This chapter deals with the law from an individual’s perspective wanting to use the internet to find information, publish material, engage in e-commerce or communicate using social media. It also offers advice on managing children’s internet access.


John Leung


Other protection issues

Last updated

17 May 2021

Vilification and discrimination

Material that vilifies or discriminates against a particular group of people may be prohibited under the Racial Discrimination Act 1975 (Cth) (‘RD Act’). The Australian Human Rights Commission (AHRC) assesses this type of content. Publishers of online content have been found to have acted unlawfully where the content they publish is racially vilifying or discriminatory.

In Jones v Toben [2002] FCA 1150, the Federal Court upheld the AHRC’s decision that the respondent had engaged in unlawful conduct by publishing material that vilified Jews on a website.

This decision has been applied in other cases, such as in Silberberg v The Builders Collective of Australia Inc [2007] FCA 1512. At the heart of the Silberberg case were messages posted to an online discussion forum that contained material that racially discriminated against Jews. Although the court found that the person who posted the messages containing the offensive content did so in breach of the RD Act, the website host was found to have not breached that Act because the host’s failure to remove offensive content, despite having knowledge of it, was not necessarily connected to race.

In Eatock v Bolt (No 2) [2011] FCA 1180, the Federal Court found that section 18C of the RD Act had been contravened by the publication of articles (print and online) that discussed the Aboriginal identity of identified individuals. The publication was assessed from the point of view and circumstances of the identified individuals, and not from that of the general community. The publications were found to contain inflammatory and provocative language; and the good faith exemptions for fair comment and genuine purpose in the public interest were not made out.

In Victoria, the Racial and Religious Tolerance Act 2001 (Vic) (‘RRT Act’) specifically covers electronic communications, including email.

The key section of the RRT Act is section 8(1), which provides that:

A person must not engage in conduct that incites hatred against, serious contempt for, or revulsion or severe ridicule of, that other person or class of persons.

Complaints can be made to the Victorian Equal Opportunity and Human Rights Commission.

For more information, see Chapter 11.1: Discrimination and human rights.

Case example: Religious vilification

Catch the Fire Ministries Inc v Islamic Council of Victoria Inc [2006] VSCA 284

The Islamic Council of Victoria lodged a complaint under the RRT Act about statements made by a Christian pastor from the Catch the Fire Ministries (‘Ministries’) at a seminar and in articles published online; the complainant claimed the pastor’s statements vilified Muslims.

The Victorian Civil and Administrative Tribunal (VCAT) upheld the complaint and ordered that corrective advertisements be published on the respondent’s website for a period of 12 months.

The Ministries appealed VCAT’s decision and the appeal was upheld on the basis that VCAT applied an incorrect test in determining whether the RRT Act had been breached.

However, the Court of Appeal confirmed that:

  • the order to publish corrective advertising was not beyond VCAT’s power under section 136 of the Equal Opportunity Act 2010 (Vic); and
  • section 8 was valid and did not burden the implied freedom of communication about government and political matters.

Internet gambling

The Australian Government regulates internet gambling. Access by Australian-based customers to certain forms of interactive gambling is prohibited (e.g. online casino-style games and live sports wagering). It is also an offence to provide particular forms of Australian-based interactive gambling to customers in specific countries.

For more information about internet gambling, go to the Australian Communications Media Authority (ACMA) website.

Domain names and cyber-squatting

Domain names (also called URLs) are unique web addresses. To establish a domain name, the name must be registered with the Internet Corporation of Assigned Names and Numbers (ICANN). In Australia, ICANN contracts out its registration function to other corporations.

Cyber-squatting’ is where a person registers a domain name in which they have no legitimate interest, with a view to obtaining a profit from those with a genuine interest in the domain name. There is no specific anti-cyber-squatting legislation in Australia, but such actions may constitute trade mark infringement, ‘passing off’ (i.e. representing goods or services as your own, which are not) or may breach the Competition and Consumer Act 2010 (Cth). In Australia, cyber-squatting is usually dealt with under misleading or deceptive conduct, rather than trade mark infringement.

Under Australian law, domain names are a licence, held by the person who registered the name (the registrant), under a contract with the authority in charge of managing and registering domain names.

Because the registration of a domain name is an administrative action, the act of registration does not give the registrant any legal rights, other than the contractual right acquired by registration. This means that domain names are not owned but are contractual rights that are subject to terms and conditions as stipulated in the agreement for registration.

The relevant policy (2012-04) of the Australian Domain Name Administrator (auDA) (the regulator of the .au domain administration) states that:

2.1 There are no proprietary rights in the domain name system (DNS). A registrant does not ‘own’ a domain name. Instead, the registrant holds a licence to use a domain name, for a specified period of time and under certain terms and conditions.

Domain names were originally licensed on a ‘first-come, first-served basis’. The current policy provides for domain names requires:

  • an exact match, abbreviation or acronym of the registrant’s name or trade mark; or
  • [an] otherwise closely and substantially connected to the registrant …

For more information about registering domain names, visit auDA’s website.

Under common law, holding the registration of a domain name may not constitute having control over the website’s content. This is relevant, for example, when determining whether a party has power to publish corrective notices on a website. (See Australian Competition and Consumer Commission v Dynacast (Int) Pty Ltd (formerly Pty Ltd) ACN 061 234 642 [2007] FCA 429.)

Domain name disputes are commonly dealt with through dispute resolution, which is cheaper and simpler than court litigation. Australian domain name disputes are dealt with according to auDA’s dispute resolution policy.

Disputes are dealt with by independent arbitration services that have been accredited by ICANN (the World Intellectual Property Organisation (WIPO), and the Resolution Institute).

The dispute resolution process for situations in which the company challenging the domain name owns a business name or trade mark identical to the domain name is if the challenger owned the name prior to the domain name owner registering the name, the domain name is taken and disabled until the dispute is settled. This prevents the domain name owner from using their possession of the name to bargain with the challenger.

Case examples: Domain names

Melbourne 2006 Commonwealth Games Co v B & M Group of Co Pty Ltd (2005) WIPO

WIPO’s administrative panel heard and ruled on a complaint brought by the Melbourne 2006 Commonwealth Games Corporation about an attempted sale to the state of Victoria of a collection of registered domain names.

These domain names included,,, and, which were identical or confusingly similar to at least one of the trade marks in which the complainant had rights.

WIPO found that the respondent had no rights and no legitimate interest in the domain names. The respondent’s offer to ‘rent’ the various domain names to the complainant for a fee of $50 000 per month was found to be sufficient evidence that the respondent registered and used the disputed domain names in bad faith. WIPO ordered the domain names be transferred to the complainant.

Sheather v Staples Waste Removals Pty Ltd (No 2) [2014] FCA84

The domain name ‘’ was registered by an IT services company that paid the registration and renewal fees for that domain name without seeking reimbursement.

The business for which the domain name was registered, Staples, never used the domain name.

A US company – also called Staples – sought to purchase the domain name. A representative of the IT services company transferred the domain name to himself, then sold the domain name for $82 500, and retained the proceeds. The judge characterised the transfer and sale as a dishonest and fraudulent design to defeat Staples’ right to the domain name.

Privacy laws

The Privacy Act 1988 (Cth) (‘Privacy Act’) imposes Australian Privacy Principles (APPs) on the federal public sector and on private sector organisations. The APPs set the minimum standards for collecting and handling personal information by businesses and other private sector organisations. The APPs are relevant, for example, when collecting personal information from contributors to an online forum.

There are exemptions for small businesses and media organisations acting ‘in the course of journalism’.

Providing a privacy policy for your website as well as terms and conditions of use are the mechanisms commonly used to manage the various legal risks associated with online publishing.

For more information on privacy laws, see Chapter 12.4: Privacy and your rights.

Changes to the Privacy Act

Changes to the Privacy Act came into effect on 12 March 2014. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) amended sections of the Privacy Act and included a set of new, harmonised privacy principles that regulate the collection, use, storage and disclosure of personal information by Australian Government agencies and some businesses. These new principles apply to the collection and use of personal information, including the online storage of personal information.


Certain online communication practices, including giving a person unwanted attention or sending a person offensive material, may constitute harassment.

Cyber-bullying and cyber-stalking

Cyber-bullying is offensive, menacing or harassing behaviour that is conducted using technology.

Examples of cyber-bullying include:

  • posting hurtful messages, images or videos online;
  • repeatedly sending unwanted messages online;
  • sending abusive texts and emails;
  • excluding or intimidating others online;
  • creating fake social networking profiles or websites that are hurtful;
  • participating in nasty online gossip and chat; and
  • any other form of digital communication that is discriminatory, intimidating, intended to cause hurt or make someone fear for their safety.

Under the Criminal Code Act 1995 (Cth) (‘Criminal Code’), it is a criminal offence to use the internet, social media or a telephone to menace, harass or cause offence. The maximum penalty for this offence is three years’ imprisonment or a fine (currently $39 960).

There are also stalking offences in each state and territory. Stalking involves a persistent course of conduct that is intended to make the victim feel fearful, uncomfortable, offended or harassed. When the conduct occurs online (e.g. by email or on social networking sites) or via text message, it is still a criminal offence. Stalking offences carry heavy maximum penalties.

More information is available from the Australian Cybercrime Online Reporting Network (ACORN).

Victims of stalking can seek an intervention order against the stalker; see ‘Personal safety intervention orders for stalking’ in Chapter 4.4: Family violence.

Revenge porn

Revenge porn (also called ‘image-based abuse’) is the exploitative sharing of intimate or sexual material of a person without their consent, with the intention of causing that person harm.

‘Image-based abuse’ is the term preferred by academics and government agencies as not all perpetrators are motivated by revenge, and not all images are pornography (see R v Silva [2009] ACTSC 108 for discussion on what is ‘sexual material’).

There are specific laws in Victoria and South Australia that criminalise the distribution of an intimate or ‘invasive’ image without consent. In both Victoria and South Australia, it is also a criminal offence to threaten to distribute an intimate or invasive image (see ‘Sexting’, below).

Under Commonwealth law, the Criminal Code (s 474.17) – ‘using a carriage service to menace, harass or cause offence’ – has been used to respond to image-based abuse. The use of ‘private sexual material’ in such an offence constitutes an aggravated offence, increasing the maximum sentence from three to seven years imprisonment (s 474.17A).

However, if the perpetrator does not demonstrate a clear intention to menace, harass or cause offence, the law is vague.

While criminal and civil laws exist in some states and territories to provide compensation to victims of image-based abuse, there is no national consistency.


‘Sexting’ is:

the creating, sharing, sending or posting of sexually explicit messages or images via the internet, mobile phones or other electronic devices.

(Law Reform Committee 2013, Inquiry into Sexting, Victorian Parliament, Parliamentary Paper No. 230, p. ix)

The Crimes Amendment (Sexual Offences and Other Matters) Bill 2014 (Vic) (which passed on 15 October 2014) amended the Summary Offences Act 1966 (Vic) (‘SO Act’) and the Crimes Act 1958 (Vic) (‘Crimes Act (Vic)’). The Bill created the offences of distributing an intimate image (s 41DA) and threatening to distribute an intimate image (s 41DB) under the SO Act. There is a defence to the offence of distributing an intimate image where the image is of a person aged 18 years or older and that person has expressly or impliedly consented to its distribution.

Under the Crimes Act 1958 (Vic), it is an offence to produce, distribute, possess or access ‘child abuse material’. This includes material where a person who is or appears to be a child is engaged in (or apparently engaged in) a sexual pose or activity (see ss 51A–51H). This definition covers peer-to-peer sexting by minors.

However, there is a defence under section 51N for minors where the material is an image that does not depict an imprisonable offence (or that the minor reasonably believes does not depict a imprisonable offence) and where the youngest child in the image is not more than two years younger than the minor. 

There is also a defence for adults aged 18 or 19 years old under section 51P if the person is no more than two years older than the person in the image (who must be 16 or 17 years old and not in the care of the other person), the image does not depict an imprisonable offence, the person has dealt with the image with the consent of the person in the image and the person does not distribute the image to anyone other than the person in the image.

Social networking sites and personal information

Social networking sites, such as Facebook and LinkedIn, enable members to use a personal profile to interact with other people online.

Privacy policies

Most social networking sites have a privacy policy that governs how they store and control access to the information that users upload to their profiles. Under many of these policies, information can be viewed by other users of the particular social networking site, or by anyone who has access to the internet.

Privacy and safety

Social networking sites can give rise to privacy and safety concerns, as it can be difficult to confirm the identity of other social networking site members.

A common problem on social networking sites is the establishment of false profiles, designed to mislead users as to the identity of the person posting the information. An online reporting facility exists on Facebook and Twitter where requests can be made to remove or modify the false page or user.

Publication laws apply online

All publication laws (including defamation, copyright, vilification and contempt) apply to social networking sites. Other publication restrictions apply (e.g. not identifying victims of sexual offences, or discussing Children’s Court and Family Court matters).


If you use a profile that identifies you as an employee or associate of a particular organisation, you are usually subject to the social media and professional conduct guidelines of that organisation.

Internet dumping

Internet dumping (also known as ‘modem jacking’) is the practice of switching a user from their current ISP to a premium-rate telephone number without their knowledge or consent. Internet dumping can occur when certain websites are accessed.

Internet dumping is likely to breach the Competition and Consumer Act 2010 (Cth), and various state Fair Trading Acts, and may also be a breach of the customer’s ISP contract.

If the ISP cannot resolve a complaint concerning internet dumping or an aspect of the ISP’s service, complaints can be made to the Telecommunications Industry Ombudsman.


Spam is unsolicited commercial electronic messages (i.e. electronic junk mail) that is generally delivered by SMS or email.

Under the Spam Act 2003 (Cth), spam can only be sent with the consent of the person receiving the message. However, consent can be reasonably inferred if there is a business relationship between the sender and the receiver of the message.

Commercial messages must include an unsubscribe facility.


Phishing is a form of identity theft where fake emails and websites – that are designed to look like legitimate businesses, financial institutions and government agencies – are used to deceive internet users into disclosing financial account information or other personal details.

For more information, including how to complain about spam and phishing, contact ACMA.

Back to
Consumers, contracts, the internet and copyright