Lawyers have suggested compliance with the voluntary code of practice for suppliers of consumer IoT devices, issued by the Government last month, could be enforced by the ACCC.
Home Affairs minister, Peter Dutton released a for-comment draft of the code of practice on November 19 saying it had been developed drawing on the technical expertise of the Australian Cyber Security Centre (ACSC), aligned with guidance provided by the United Kingdom and was consistent with other international standards.
Alexandra Wedutenko, and Mathew Baldwin, lawyers with Clayton Utz, writing on the firm’s blog, said it was possible regulators such as the ACCC could rely on the international norms reflected in the code to argue that industry compliance was required.
Also, they said: “While expressed as voluntary, aspects of the draft IoT Code may also reflect legal obligations under Australian consumer law.”
As IoTAustralia reported at the time the draft code follows closely a voluntary code introduced by the UK Government in October 2018 and ETSI TS 103 645 – Cyber Security for Consumer Internet of Things.
The lawyers suggested following the public consultation process, the final version would seek to maintain a high degree of alignment with the similar principles internationally.
“It’s … possible that regulators such as the Australian Competition and Consumer Commission could rely on the international norms reflected in the IoT Code to argue that industry compliance with aspects of the IoT Code is required under Australian consumer protection laws,” they said.
“This is particularly the case where the IoT Code could be regarded as implementing reasonable or expected security practices to protect consumers.”
One aspect of the Australian draft code that they said departed from the UK version was its reference to Australia’s Privacy Act.
“While this is a departure, it’s likely that devices designed for compliance with the European Union General Data Protection Regulation will also include sufficient protections to comply with Australian laws.”
The ACCC told IoTAustralia it would not make any comment at this very early stage in the consultation process, but would to monitor developments regarding safety and privacy issues associated with the Internet of Things, and would follow the government’s consultation process with interest.
