media outlets.  There are some safeguards, mainly comprised of transparency requirements, consultation with the OAIC, and criminal offences for going rogue with the info.

Then there are emergency declarations — a reboot of existing powers to deal with natural disasters, pandemics, and national emergencies. These let the Prime Minister or a designated Minister approve personal data handling across public and private sectors for things like locating missing persons or coordinating aid.

Again, it’s tightly scoped: the declarations can’t be used for general surveillance, expire after 12 months unless renewed, and once again exclude media outlets entirely – so there are no free-for-alls, no “Minister for Metadata” moment.

The lesson for businesses? Don’t assume your data handling obligations end at “notify the OAIC.” In breach or emergency scenarios, you may now be authorised — or even expected — to share personal information, as long as it aligns with a declaration. Legal and compliance teams should track these developments — your incident response plan may need a serious update.

In short: breach response is no longer just about damage control. It’s about lawful coordination. And if you’re caught flat-footed without internal protocols for handling this new regime, you’re behind the curve.

Next week in the Privacy 2.0 series: how the law now reimagines overseas data transfers — and whether your Singapore-based SaaS platform still cuts it.

by

IP Australia Knocks Canva to the Canvas

How many patents could a patent combatant patent if a patent combatant could patent patents?  It turns out possibly none, if they’re IT-based patents …

It’s not often that a legal decision about slide deck formatting gets a 230-page appendix and a judicial tone verging on exasperation. But that’s exactly what happened in April when IP Australia handed down the Delegate’s ruling on two Canva patent applications. And for tech lawyers, it’s a masterclass in where the edges of software patentability still lie in Australia.

What Canva Sought to Patent

Canva — Australia’s SaaS design darling — had sought patent protection for two computer-implemented inventions. One described how to take content from a document and reflow it into a deck format automatically. The other focused on the math behind mapping design “fills” into limited layout “frames.”

The applications were meticulous. Detailed. Full of flowcharts, hierarchy data, bounding boxes, fills, and pagination logic. They read like a design engineer’s epic poem – a love letter to structured templates.

But in the eyes of IP Australia, they weren’t inventions. Not in the legal sense, anyway.

The Legal Lesson: “Manner of Manufacture” Still Matters

Australia’s test for whether a computer-implemented invention is patentable remains the “manner of manufacture” test — essentially asking whether the claimed invention involves more than just abstract ideas, business rules, or well-known computer functions.

And here, the Delegate of the Commissioner of Patents said: nope.

Despite Canva’s argument that their invention transformed how users generate designs and templates, IP Australia saw it differently: the claims described a process for applying “rules” to content in order to lay it out aesthetically — something a human designer could do, and something that didn’t, in substance, solve a technical problem or enhance the functioning of a computer. It was more scheme than science.

More Than Just a Canva Problem

Why should the rest of us care?

Because this is yet another signal — after decisions like Research Affiliates and Rokt — that Australia continues to draw a relatively narrow line on software patents. If you’re advising a client on patent strategy in the digital design, AI, or UX tooling space, the key takeaway is this: just because something’s hard to code doesn’t mean it’s patentable.

The software has to do more than automate — it must yield a technical effect or improvement that isn’t just the automation itself.

So, What’s Next?

For Canva, it’s back to the drawing board — or perhaps, back to their formidable brand and copyright moat. And they still have six months to reframe the claims in a way that may survive scrutiny.

For the rest of us, it’s another sharp reminder that patenting in the tech sector remains as much an art as a science. Don’t just ask “Is it clever?” Ask, “Is it a manner of manufacture?”

Because in Australian patent law, not all clicks are created equal.

by

Bed Bath ‘N’ Table Not Throwing In the Towel

What happens when your new brand smells a little too much like the towels next door?

If you’re Global Retail Brands Australia (GRBA) — the team behind House and its spinoff House Bed & Bath — you might find yourself embroiled in a multi-front legal fight with long-standing soft homewares heavyweight Bed Bath ‘N’ Table (BBNT). And if you’re BBNT, you might soon be on your way to the High Court of Australia to argue that while a trade mark might not be confusing, a brand strategy can still mislead.

GRBA, long known for “hard homewares” like kitchenware, took a foray into “soft homewares” by launching a new store format under the brand House Bed & Bath. The problem? BBNT had been using Bed Bath ‘N’ Table for over four decades and held multiple trade mark registrations.

BBNT sued under both the Trade Marks Act 1995 and the Australian Consumer Law (ACL), alleging trade mark infringement and misleading and deceptive conduct. While the primary judge in the Federal Court agreed GRBA’s branding was misleading under the ACL (and upheld passing off), they did not find trade mark infringement. The marks weren’t deceptively similar, said the Court — but the Court found  GRBA’s conduct was misleading/deceptive and also constituted passing off.

GRBA appealed, and in a twist befitting a soap opera about linen stores (Doylies of Our Lives? Folded and the Beautiful?), they won. The Full Federal Court overturned the misleading conduct and passing off findings — not because BBNT didn’t have a reputation, but because that reputation didn’t extend far enough to make “Bed & Bath” independently distinctive. The court also pointed to widespread descriptive use of “bed” and “bath” by other retailers and found that GRBA’s actions, while perhaps careless or even opportunistic, didn’t cross the legal line into deception.

BBNT sought special leave to appeal to the High Court. And now the top court in the land will get to decide how much weight to give to brand reputation, wilful blindness, and near-miss branding in Australia’s consumer protection and passing off law.

For trade mark lawyers and marketing advisors, this case is shaping up to be the test of the limits of brand mimicry in retail. Can a well-established business with a household brand name claim monopoly over combinations of common words like “bed” and “bath”? And what level of consumer confusion — or intent to confuse — is enough?

The main takeaways seem to be:

  • Trade mark law and consumer law don’t always walk in lockstep. You can lose one claim and win the other, based on different thresholds and factual assumptions.

  • “Wilful blindness” is not enough by itself. The Federal Court was clear that being strategic (or even a bit cheeky) isn’t the same as being legally deceptive — though the High Court may weigh in differently.

  • Descriptive branding is always a high-risk game. If your mark relies on common category words (like “bed” and “bath”), even 40 years of use might not give you exclusive rights.

  • Appealing to the High Court is rare and consequential. This will be a must-watch for IP lawyers — and one that could reshape how consumer law operates alongside trade mark protection.

Stay tuned for when the High Court beds down the final answer. For now, the towels are fluffed, the pillows are puffed, and the soft homewares sector is on notice.

For the Hitchhiker’s Guide fans, hey, who knows, maybe the HC will make their decision next year on Towel Day?

by

Who Owns the Music? Taylor Swift and the Master Rights Nobody Talks About

She might be Swift, but she wasn’t quick enough to catch the Scooter back in the day.  But now all has changed …

It’s the music industry story that refuses to fade: Taylor Swift may finally have the chance to buy back her original masters — the recordings that launched her global superstardom. If the deal happens, it would close a saga that began in 2019, when her former label sold those recordings to private equity giant Shamrock Capital, following an earlier sale by Scooter Braun’s Ithaca Holdings.

For Swift fans, it’s a long-awaited victory. But for lawyers — and especially those in IP — the story is a masterclass in what most people don’t understand about music rights.

Let’s break it down.

It’s Her Song, But Not Her Recording

When people say “Taylor Swift owns her music,” they’re often talking about copyright in the song/composition itself — comprised of the lyrics, melodies and chord structure. And yes, she owns or co-owns the copyright in many of her compositions, particularly the later albums.

But that’s not the same as owning the recordings. The actual sound recordings of her early music — the studio masters — were owned by her former label, Big Machine Records. That’s standard in the music industry. Unless you’re a major independent artist or had rare contract leverage, your label usually controls the master rights from day one.

So even though the voice on those original albums is Taylor’s, and even though the songs are her words and melodies, the master recordings were never hers to begin with.

Why Master Ownership Matters

Owning the masters means controlling how the recordings are used, licensed, sold, or synced in media. If someone wants to use the originally recorded “Love Story” in a film, the master rights holder — not Taylor — says yes or no and collects the licensing fee.

It also means revenue. Master owners collect royalties from streaming, downloads, radio play, and physical sales. For a catalogue like Swift’s, we’re talking tens of millions of dollars per year.

In fairness, so does Taylor as the songwriter – but not as many as she’d collect if she owned the masters too.

When Swift lost control of her masters, she didn’t just lose licensing rights — she lost influence over how those recordings were represented commercially, something she’s made clear she cares deeply about.

The Re-Recording Strategy — and What This Offer Means

Swift’s response was bold: she began re-recording her albums (as “Taylor’s Versions”) to reclaim both control and commercial value. Because copyright law allows the same songwriter to create a new recording of their own work, she’s been able to rebuild her catalogue under her own terms.

But this new offer — to buy back the original recordings — is different. It’s about reconciling emotional legacy and legal control. For Swift, it could mean regaining ownership of the original audio associated with her rise to fame … and far more royalties.  For Shamrock Capital, it could mean cashing out at a high watermark while retaining goodwill.

The Legal Lesson

Here’s the IP truth every artist — and every lawyer advising creators — should remember:

  • Songs and recordings are separate IP assets with separate ownership structures.

  • A performer can own either, neither, or both.

  • Contract terms set at the start of a career can shape or strangle an artist’s control for decades.

For artists, the Swift story is a cautionary tale — but also a blueprint. For lawyers, it’s a reminder to explain the difference between composition rights, performance rights, and master rights clearly — preferably before the artist becomes a household name.

And for Swifties? It’s one more reason to stream the hell out of 1989 (Taylor’s Version).