IPMojo

BOOK AN APPOINTMENT

Scott Coulthart

by

Bed Bath ‘N’ Table Not Throwing In the Towel

What happens when your new brand smells a little too much like the towels next door?

If you’re Global Retail Brands Australia (GRBA) — the team behind House and its spinoff House Bed & Bath — you might find yourself embroiled in a multi-front legal fight with long-standing soft homewares heavyweight Bed Bath ‘N’ Table (BBNT). And if you’re BBNT, you might soon be on your way to the High Court of Australia to argue that while a trade mark might not be confusing, a brand strategy can still mislead.

GRBA, long known for “hard homewares” like kitchenware, took a foray into “soft homewares” by launching a new store format under the brand House Bed & Bath. The problem? BBNT had been using Bed Bath ‘N’ Table for over four decades and held multiple trade mark registrations.

BBNT sued under both the Trade Marks Act 1995 and the Australian Consumer Law (ACL), alleging trade mark infringement and misleading and deceptive conduct. While the primary judge in the Federal Court agreed GRBA’s branding was misleading under the ACL (and upheld passing off), they did not find trade mark infringement. The marks weren’t deceptively similar, said the Court — but the Court found  GRBA’s conduct was misleading/deceptive and also constituted passing off.

GRBA appealed, and in a twist befitting a soap opera about linen stores (Doylies of Our Lives? Folded and the Beautiful?), they won. The Full Federal Court overturned the misleading conduct and passing off findings — not because BBNT didn’t have a reputation, but because that reputation didn’t extend far enough to make “Bed & Bath” independently distinctive. The court also pointed to widespread descriptive use of “bed” and “bath” by other retailers and found that GRBA’s actions, while perhaps careless or even opportunistic, didn’t cross the legal line into deception.

BBNT sought special leave to appeal to the High Court. And now the top court in the land will get to decide how much weight to give to brand reputation, wilful blindness, and near-miss branding in Australia’s consumer protection and passing off law.

For trade mark lawyers and marketing advisors, this case is shaping up to be the test of the limits of brand mimicry in retail. Can a well-established business with a household brand name claim monopoly over combinations of common words like “bed” and “bath”? And what level of consumer confusion — or intent to confuse — is enough?

The main takeaways seem to be:

  • Trade mark law and consumer law don’t always walk in lockstep. You can lose one claim and win the other, based on different thresholds and factual assumptions.

  • “Wilful blindness” is not enough by itself. The Federal Court was clear that being strategic (or even a bit cheeky) isn’t the same as being legally deceptive — though the High Court may weigh in differently.

  • Descriptive branding is always a high-risk game. If your mark relies on common category words (like “bed” and “bath”), even 40 years of use might not give you exclusive rights.

  • Appealing to the High Court is rare and consequential. This will be a must-watch for IP lawyers — and one that could reshape how consumer law operates alongside trade mark protection.

Stay tuned for when the High Court beds down the final answer. For now, the towels are fluffed, the pillows are puffed, and the soft homewares sector is on notice.

For the Hitchhiker’s Guide fans, hey, who knows, maybe the HC will make their decision next year on Towel Day?

by

Who Owns the Music? Taylor Swift and the Master Rights Nobody Talks About

She might be Swift, but she wasn’t quick enough to catch the Scooter back in the day.  But now all has changed …

It’s the music industry story that refuses to fade: Taylor Swift may finally have the chance to buy back her original masters — the recordings that launched her global superstardom. If the deal happens, it would close a saga that began in 2019, when her former label sold those recordings to private equity giant Shamrock Capital, following an earlier sale by Scooter Braun’s Ithaca Holdings.

For Swift fans, it’s a long-awaited victory. But for lawyers — and especially those in IP — the story is a masterclass in what most people don’t understand about music rights.

Let’s break it down.

It’s Her Song, But Not Her Recording

When people say “Taylor Swift owns her music,” they’re often talking about copyright in the song/composition itself — comprised of the lyrics, melodies and chord structure. And yes, she owns or co-owns the copyright in many of her compositions, particularly the later albums.

But that’s not the same as owning the recordings. The actual sound recordings of her early music — the studio masters — were owned by her former label, Big Machine Records. That’s standard in the music industry. Unless you’re a major independent artist or had rare contract leverage, your label usually controls the master rights from day one.

So even though the voice on those original albums is Taylor’s, and even though the songs are her words and melodies, the master recordings were never hers to begin with.

Why Master Ownership Matters

Owning the masters means controlling how the recordings are used, licensed, sold, or synced in media. If someone wants to use the originally recorded “Love Story” in a film, the master rights holder — not Taylor — says yes or no and collects the licensing fee.

It also means revenue. Master owners collect royalties from streaming, downloads, radio play, and physical sales. For a catalogue like Swift’s, we’re talking tens of millions of dollars per year.

In fairness, so does Taylor as the songwriter – but not as many as she’d collect if she owned the masters too.

When Swift lost control of her masters, she didn’t just lose licensing rights — she lost influence over how those recordings were represented commercially, something she’s made clear she cares deeply about.

The Re-Recording Strategy — and What This Offer Means

Swift’s response was bold: she began re-recording her albums (as “Taylor’s Versions”) to reclaim both control and commercial value. Because copyright law allows the same songwriter to create a new recording of their own work, she’s been able to rebuild her catalogue under her own terms.

But this new offer — to buy back the original recordings — is different. It’s about reconciling emotional legacy and legal control. For Swift, it could mean regaining ownership of the original audio associated with her rise to fame … and far more royalties.  For Shamrock Capital, it could mean cashing out at a high watermark while retaining goodwill.

The Legal Lesson

Here’s the IP truth every artist — and every lawyer advising creators — should remember:

  • Songs and recordings are separate IP assets with separate ownership structures.

  • A performer can own either, neither, or both.

  • Contract terms set at the start of a career can shape or strangle an artist’s control for decades.

For artists, the Swift story is a cautionary tale — but also a blueprint. For lawyers, it’s a reminder to explain the difference between composition rights, performance rights, and master rights clearly — preferably before the artist becomes a household name.

And for Swifties? It’s one more reason to stream the hell out of 1989 (Taylor’s Version).

by

Kids, Code & Clicks: Australia’s New Children’s Privacy Push

Privacy laws used to treat kids like a rounding error — cute, inconvenient, and mostly left to the “parental supervision” fine print. Not anymore.

In this 3rd part of IP Mojo’s exclusive Privacy 2.0 blog series, we see how Australia’s privacy regime is finally catching up to a reality every parent knows: children are online, they’re being tracked, and they deserve more than vague guidance from a dusty regulator’s website.

Enter the Children’s Online Privacy Code, a centrepiece of the latest privacy law reforms. For the first time, Australia is baking enforceable obligations into law when it comes to how children’s personal information is collected, used and shared. Not just “you should be careful” — but “you must comply.”

So what’s changing? The new law requires the Information Commissioner to develop a binding code that sits within the framework of the Australian Privacy Principles (APPs). The Code must be finalised within two years and will apply to organisations likely to interact with children — particularly social media services, games, streaming platforms, and apps that know full well they’ve got under-18s clicking through. It won’t apply to health services, but that’s about the only carve-out. In essence: if your platform’s got kids on it, this is now your problem.

The Code will apply to social media services, games, streaming platforms, and other digital services as defined in the Online Safety Act 2021 (Cth) — including so-called “relevant electronic services” and “designated internet services.” If you already know those definitions, you’ve probably had dealings with the eSafety Commissioner. Now, add the Privacy Commissioner to your contact list. These reforms don’t replace online safety obligations — they layer on top of them. That means double compliance, and potentially double trouble if you get it wrong.

Here’s the takeaway: if you run an app, platform, game or service that might appeal to kids — even if you didn’t intend it to — it’s time to review your privacy practices. Don’t wait for the Code to land in 2026. The direction of travel is clear: children’s data is no longer fair game. It’s protected space. And if you’re not designing with that in mind, your business model may need a rethink — or your lawyers may need a bigger budget.

Tune in next week for: a look at the revamped APP 11, where “reasonable steps” for data protection just got a lot more real.

by

Age Check Please – Australia’s Social Media Age Trial Steps Up

If you thought “what’s your date of birth?” was just an annoying formality, think again. Australia is now deep into a world-first trial of age verification tech for social media — and the implications for platforms, privacy, and policy will be real.

It’s official: Australia is no longer just talking about age restrictions on social media — it’s testing them. In what’s being described as a world-first, the federal government earlier this year launched the Age Assurance Technology Trial, a trial of age assurance technologies across more than 50 platforms, including heavyweights like Meta, TikTok and Snapchat.

The idea? To test whether it’s technically (and legally) viable to verify a user’s age before they gain access to certain online services, especially platforms known to attract kids and teens.

The goal is to find out whether it’s possible — and proportionate — to verify a user’s age before letting them dive into algorithm-driven feeds, DMs, or digital chaos.

Now, as of mid-May, the trial is expanding — with school students in Perth and Canberra joining the test groups. The trial includes biometric screening (e.g. facial age estimation), document-based verification, and other machine-learning tools and tech designed to assess age and  detect users under 16 without necessarily collecting identifying information, in line with recommendations from the eSafety Commissioner and privacy reform proposals.

Initial results are reportedly encouraging, showing strong accuracy for detecting under-16 users. Some methods are accurate 90%+ of the time — but questions linger. How well do these tools work across diverse communities? How do they avoid discrimination? And perhaps most importantly: how do you balance age checks with user privacy?

But this isn’t just a tech exercise — it’s a law-and-policy warm-up. With the Children’s Online Privacy Code set to drop by 2026, and eSafety pushing hard for age-based restrictions, the real question is: can you implement age gates that are privacy-preserving, non-discriminatory, and not easily gamed by a teenager with a calculator and Photoshop?

It’s a tough balance. On one hand, there’s real concern about children’s exposure to online harms. On the other, age verification at scale risks blowing out privacy compliance, embedding surveillance tech, and excluding legitimate users who don’t fit biometric norms.

The final report lands in June 2025, and platforms should expect regulatory consequences soon after. If the trial proves age verification is accurate, scalable, and privacy-compatible, you can bet on mandatory age checks becoming law by the end of the year.

Bottom line? If your platform’s UX depends on open access and anonymity, start thinking now about how that survives an incoming legal obligation to know more about your users, and if not necessarily who they are, at least how young they actually are (as opposed to how old they might claim to be).

by

I Tort I Saw a Privacy Breach: Australia’s New Right to Sue

In barely a few weeks’ time, for the first time in Australian legal history, individuals will be able to sue for a serious invasion of privacy — with the new statutory tort coming into force on 10 June 2025.

It’s a landmark moment. While the Privacy Act has long offered regulatory protections (mainly enforced by the OAIC), this new law gives individuals a direct, personal legal remedy in court. If someone invades your privacy — by spying on you, hacking your data, or misusing personal information — you can now bring a tort claim for compensation, injunctions, apologies, or other relief.

But it’s not a free-for-all. Let’s unpack how it works.

What Exactly Do You Have to Prove?

To win a case under the new law, a plaintiff must establish five elements, all of which are based on ALRC recommendations:

  1. An invasion of privacy — either by intrusion upon seclusion (e.g. surveillance, unlawful entry, voyeurism) or misuse of private information (e.g. disclosing or using someone’s personal details without permission).

  2. A reasonable expectation of privacy — determined in context. This takes into account factors like place (e.g. home vs public), the sensitivity of the information, age or cultural background of the plaintiff, and whether they invited publicity.

  3. Intentional or reckless conduct — negligence isn’t enough. The defendant must have acted deliberately or with reckless disregard.

  4. A serious invasion — not just annoying or embarrassing. The harm must be objectively significant (e.g. likely to cause offence, distress or harm to dignity to a person of ordinary sensibilities).

  5. Public interest balancing — the court must be satisfied that the plaintiff’s right to privacy outweighs any public interest raised by the defendant (such as free expression, national security, or open justice).

You don’t need to prove economic loss or damage — it’s actionable without it. However, the nature and impact of the harm (e.g. emotional distress, reputational damage, or humiliation) will affect the seriousness of the invasion and any damages awarded.

Not Retrospective — and Watch the Clock

The new tort is not retrospective. That means you can’t sue for conduct that occurred before 10 June 2025, no matter how bad it was. The law only applies to invasions of privacy on or after the commencement date.

And there are strict time limits:

  • You must start proceedings within one year of becoming aware of the invasion, and in any event within three years of when it happened — whichever is earlier.

  • If the plaintiff was under 18 at the time, they can sue any time up until their 21st birthday.

  • In exceptional circumstances, the court can extend the period up to six years after the event — for instance, where trauma or lack of awareness delayed action.

What About Defences?

It’s not all a one-sided affair. There’s a structured list of statutory defences, including where:

  • The conduct was required or authorised by law

  • The plaintiff consented

  • It was necessary to prevent serious harm

  • The conduct was part of a lawful defence of person or property

There are also defamation-style defences for things like absolute privilege, publication of public documents, and fair reporting of public proceedings — and journalists enjoy an exemption when acting in a professional capacity under a recognised code of conduct.

Law enforcement and intelligence agencies are also exempt when acting within their lawful functions.

What Remedies Are Available?

The court can award compensation for emotional distress, injury to dignity, and reputational harm — capped at the same maximum as defamation damages (currently $478,550, indexed).

It can also award exemplary damages in egregious cases (like malicious distribution of private images), and make orders for apologies, corrections, injunctions, and destruction of material.

Importantly, apologies won’t count as admissions of guilt — so defendants can say sorry without conceding liability (though it might reduce damages).

What Now?

This is a big deal for Australian privacy law. The new statutory tort fills a long-standing gap between regulation and personal rights — and will likely open the door to more litigation, especially in areas like:

  • image-based abuse

  • unauthorised publication of intimate content

  • intrusive surveillance

  • data misuse or unethical tech deployment

For businesses, publishers, digital platforms and public institutions, now is the time to review policies, train staff, and sanity-check any borderline practices. Reckless handling of sensitive information — even without publication — could now be very costly.

Tune in next week for: a deep dive into the new Children’s Online Privacy Code. Because in 2025, even kids’ data isn’t child’s play.

by

Privacy 2.0: Why the Law Had to Change

It’s not every day a 1980s law gets a 2020s reboot — but that’s exactly what’s happening with Australia’s privacy regime.

After years of community anxiety, OAIC submissions, and a few too many headlines about mega-breaches, the Privacy Act 1988 (Cth) is finally stepping out of its shoulder-padded past and into the digital present.

The latest round of reform — passed at the end of 2024 and now live — marks the biggest shake-up to Australia’s privacy framework in over a decade … and while the updates aren’t a total rewrite, they’re a bold start. From new breach response tools to sharper enforcement powers, and from kids’ data codes to the long-awaited statutory tort of privacy invasion, this is no longer just a compliance issue for GCs. It’s a reputational and risk issue for boards — and a tech/design challenge for operational teams.

So why now? Because the old law just wasn’t cutting it anymore. The last major reform (the 13 APPs) happened in 2014. That was before TikTok existed. Before mass data scraping, AI-driven insurance risk profiling, and customer loyalty schemes that know your breakfast habits better than your spouse. Fast forward a decade, and we’re living in an environment where personal data isn’t just a risk category — it’s a currency, and one that criminals, governments, and companies alike are eager to trade.

Add to that the global pressure. Australia has fallen behind the GDPR club, and even the US (the privacy laggard) is now rolling out state-level data laws with real teeth. If we want to be taken seriously in trade deals, tech partnerships, or cross-border enforcement, our domestic rules have to look credible. That means: Transparency. Accountability. Teeth.

This 9-part twice-per-week Privacy 2.0 blog series will unpack the key changes — what’s landed, what’s coming, and what businesses need to do now (not in 2026, when the AI rules kick in). We’ll also ask the hard questions: is this regulation or reaction? Is it about protecting individuals — or just managing headlines? And what does it mean for those of us navigating the line between innovation and intrusion?

Tune in tomorrow for: an in-depth look at Australia’s new statutory tort of serious invasion of privacy, commencing on 10 June 2025.