Recent changes to the law increase your risk of being fined. Learn how to avoid this.
Companies in Australia now face potential privacy fines, bribery fines and unfair contract terms fines. In the last couple of years the Australian Commonwealth government updated three key laws which increase the chances and quantum of fines for unfair contract terms, breach of privacy and bribes committed by those connected to the Company. The government has chosen to use the threat of fines as a large stick to force compliance with unfair contract laws, privacy and bribery.
This blog will look at how companies could get fined for breaches of unfair contract laws, privacy and bribery. We will also explain how to avoid those potential fines.
Unfair Contract Terms
A recent change in the law that introduced potential penalties for Australian companies is the expansion of the Unfair Contract Terms regime.
The law in essence says that if your standard T&Cs are unfair and they are used as the contract with a company that is smaller than 100 staff, then a court can remove any unfair terms from the contract. Further, courts have the power to fine you for including unfair terms if they choose to. Courts have wide discretion to determine the fine, but it can be up to $50 million.
Given that the vast majority of companies in Australia have under 100 staff it is extremely likely that you will contract with at least one ‘small’ company and the Unfair Contract Terms regime will therefore apply to you.
The ACCC, which is the regulator tasked with enforcing the Unfair Contract Terms law, states that enforcement of it is one of its priorities for 2025.
So what is an ‘unfair’ contract term? There is no definitive answer given but typical examples are: (i) automatic renewal terms; (ii) one-sided indemnities; (iii) exclusion and limitation of all liability; and (iv) unilateral rights to amend the contract. It is any term of the contract that a court thinks is too one-sided in the circumstances. If there are compelling commercial reasons or context that justifies excluding a certain head of liability then it may be arguable that it is not unfair. It is the blanket removal of one party’s legal responsibility that the courts and the ACCC will be particularly hard on.
Companies should urgently assess their T&Cs and evaluate their fairness in light of this new law.
Privacy
In late 2024 the Commonwealth Privacy Act was amended. There were some substantive changes to the law in the 2024 amendments, but from the perspective of companies, the most important changes are the new powers and resources given to OAIC (the regulator).
OAIC now has extended powers to investigate (including by entering and searching company premises) and an increased scope to ask for fines. This includes a new set of fines for administrative breaches of the law. These administrative fines attract penalties of up to $330,000 so should not be considered ‘mere’ administrative breaches. Breaches include not having a privacy policy, not giving users the right to opt-out of marketing or failure to adequately communicate to a user how they can opt out of marketing.
It is expected that these wider powers and greater fines will lead to OAIC bringing more enforcement actions against non-compliant businesses. Historically OAIC has had a small team and has been quite reactive by focussing on companies which have had data breaches. Going forward we can expect OAIC to be proactive by actively seeking out non-compliance.
You should conduct an honest privacy compliance audit encompassing your privacy policy, your actual processing and storing of data and your marketing activities. It will be worth the effort, not least because if OAIC does come knocking you can point to real efforts to address your practices.
Bribery
The act of making or receiving bribes has unsurprisingly been illegal in Australia for a long time. But from September 2024 companies can now be responsible for bribes made anywhere in the world by anyone ‘connected’ to it – which means its contractual partners, agents and even its suppliers. This has significantly widened the scope of the law. And a company can be fined up to $31 million or 3 times its annual turnover.
Under the law today your company commits a criminal offence if your supplier or agent bribes someone in any part of the world and you do not have ‘adequate procedures’ in place to stop your supplier or agent doing this.
This is a huge increase in your scope of potential liability under the bribery legislation. Examples:
- If you have agents selling your business in any part of the world where facilitation payments are common then your company could be prosecuted here in Australia unless you take steps to prevent the making of these payments.
- If your supplier bribes someone abroad to get hold of some materials you need then your company can be prosecuted in Australia.
These are known as ‘strict liability’ offences because, unless you can meet the defence of ‘adequate procedures’, your company could be fined when the bribe is made or received even if you had no knowledge of the bribe, still less an actual corporate intention to bribe anyone.
The only defence you have is to prove to the court that your company had ‘adequate procedures’ in place. You should put in place all of the following to build up a decent defence in case any one connected to you does commit or accept bribery:
- You need to pull together a risk assessment where you identify the risk of bribery being committed by you or for you, and you set out how to mitigate the risk.
- Your contracts with suppliers, agents, partners and staff should all state that they should not commit or receive any bribery, or make any facilitation payments.
- You need a policy, approved by the board, which sets out your anti-bribery position and that is communicated to your staff, contractors, agents and suppliers.
- Your board and senior leadership is expected to set the anti-bribery tone.
- Staff and contractors, and potentially partners, should receive anti-bribery training as regularly as you think is sensible.