A Obstacles to Access 23 25
B Limits on Content 27 35
C Violations of User Rights 25 40
Last Year's Score & Status
76 100 Free
Scores are based on a scale of 0 (least free) to 100 (most free). See the research methodology and report acknowledgements.

header1 Overview

Internet freedom in Australia regressed during the coverage period. Facebook temporarily blocked access to news content and civil society pages for users in response to the newly instituted News Media and Digital Platforms Bargaining Code. Other legal developments—including the introduction of the Online Safety Act, court decisions threatening to expand the country’s punitive defamation standards, and problematic laws that facilitate increased surveillance—shrank the space for free expression online. The country’s information and communication technology (ICT) infrastructure is well developed, and prices for connections are low, ensuring that much of the population enjoys access to the internet. However, in rural and remote areas, particularly those with high Aboriginal and Torres Strait Islander populations, coverage is less strong. Several Australian states reformed defamation laws to introduce limits on the types of defamation suits that can be brought forward, and to broaden the legal defenses available to respondents in defamation cases. Cyberattacks, including on the federal Parliament, continue to challenge the security of Australia’s digital sphere.

Australia is a democracy with a strong record of advancing and protecting political rights and civil liberties. Recent challenges to these freedoms have included the threat of foreign political influence, harsh policies toward asylum seekers, and ongoing disparities faced by Aboriginal and Torres Strait Islander people.

header2 Key Developments, June 1, 2020 - May 31, 2021

  • The National Broadband Network (NBN) program’s infrastructure rollout was completed in September 2020, providing most of the population with the option of switching to an NBN connection (see A1 and A2).
  • In June 2021, after the coverage period, Parliament passed the Online Safety Act, expanding Australia’s notice-and-takedown regime, enabling additional website blocking, facilitating increased access to user data, and giving new powers to the eSafety Commissioner (see B3 and C6).
  • Facebook briefly blocked news content for Australian users after the News Media and Digital Platforms Bargaining Code, which creates a framework for digital platforms to negotiate payouts with media companies, was enacted in February 2021. The ban also swept up the pages of civil society groups and other essential resources (see B6 and B7).
  • Parliament introduced the Surveillance Legislation Amendment (Identify and Disrupt) Bill—which would potentially expand the country’s surveillance regime—and the Telecommunications Legislation Amendment (International Production Orders) Bill 2020, which gives the government the ability to access encrypted information from non-Australian companies. Both bills were passed after the coverage period (see C4 and C5).
  • Australian public institutions continued to be targeted by sophisticated cyberattacks (see C8).

A Obstacles to Access

A1 1.00-6.00 pts0-6 pts
Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections? 6.006 6.006

There are few infrastructural limitations on internet access or speeds. The country has a high internet penetration rate: 87.9 percent of the population used the internet in 2020, according to the Australian Digital Inclusion Index.1 This rate is expected to steadily increase with the completion of the NBN program’s initial infrastructure rollout in September 20202 and the continued connection of premises to the network,3 which entails expanded wireless, fiber-optic cable, and satellite internet services, especially in rural communities.

The NBN is starting to deliver faster connections to more residents at lower costs but has been dogged by complaints and delays.4 In December 2019 the Australian Competition and Consumer Commission (ACCC) reported that growing access to the NBN had significantly improved overall access to high-speed broadband services for users across Australia. However, congestion on some fixed wireless services remained an issue for users in remote and potentially “unserviceable” parts of the country, where technical limitations limited the speeds available to consumers.5 As of November 2020, approximately 60,000 premises fell within this category.6 By June 2021, approximately 11.9 million premises were ready to connect to the network while approximately 8.1 million premises already had activated connections.7

Australians briefly experienced a general slowing of internet speeds as a result of the COVID-19 pandemic, with greater numbers of people working from home. Canberra was the worst affected, reportedly experiencing 6 percent more internet congestion since residents started self-isolating in March 2020.8 The ACCC reported in May 2020 that internet speeds and performance had recovered following the initial decline after the NBN Co (the publicly-owned operator of the NBN) offered retail service providers 40 percent extra network capacity for free.9

The vast majority of data consumed by Australians in 2020 was via a fixed-line broadband connection.10

The majority of NBN broadband services operated in 2019 on wholesale speed tiers of 50 megabits per second (Mbps).11 Ookla’s May 2021 Speedtest Global Index ranked Australia 56th in the world for fixed-line broadband internet speeds, but 8th in the world for mobile broadband internet speeds.12

In 2019, second-generation (2G) and third-generation (3G) technology for mobile networks were rendered largely obsolete, while upgrades were made on the fourth-generation (4G) network and fifth-generation (5G) technology rollout continued. Over 97 percent of the population is covered by 3G and 4G networks, but the remaining 1 to 2 percent either have no service or lack choice between service providers.13 Providers Telstra, Vodafone, and Optus have been expanding the reach of their 5G services across Australia, with Telstra’s 5G network covering 50 percent of Australians as of June 2021.14 In August 2018, Huawei, the Chinese telecommunications giant, was barred from participating in the development of Australia’s 5G network. Critics are concerned that the ban, which was imposed on national security grounds, will result in slower 5G internet speeds and delays in the service’s rollout.15

A2 1.00-3.00 pts0-3 pts
Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons? 2.002 3.003

Internet access is affordable for most Australians. The gradual shift to NBN services across the country is resulting in greater competition among internet service providers (ISPs), higher-quality connections, and improved speeds.1

Telecommunications services are becoming cheaper, with the ACCC reporting a 2 percent decrease in the annual price of a fixed-line broadband connection and a 12.5 percent decrease in the annual price of a mobile broadband connection in 2018–19.2 In the Economist Intelligence Unit’s 2021 Inclusive Internet Index, Australia was ranked 9th out of 100 countries surveyed in terms of the affordability of prices for internet connections.3

A digital divide persists between urban and nonurban areas, though it is narrowing. As of July 2020, the Statutory Infrastructure Provider Regime requires NBN Co and other internet providers to guarantee minimum download and upload speeds during peak hours. The new provisions are designed to ensure consistent, high-quality internet access to people living in remote areas, and have been welcomed by rural residents weathering the coronavirus pandemic.4 The NBN rollout has significantly improved access, with rural Australians having a proportionately greater uptake of NBN fixed broadband than urban Australians.5 Some longstanding performance issues on the NBN network were resolved in 2019–20, which further improved broadband performance in rural areas.6

The Mobile Coverage Black Spot program, a government initiative, had installed 725 base stations across remote areas of Australia to fill gaps in mobile coverage as of June 2019.7

One study published in 2017 attributed the lower rate of internet penetration in rural areas to the higher median age, larger populations of disadvantaged Aboriginal and Torres Strait Islander Australians, and higher unemployment rates.8 Indigenous Australians generally have a lower level of digital inclusion, with affordability remaining a key barrier to access, though this has improved over time.9 Low-income households and people aged 65 and over were also more likely to be excluded from accessing the internet.10 In response to the COVID-19 pandemic, the government worked with NBN Co to provide financial relief to help low-income families connect to the NBN, particularly those with school-aged children.11

Gender is not a barrier to access, with men using the internet only slightly more frequently than women.12

A3 1.00-6.00 pts0-6 pts
Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity? 6.006 6.006

The government does not impose restrictions on internet connectivity or mobile networks.

Australia is connected to the international internet through undersea cables that are not controlled by the government.1 Domestically, internet traffic flows through either commercial or nonprofit internet exchange points (IXPs)2 located in most major cities.3

Under the iCode, a set of voluntary cybersecurity guidelines for ISPs, internet connectivity may be temporarily restricted for users whose devices have become part of a botnet—an array of computers that have been hijacked for use in coordinated cyberattacks or spam distribution—or are at high risk of being infected with malicious software. Such users may have their internet service temporarily throttled or find themselves in a “walled garden,” or quarantine, until they have communicated with their ISP and restored security.4

The 1997 Telecommunications Act places obligations on providers to assist authorities in certain circumstances, including restricting the provision of services in emergencies.5

A4 1.00-6.00 pts0-6 pts
Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers? 5.005 6.006

The ISP sector is free of major legal, regulatory, and economic obstacles that might restrict the diversity of service providers. However, telecommunications giant Telstra has consistently held the largest share of the mobile and broadband markets.

Australia hosts a competitive market for internet access, with 63 providers as of mid-2017, including 9 very large ISPs (with more than 100,000 subscribers), 22 large ISPs (with 10,001 to 100,000 subscribers), and 32 medium ISPs (with 1,001 to 10,000 subscribers).1 Telstra commands over 47 percent of the fixed-line broadband market, with TPG, Optus, and Vocus holding smaller shares.2 All four leading ISPs sell NBN connections. As of 2018, Telstra controlled a 42 percent share of the mobile service market, followed by Optus with 26 percent and Vodafone with 17 percent.3

There are a number of smaller ISPs that act as “virtual” providers, maintaining only a retail presence and offering end users access through the network facilities of other companies. These “carriage service providers” do not require a license.4 The Australian Communications and Media Authority (ACMA) issues operating licenses that larger ISPs that own telecommunications infrastructure, or “carriers,” are required to obtain (see A5). Carriers must go through the independent Telecommunications Industry Ombudsman (TIO) dispute resolution process to resolve complaints from customers.5

A5 1.00-4.00 pts0-4 pts
Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner? 4.004 4.004

The ACMA is the primary regulator for the broadcasting, internet, and telecommunications sectors.1 Its oversight is generally viewed as fair and independent. ACMA members are formally appointed by the governor general of Australia (who in turn is appointed by the monarch on the recommendation of the prime minister and is advised by the government) for five-year terms.2

Australian ISPs are coregulated under the Broadcasting Services Act (BSA) of 1992, which combines regulation by the ACMA with self-regulation by the telecommunications industry.3 The industry’s involvement entails developing industry standards and codes of practice.4 There are more than 30 self-regulatory codes that govern and regulate the country’s ICT sector. ACMA approves self-regulatory codes produced by the Communications Alliance, Australia’s main telecommunications industry body.5

Small businesses and residential customers may file complaints about internet, telephone, and mobile phone services with the TIO,6 which operates a free and independent dispute resolution mechanism.

The government appointed its first “ambassador for cyber affairs,” Tobias Feakin, in late 2016. Feakin’s role includes advocating for “an open and secure internet.” He is tasked with ensuring that Australia has a strong and consistent stance on international cyber issues.7

B Limits on Content

B1 1.00-6.00 pts0-6 pts
Does the state block or filter, or compel service providers to block or filter, internet content, particularly material that is protected by international human rights standards? 5.005 6.006

Political and social content is rarely subject to blocking, and communications applications and social media are freely available. However, popular websites that frequently host copyright-infringing material, including Pirate Bay and Kickass Torrents, were blocked by two Federal Court judgments from 2016 and 2017.1 Owners of copyrighted material periodically obtain orders from the Federal Court of Australia blocking copyright-infringing websites. An April 2020 Federal Court decision ordered carriage service providers to block a range of copyright-infringing websites, the majority of which were pirate torrenting and streaming websites.2

Although the Australian government did not order any website blocks in the wake of the March 2019 terrorist attack in Christchurch, New Zealand—which was perpetrated by an Australian— several major Australian ISPs temporarily restricted access to 4chan, 8chan, LiveLeak, Voat, ZeroHedge, and other, smaller websites that were believed to be hosting or sharing recordings of the attacker’s livestreamed video.3 Major social media platforms on which the livestream was also disseminated were not blocked. The ISPs initially acted independently, but they later coordinated with ACMA and other government agencies.4 Critics raised concerns regarding the lack of transparency and oversight of the blockings.5 The restrictions reportedly remained in effect until September 2019, when the Office of the eSafety Commissioner permitted ISPs to undo the blocks on all but eight unspecified websites that “continue to provide access to the video of the Christchurch terrorist attacks or the manifesto of the alleged perpetrator.”6 There was no official, publicly available list of blocked websites. According to news reports, 43 sites were originally blocked.7

In 2019–20, the eSafety Commissioner deemed over 13,000 URLs to be prohibited or potentially prohibited, 99 percent of which held content that met the definition of child sexual abuse imagery. The eSafety Commissioner reported that content hosted overseas was referred to vendors of software filters.8

In November 2019, the Australian government introduced a website blocking scheme, permitting ACMA to request that ISPs block illegal gambling websites under Section 313(3) of the 1997 Telecommunications Act.9 The ACMA had requested that ISPs block at least 66 such websites in 2019–20.10

B2 1.00-4.00 pts0-4 pts
Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content, particularly material that is protected by international human rights standards? 2.002 4.004

Online content protected under international human rights standards is generally free from interference by state and nonstate actors. However, the courts sometimes attempt to inhibit publication of defamatory material on large social media platforms and search engines.

In April 2019, Parliament adopted the Sharing of Abhorrent Violent Material Act (see B3), which amends the criminal code to enforce the removal of a new category of online content, namely “abhorrent violent material.” The eSafety Commissioner reported that in 2019 and 2020, it issued 16 abhorrent and violent material notices to content or hosting services in relation to material provided via their service.1

In its most recent transparency report, covering July to December 2020, Facebook disclosed that it had restricted access to 80 items of content in Australia.2 Of these, 12 items were removed globally in response to a court order from Brazil; 3 items were related to organizing events that violated local social distancing laws during the COVID-19 pandemic; 1 item contravened Australia’s Interactive Gambling Act 2001; 1 item was related to government reports of defamation; and 1 item allegedly breached the Australian Corporations Act of 2001. Facebook also restricted access to 47 items in response to private reports of defamation and to 3 items in responses to Consumer Policy reports submitted by Liquor and Gaming NSW, an agency of the New South Wales state government. During the same period, Google responded to 791 content removal requests made on grounds including bullying and harassment (71 requests), defamation (23), nudity or obscenity (9), privacy and security (61), and copyright (14).3 Google complied with 71 percent of requests. Twitter received two takedown requests in the same period and complied with one.4

Recent court cases involving Google’s search results and autocomplete predictions have sought to clarify how Australia’s defamation laws are applied to online content. In June 2018, the High Court of Australia ruled in favor of Milorad Trkulja in a defamation case against Google.5 Although a lower court had dismissed the case, the High Court agreed with the appellant that autocomplete predictions and image searches related to his name could convey to an ordinary, reasonable person that Trkulja was linked to the criminal underworld.6 The case was expected to return to the Supreme Court of Victoria for trial, though no result from that court had been reported as of the end of the coverage period.7

In 2017 case involving a breach of confidential information, Twitter was ordered to prevent an offending user from creating any future accounts or posts, with worldwide effect. The Supreme Court of New South Wales Justice Michael Pembroke issued a global injunction against Twitter in relation to a series of posts published by an anonymous user that revealed confidential information about the plaintiff, an unidentified company. The court compelled the platform to prevent any future publication of the offending material and to remove all content associated with the user and information in question. Twitter had argued that it would not be feasible to proactively monitor user content, but the court held that they had failed to provide an adequate explanation of this claim and proceeded instead on the assumption that Twitter possessed a content-filtering mechanism.8 Commentators reacted to the decision with some concern, noting that its severity could validate the online censorship practices of undemocratic regional neighbors, like China.9

In 2015, the Supreme Court of South Australia found Google liable as a secondary publisher of defamatory content that was initially published by third-party websites and found in Google’s search results.10 The court dismissed Google’s appeal of the ruling in 2017.11

B3 1.00-4.00 pts0-4 pts
Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process? 2.002 4.004

Australia is home to a limited but increasing number of restrictions on the internet. Websites that offer illegal services such as interactive gambling may be blocked or filtered under a narrow but expanding set of circumstances.1 The legal and technical mechanisms by which ISPs filter illegal material have raised some concerns. In 2018, amendments to the criminal code in response to the Christchurch attack introduced an expansive new category of online content that social media companies must remove, while an amendment to the 1968 Copyright Act opened more avenues for blocking or removing copyright-infringing material.

In June 2021, after the coverage period, the Online Safety Act passed both houses of Australian parliament. The act, which will likely come into effect as law by the end of 2021, builds off the Enhancing Online Safety Act 2015.2 While the act aims to improve online safety by, for example, introducing protections against cyberbullying and child exploitation, it would expand the federal government’s ability to block and request the removal of certain online content. Content targeted under the act includes cyberbullying material targeted at an Australian child, nonconsensually shared intimate images, and cyberabuse material targeting any Australian adult.3 Under the act, users can make formal complaints about online content; the eSafety Commissioner would then be empowered to conduct investigations into those complaints and issue removal notices. Providers, which include social media services, “relevant electronic services”, “designated internet services”, hosting services, and any end-user that posted the material, must remove content sanctioned by the Commissioner within 24 hours of receiving a takedown notice.

The Commissioner would also be able to order ISPs to block access to sites hosting abhorrent violent material for a period of up to three months, particularly in order to respond quickly to a crisis. After the three months have expired, the eSafety Commissioner can renew the block indefinitely. The proposal currently contains no requirement for the eSafety Commissioner to give reasons for removal notices and provides no opportunity for users to respond to complaints.4 Failure to comply with a removal notice may yield a civil penalty.5 Civil society groups, tech companies, and other commentators have raised concerns about the law, including its speedy takedown requirements and its potential disproportionate effect on marginalized groups, such as sex workers, sex educators, LGBT+ people, and artists.6

Concerns persist over ISPs’ blocking of websites that hosted footage of the Christchurch attack. Critics contended that these blocks were not transparent, proportional, or—because they were imposed by private companies instead of the government—appropriate.7 In a public statement, Telstra acknowledged that the blocks “may inconvenience some legitimate users of these sites.” Vodafone issued a similar acknowledgment.8

While ISPs implemented those blocks on their own initiative, the government secured Parliament’s approval in April 2019 for amendments to the criminal code that required ISPs, along with “content service providers,” and “hosting service providers,” to “expeditiously” remove any “abhorrent violent material,” defined as content depicting attempted murder, terrorism, torture, rape, or kidnapping, that is accessible in Australia.9 Under current law, the Office of the eSafety Commissioner may alert companies to “abhorrent violent material” on their services; if the companies fail to “expeditiously” remove it, they could be fined AU$10.5 million (US$7.74 million) or 10 percent of their annual revenue. Individuals may be fined AU$2.1 million (US$1.55 million) or imprisoned for up to three years. The law also penalizes companies that fail to notify the Australian Federal Police (AFP) of material depicting “abhorrent violent conduct” occurring in Australia within a reasonable time after they become aware of it. These penalties are subject to appeal. Critics have expressed concern that the legislation could unreasonably place responsibility on executives and employees for content posted by users in an industry already grappling with the challenges of reviewing vast amounts of uploaded content.10 Critics also expressed fear that the broad definition of “abhorrent violent material,” and the haste with which companies must remove it, may lead to disproportionate restrictions.11 As of March 2020, the eSafety Commissioner had issued a total of 18 abhorrent violent material notices, 70 percent of which were removed for reportedly containing gore.12

Social media platforms periodically remove Australian pages and content deemed harmful and contrary to their policies, particularly removing pages and profiles spreading misinformation related to the COVID-19 pandemic in the past year. For example, in April 2021, Facebook permanently removed parliamentarian Craig Kelly’s page from the platform for posting misinformation about unproven COVID-19 treatments.13 Facebook and Instagram removed Australian celebrity chef Pete Evans’ pages for similar reasons.14

Australia’s copyright laws continue to evolve in response to the proliferation of copyright-infringing material online. In December 2018, the Copyright Act was amended to broaden its provisions, for example, by allowing blocking injunctions to be extended from sites hosting the material to search-engine providers, which must take reasonable steps to block search results for copyright-infringing content.15 The amendment also allows existing blocking injunctions to be extended to “new domain names associated with the blocked online location” without a new court order.16

Section 313(3) of the 1997 Telecommunications Act allows government agencies to block illegal online services. Following a formal review of the law, the federal government’s Department of Communications and the Arts published in 2017 new guidelines on the use of the provision that list “good practice measures” for agencies to follow, including” obtaining authorization from the agency head before disrupting online services, limiting disruptions to instances of serious offenses or national security threats, providing information to the public on uses of Section 313(3), and ensuring that the agency possesses appropriate technical expertise.17

Copyright holders may apply to the Federal Court to request that copyright-infringing websites and services located overseas be blocked by Australian ISPs under Section 115A of the Copyright Amendment (Online Infringement) Act of 2015.18 The court must take into consideration whether the overseas site has a primary purpose of facilitating copyright infringement, whether the response is proportionate, and whether a block is in the public interest. Additionally, there is no appointed party to represent the public interest in these cases.19

In early 2018, the Department of Communications and the Arts invited feedback on the implementation of the amendment. Most submissions indicated that the new legal regime was effective at reducing piracy and that the court process for injunctions was appropriate.20 Submissions made by digital rights groups, including the Australian Digital Alliance, cautioned against any further amendments to the law that would extend its application beyond ISPs to other intermediaries, or any reduction in judicial oversight of the law’s application.21

B4 1.00-4.00 pts0-4 pts
Do online journalists, commentators, and ordinary users practice self-censorship? 3.003 4.004

Journalists, commentators, and ordinary internet users generally do not face censorship, so long as their speech does not amount to defamation or breach criminal laws, such as those regulating hate speech or racial vilification.1 Australian defamation laws are widely regarded as among the most favorable to plaintiffs in the world, and fear of defamation suits has driven some self-censorship among both the media and ordinary users (see C2). Legal defenses against defamation that are typically available in other democratic countries, such as the public interest defense, are difficult to claim in practice, effectively inhibiting the publication of public interest journalism when there is a risk of defamation accusations.2 According to a survey of journalists published in 2019 by the Australian Media Entertainment and Arts Alliance, 80 percent of respondents reported that defamation laws made their jobs more difficult, with a quarter saying that stories they had written were not published due to fears of provoking legal proceedings.3

Separately, narrowly written orders to suppress coverage of ongoing legal proceedings are often interpreted by the media in an overly broad fashion, so as to avoid contempt of court charges.4 Some suppression orders are themselves excessively broad; both types can have a chilling effect on reporting. In June 2018, a judge in Victoria state imposed a global order suppressing reporting on the trial of Cardinal George Pell to mitigate the risk of a mistrial in another, related legal proceeding involving Pell, who was ultimately convicted on sex abuse charges in December of that year. Journalists criticized the suppression order for impeding reporting on a topic of high public importance. Though the order was lifted in February 2019, charges of contempt of court for noncompliance with the order were brought against 19 journalists, 21 publications, and 6 corporations in May 2020.5 The matter was resolved in February 2021, when prosecutors dropped all charges against individuals involved, allowing media outlets to plead guilty to breaching the suppression orders.6 In June 2021, after the coverage period, 12 media outlets were fined a combined AU$1.1 million (US$811,000) for reporting on the case.7

Journalists reporting on war crimes face particular pressure (see C3) and authorities have raided the homes of journalists whose reporting relied on whistleblowers.8

B5 1.00-4.00 pts0-4 pts
Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest? 3.003 4.004

The government does not control or manipulate online sources of information to advance any particular political interest.

The online portal of the publicly funded Australian Broadcasting Corporation (ABC) is a major source of news for Australians. Some members of the governing coalition have periodically called for the privatization of the ABC or cuts to its funding;1 commentators have characterized these proposals as a response to perceived left-leaning bias at the outlet. The persistent political pressure on the ABC has raised concerns about the potential impact on its editorial independence.2 For example, in 2018, Minister of Communications Paul Fletcher questioned whether ABC’s Four Corners program, which claimed that ministers had engaged in inappropriate conduct, “met the standards of fair and impartial journalism.”3 The media conglomerate News Corp Australia, which is controlled by Rupert Murdoch and is one of the leading players in the country’s concentrated news media market, is regarded by some observers as editorially biased in favor of the conservative Liberal Party–National Party coalition government.4

Major crises in recent years have led to significant disinformation campaigns online. Misinformation was rife on social media in relation to the bushfire emergency that affected Australia in late 2019 and early 2020. The online response to the bushfires both reflected and became a source of political polarization, particularly for social media users who denied the role of climate change in causing the crisis. False claims that the bushfires were predominantly caused by arson were spread widely online, both by real users and by bots.5

During the COVID-19 pandemic, manipulated online content has persisted (see B7). For example, researchers at the Queensland University of Technology reported that a hyperpartisan, small group of very active accounts drove the conversation on Twitter over Victorian Premier Daniel Andrews’s handling of the state’s second outbreak of COVID-19. The analysis showed that 54 percent of the top 50 accounts posting content using an anti-Andrews hashtag were anonymous accounts with fake profiles.6 Of accounts that used the #IStandWithDan hashtag, 34 percent were anonymous, fake accounts.

In attempt to address increasing online misinformation, the Digital Industry Group Inc., a nonprofit industry association that advocates for the interests of the tech industry in Australia, published in February 2021 the voluntary Australian Code of Practice on Misinformation and Disinformation. Developed with the assistance of ACMA, the code outlines practices to label, demote, or remove certain categories of false information; to prioritize credible content including through fact-checking programs; and to enhance transparency reporting. The code also includes practices for platforms to enhance transparency around political advertising. Twitter, Google, Facebook, Microsoft, Redbubble, and TikTok are among the platforms to have adopted the Code.7

Australia’s May 2019 federal elections featured a proliferation of online disinformation spread by domestic political parties. For example, the Liberal Party ran a targeted advertising campaign on Facebook that peddled false claims about the opposition Labor Party’s plans for a “car tax.”8 The Liberal Party denied responsibility for a similar campaign on Facebook that included a fake press release outlining Labor Party plans for a so-called death tax.9 In response to complaints regarding false information disseminated during the election campaign, Facebook representatives told Labor Party officials that the material would not be removed from the platform, but that it would be “demoted,” resulting in fewer views.10

B6 1.00-3.00 pts0-3 pts
Are there economic or regulatory constraints that negatively affect users’ ability to publish content online? 3.003 3.003

Users are generally free to publish content online without economic or regulatory constraints.

There are no limits on the amount of bandwidth that ISPs can supply, though ISPs are free to adopt internal market practices of traffic shaping, also known as data shaping. The principle of net neutrality is not enshrined in any law or regulation. Some Australian ISPs and mobile service providers practice traffic shaping under what are known as fair-use policies: if a customer uses peer-to-peer file-sharing software, internet connectivity for those activities will be slowed in order to release bandwidth for other applications.1

In February 2021, the government passed the News Media and Digital Platforms Bargaining Code, which establishes a mandatory arbitration regime for digital platforms, such as Facebook and Google, to negotiate with and ultimately pay news outlets for using their content.2 The term “digital platforms,” however, is not defined in the Code—rather, the Code was written to capture “platforms that deliver a wide variety of services” including social media, search engines, and other content aggregators. The minister of communications has the power to categorize services as digital platforms and, in making such a determination, must ensure there is a “significant bargaining power imbalance” between the news companies and the platforms.3

To date, no platforms have been formally designated as “digital platforms,” and Facebook negotiated that the government would have to give the platforms a “notice period” before future designation (see B7). The law also requires platforms to inform media outlets if algorithms change and what data they collect about users who engage with news content. To participate in the Code, a corporation must apply for their news business to be registered by the ACMA, must have an annual revenue above AU$150,000 (US$111,000) and meet several other requirements to qualify as a valid “news business.”4

Critics have said that the News Media Bargaining Code ensures that major news corporations benefit from the “systematic data collection and exploitation models” that digital platforms promote,5 and the deals negotiated between Google and large corporate outlets in the wake of the law’s passing could negatively impact media diversity.6 However, others have noted the added revenue could present an opportunity for news media outlets to invest in their newsrooms, potentially improving the quality and diversity of the journalism landscape in Australia.7

B7 1.00-4.00 pts0-4 pts
Does the online information landscape lack diversity and reliability? 3.003 4.004

Score Change: The score declined from 4 to 3 because Facebook blocked Australian news content on the platform for a week, which included content from civil society and public health groups.

The online landscape is fairly diverse, with content available on an array of topics. Australians have access to a broad selection of online news sources that convey uncensored political and social viewpoints.

However, the online news landscape is influenced by ownership concentration in the print media industry. News Corp Australia accounts for more than half of newspaper circulation in Australia, while Nine (Fairfax Media) also holds a sizeable share.1 News Corp’s is, according to some studies, the country’s most-viewed news website, and the digital versions of News Corp newspapers such as the Australian are also popular.2 Concerns about ownership concentration came to prominence ahead of the May 2019 federal elections. Consistent with News Corp’s historically conservative political orientation, its outlets published content favorable to the incumbent coalition. Some commentators criticized the company’s election coverage as excessively one-sided and lacking in scrutiny of the coalition.3 News Corp outlets have also been assailed for publishing content that is perceived to be supportive of white nationalism and prejudicial toward ethnic minorities.4

Shortly after the News Media and Bargaining Code passed in February 2021 (see B6), Facebook responded by blocking news content for Australian-based users entirely from its platform for a week. Non-news content was also restricted, including content from the Australian Bureau of Meteorology, civil society organizations, and public health groups. The social media platform reversed the block only after the Australian government agreed to make amendments to the new law, including giving platforms more time to negotiate deals with news outlets and a notice period if they were to be formally designated as one.5 Google ultimately responded by partnering with dozens of Australian outlets in a manner that is compliant with the Code.6

The news media landscape also suffered as a result of the COVID-19 pandemic. Dozens of small local outlets suspended service, limiting access to print media in some regions, and digital media outlets saw a drop in revenue as consumers limited their spending.7

Nevertheless, traditional and digital-only news outlets collectively ensure a substantial diversity of viewpoints are accessible to the public, and this is enhanced by other digital media such as blogs, Twitter feeds, Wikipedia pages, and Facebook groups.8 The publicly funded television station SBS features high-quality news programs in multiple languages, available offline and online, to reflect the diversity found in the country’s population.

Misinformation has persisted online throughout the COVID-19 pandemic, undermining the reliability of available information. Various false claims and conspiracy theories have circulated on social media, including claims that the coronavirus is a hoax or has been exaggerated as a threat; that the pandemic is linked to the construction of 5G towers; and that immigrants and refugees caused the spread of the virus.9 Online coronavirus disinformation has had real-world effects in Australia. False claims that testing kits were faulty or contaminated reportedly discouraged some people in Melbourne from getting tested.10 Meanwhile, a significant portion of Australia’s adult population is hesitant to receive a COVID-19 vaccine, and that hesitancy is, at least in part, attributable to misinformation consumed online. Migrant groups in Australia have been found to be particularly influenced by vaccine misinformation and are less likely to get a vaccine as a result.11

According to a 2019 report published by the University of Canberra, Australians’ trust in news accessed through social media has fallen, with 49 percent of respondents expressing distrust. Trust in the news media in general has also fallen, with 44 percent of respondents generally trusting news sources, a drop from the previous year, and 62 percent of Australians reporting feeling concerned about fake news online. Nevertheless, many Australians access news primarily through social media, with 47 percent of those in their late teens or early 20s using such platforms as their main source of news. By contrast, only 3 percent of news consumers over the age of 73 reported social media as their main source of news.12

B8 1.00-6.00 pts0-6 pts
Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues? 6.006 6.006

Australians use social media to petition the government and to mobilize for public protest without restrictions. For example, campaigns launched by GetUp!, an independent nonprofit advocacy group that campaigns on left-wing issues, garner significant engagement online. A YouTube video uploaded ahead of a 2017 postal survey on the possibility of legalizing same-sex marriage received more than 16 million views.1 GetUp! utilizes online petitions to raise awareness and gather support for causes such as cracking down on corporate tax avoidance and corruption.2

After Minister of Defense Peter Dutton sued refugee activist Shane Bazzi for defamation concerning posts on Twitter that labeled him a rape apologist (see C3), supporters set up a crowdfunding campaign in April 2021 to cover the cost of the legal proceedings that had raised over AU$150,000 (US$111,000) as of June 2021.3

Social media are sometimes used to scrutinize government policy. The Juice Media, a small local film company, uses Facebook and YouTube to post a highly popular video series called Honest Government Ads, which satirizes the government and covers topics such as Australia’s climate, immigration, and foreign policies.4 However, in 2017, they received pressure from the National Symbols Officer about their use of the Australian coat of arms.5

In the wake of mass protests in the United States sparked by the killing of George Floyd at the hands of a Minnesota police officer, Australians mobilized online to organize protests in state capitals against racial injustice, both abroad and as experienced by Aboriginal and Torres Strait Islander Australians.6

C Violations of User Rights

C1 1.00-6.00 pts0-6 pts
Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence? 5.005 6.006

Freedom of expression is not an explicitly protected constitutional or statutory right; Australia does not have a federal bill of rights.1 The High Court has held that there is an implied freedom of political communication in the constitution, but this extends only to the context of communications around the facilitation of representative democracy and communication with public officials.2 Australians’ rights to access online content and freely engage in online discussions are based less in law than on a shared understanding of the prerequisites for a fair and free society. The public benefits greatly from a culture of freedom of expression and freedom of information that is generally protected by an independent judiciary. The country is also a signatory to the International Covenant on Civil and Political Rights (ICCPR).

Australia has a free press, and journalists report on most topics without restriction. However, ownership concentration limits the diversity of the news media landscape, both for online and traditional journalism (see B7). In addition, whistleblower laws, laws pertaining to defamation, and suppression orders can inhibit reporting (see B4).

C2 1.00-4.00 pts0-4 pts
Are there laws that assign criminal penalties or civil liability for online activities, particularly those that are protected under international human rights standards? 2.002 4.004

Online activities that are protected under international human rights standards are sometimes subject to criminal penalties in Australia, primarily through the country’s defamation laws. The Sharing of Abhorrent Violent Material Act, adopted in April 2019, introduced criminal code provisions that could also be applied to online speech (see B3).

Defamation law has been interpreted to favor plaintiffs and is governed by state-level legislation as well as common law principles.1 However, there are several legal defenses against defamation claims, including those of truth, fair reporting on proceedings of public concern, and honest opinion. The majority of defamation cases between 2013 and 2017 involved online defamation, meaning ordinary social media users can find themselves exposed to lawsuits for their remarks.2 Three states, New South Wales, Victoria and South Australia, implemented reformed defamation laws in July 2021, after the coverage period.3 The reforms included the addition of a public interest defense, a single publication rule, and a serious harm threshold;4 they seek to standardize defamation laws across the nation while limiting the types of legitimate defamation claims and introducing new defenses.

A person may bring a defamation case to court based on information posted online by someone in another country, provided that the material is accessible in Australia and that the allegedly defamed person enjoys a reputation in Australia. This allows for the possibility of “libel tourism,” in which noncitizens file defamation cases in Australia against others based outside the country in order to take advantage of its favorable legal environment for plaintiffs. While the United States and the United Kingdom have enacted laws to restrict libel tourism, Australia is not currently considering any such legislation.

In some cases, the courts may grant a permanent injunction to prevent the publication of defamatory material, though this remedy is limited to cases involving a high risk that the defamation will continue.5

C3 1.00-6.00 pts0-6 pts
Are individuals penalized for online activities, particularly those that are protected under international human rights standards? 5.005 6.006

Several high-profile lawsuits from recent years involved online defamation, with defendants including members of the professional press as well as ordinary social media users. Observers warn that the financial penalties involved are punitive and could deter investigative reporting and free speech (see B4). In 2017, rulings favored the plaintiff in 43 percent of digital defamation cases, and courts awarded plaintiffs AU$100,000 (US$74,000) or more in seven suits.1 Amendments to defamation laws, which came into effect across three states in Australia in July 2021, may curb the volume and success of defamation suits (see C2), particularly in relation to defamation suits launched against social media users and journalists.

In a precedent-setting decision, a New South Wales Supreme Court judge ruled in June 2019 that media companies are liable for defamatory comments posted by third parties on their social media pages. In June 2020, the New South Wales Court of Appeal dismissed an appeal brought by media companies that had been found liable for defamation under the 2019 decision.2

High profile politicians, including senior cabinet members of Australia’s governing coalition, have been known to sue journalists for publishing unfavorable stories. Former federal attorney general Christian Porter launched defamation proceedings against ABC journalist Louise Milligan in March 2021. Milligan had authored an article about past rape allegations levelled against a “senior cabinet minister.” Porter claims that he was easily identifiable as the subject of the allegations and sought aggravated damages in Federal Court.3 He ultimately dropped his case against the ABC and Milligan in May 2021, after the parties reached a settlement agreement4 The ABC reported that running the case up until the parties reached settlement had cost AU$780,000 (US$575,000).5

A high-profile defamation case brought by decorated soldier Ben Roberts-Smith was being heard by the Federal Court of Australia as of June 2021. Roberts-Smith is suing news outlets the Age, the Sydney Morning Herald, and the Canberra Times for publishing stories in 2018, which he claims are false, alleging that Roberts-Smith had committed war crimes while deployed in Afghanistan. His legal team was being funded by chairman of Seven West Media, Kerry Stokes, a major competitor of the news outlets subject to the suit. The case could have significant implications for reporting on matters of public interest, particularly those related to the military, as journalists and media outlets may balk at covering on topics that could attract expensive defamation suits.6

In April 2021, Minister of Defense Peter Dutton launched defamation proceedings against refugee activist Shane Bazzi, after Bazzi called Dutton a rape apologist on Twitter. In his submissions to the Court, Dutton accused Bazzi of “showing malice,” and of further demeaning him by claiming to the media the defamation suit suppressed free speech.7 Bazzi’s legal representatives have said Bazzi validly expressed an “honest opinion,” which is a defense available in defamation suits (though the Federal Court confirmed in January 2021 that the honest opinion defense is subject to strict limits).8

In May 2021, New South Wales Deputy Premier John Barilaro launched defamation proceedings in Federal Court against YouTuber Jordan Shanks, who runs the popular YouTube channel Friendlyjordies, in which Shanks often discusses Australian political issues. Shanks has alleged, among other things, that Barilaro is corrupt and has mocked his Italian heritage. In his suit, Barilaro also included a claim against Google for failing to remove the videos.9 The matter escalated in June 2021, after the coverage period, when New South Wales police arrested Kristo Langker, a producer of the Friendlyjordies YouTube channel, on charges of stalking Barilaro. Langker had allegedly approached Barilaro while filming on two occasions in attempt to discuss the defamation proceedings. Some commentators have expressed concern about the apparent police overreach in arresting Langker. The matter remained pending as of June 2021.10

Personal disputes between individuals on social media have also led to successful defamation litigation. In May 2020, a Sydney man was awarded AU$35,000 (US$25,800) for damages caused by a post in a Facebook group accusing him of being a stalker and a danger to women.11 Such litigation is likely to be curbed by recent amendments to defamation laws that require claimants to satisfy a “serious harm threshold,” whereby they must prove to the court prior to a trial that the defamation has, or will likely, cause them serious harm.

C4 1.00-4.00 pts0-4 pts
Does the government place restrictions on anonymous communication or encryption? 2.002 4.004

Individuals do not need to register to use the internet, and there are no restrictions on anonymous communications. However, verified identification information is required to purchase any prepaid mobile service.1 Additional personal information must be submitted to a mobile service provider before a phone can be activated. All recorded information is stored while the service remains activated, and it may be accessed by law enforcement and emergency agencies with a valid warrant.2

In December 2018, Parliament passed the Telecommunications and Other Legislation Amendment (Assistance and Access) Act, which allows intelligence and security agencies to send a mandatory notice or a voluntary request to ”communications providers” to change or break their own encryption technology in order to facilitate access to user data (see C6).3 The law prohibits assistance that would undermine encryption or security for users at large, but critics have noted that, in practice, it is difficult (and in some cases impossible) to enable authorities’ access to one user’s data without creating exploitable vulnerabilities that could affect others.4 The law also undermines the “journalist information warrant” (see C5), which is the limited protection that requires law enforcement to file a warrant when accessing journalist’s metadata because, under the 2018 law, authorities could feasibly install spyware on a journalist’s phone to access their metadata.

In August 2021, after the coverage period, the Australian government passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill, which poses a threat to encryption as it allows authorities to takeover an individual’s social media account (see C5).5

C5 1.00-6.00 pts0-6 pts
Does state surveillance of internet activities infringe on users’ right to privacy? 2.002 6.006

The government has expanded its surveillance and data-gathering capabilities in recent years. According to evidence given before the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in August 2020, the AFP had issued 8 requests to access encrypted user data and the New South Wales Police force had issued 13.1 The Australian Security Intelligence Organisation (ASIO), the country’s domestic intelligence service, has also employed the new legislation. These requests are not subject to judicial oversight in cases where authorities had already seized a device.2

While the Privacy Act 1988 (Cth) grants some privacy protections, it does not provide individuals with a judicial remedy for privacy breaches, regardless of whether state or nonstate actors were responsible.3 However, individuals can file a complaint to the Office of the Australian Information Commissioner (OAIC ), the country’s privacy regulator, who can provide them with compensation in cases where their data was breached.4 In 2017, the Federal Court clarified that metadata do not qualify as personal information and are therefore not subject to statutory protections, further narrowing the scope of the Privacy Act.5 Law enforcement agencies no longer require a warrant to access metadata under the 2015 Telecommunications (Interception and Access) Amendment (Data Retention) Act (see C6), except when accessing the metadata of journalists, for which they must file a journalist information warrant.6 At the end of the coverage period, the government was reviewing the Privacy Act 1988 (Cth), including amendments to the definition of personal information and whether individuals should have a right of action to safeguard their right to privacy under the Act.7

In June 2021, after the coverage period, both houses of Parliament passed the Telecommunications Legislation Amendment (International Production Orders) Bill 2020,8 which establishes a new legal framework to access overseas communication data for law enforcement and national security purposes, facilitating access to encrypted communications provided by non-Australian companies.9

The Surveillance Legislation Amendment (Identify and Disrupt) Bill, passed in August 2021 (see C4), would grant the AFP and Australian Criminal Intelligence Commission (ACIC) the ability to request new types of warrants to investigate and disrupt “serious” crime. Warrants would be issued by an eligible judge or nominated Administrative Appeal Tribunal (AAT) member. The law contains three types of warrants. First, data disruption warrants would enable the AFP and ACIC to modify, add, copy, or delete data for the purpose of impeding the commission of serious offenses online. Second, network activity warrants would give the AFP and ACIC access to the devices and networks of the warrant’s subject. Third, the AFP and ACIC would have the power to take control of and lock the warrant’s subject out of an online account for the purpose of gathering evidence. The takeover warrants would also be permitted to be issued internally in an emergency, and subsequently authorized by a magistrate.

To take over an account, defined as a “an account that an electronic service has for an end user,” law enforcement agencies have the right to use an individual’s account credentials, including passwords, PINs, and biometric forms of identification; alter account credentials; and remove two factor authentication requirements. The law also permits law enforcement to object to the public disclosure of the information gathered if “the information…could reasonably be expected to reveal details of account takeover technologies or methods,” raising concerns about authorities’ ability to access accounts on encrypted messaging services.10

The OAIC had raised concerns about the law, noting that it lacks important safeguards and grants agencies wide-ranging and coercive powers that may affect individuals not suspected of involvement with criminal activity.11 Local human rights organizations also decried the surveillance legislation as overly broad, undemocratic, and disproportionate.12

In December 2020, the Data Availability and Transparency Bill was introduced, which would significantly broaden the government’s powers to share individuals’ personal data among its agencies and accredited parties to support three limited purposes: the delivery of government services, informing government policy and programs, and research and development.13 The law’s stated objective is to improve service delivery to citizens while enabling more evidence-based policy development. While it does contain some privacy safeguards, including requiring that consent be obtained before sharing an individual’s personal information unless it is “impractical” or “unreasonable,” the OAIC has warned that the legislation could reduce Australians’ privacy protections and lead to mishandling of personal information. Specifically, the OAIC has called for the data bill to compel agencies to anonymize data when possible and to include a robust data minimization approach, whereby data must not be shared when the purpose could be achieved without sharing personal information.14

In April 2020, the government developed and launched COVIDSafe, an app designed to assist authorities with COVID-19 contact-tracing efforts.15 Downloading the app, which uses Bluetooth contact-chaining with encrypted and anonymized identifiers, is not mandatory. Collected data identifiers are stored securely on the user’s device for a period of 21 days.

After the opposition and independent regulators raised concerns about data collection via the app, Parliament passed legislation16 specifying that data collected through COVIDSafe can only be used for COVID-19 contact-tracing purposes. The law prevents any individual from being coerced or forced to download the app against their will. It does not mandate retention limits for data collected by COVIDSafe, nor does it specify a date for the app to sunset.17 In November 2020, Australia’s Inspector General of Intelligence and Security published reports that intelligence agencies had incidentally collected data from COVIDSafe in the course of its lawful activities. There is no evidence that any agency decrypted or otherwise used the data.

As of 2021, the COVIDSafe App was rarely used by the public or contract-tracing groups; QR check-in codes were the preferred method for tracking transmission of COVID-19. In Western Australia, police accessed data from the application at least twice, which led the Western Australian government to introduce legislation restricting their access in June 2021. In Victoria, the police requested access to the data on three occasions, but it was not granted by the Health Department and Service Victoria; however, the Victorian government had not introduced a law to restrict access to this data by the end of the coverage period.18

The Australian Signals Directorate (ASD), Australia’s cyberintelligence agency, confirmed in March 2020 that it had spied on Australian citizens in the past year. While the ASD typically conducts surveillance of targets outside of Australia, the agency confirmed that it had, in an unspecified number of cases involving “rare circumstances,” obtained ministerial approval to conduct domestic surveillance.19

In 2014, Parliament enacted amendments to national security legislation that increased penalties for whistleblowers and potentially allows intelligence agents to monitor an entire network of people with a single warrant. In particular, a new section (35P) added to the 1979 ASIO Act included provisions that threaten journalists and whistleblowers with a 10-year prison term if they publish classified information related to special intelligence operations.20 Section 35P was subsequently amended to offer some protections to journalists.21 Other worrying amendments to the ASIO Act included changes to the scope of warrants; notably, the definition of “computer” was broadened to allow authorities to access data on multiple networked computers with a single warrant.

Privacy concerns have been raised in response to the launch of online databases and data sharing initiatives. In 2017, the government announced the creation of a national facial biometric database that would make driver’s license photographs and other images of citizens available across government departments. Critics characterized the move as a serious privacy violation to which citizens did not consent when they originally provided their photographs.22

Police in New South Wales have been using the government’s facial recognition database, referred to as “the Capability,” to compare passport photos with closed-circuit television (CCTV) footage, despite the Australian Human Rights Commissioner’s call for a moratorium on facial recognition.23

Another initiative facing significant criticism from privacy groups, as well as parts of the medical community, is the government’s My Health Record, a database system created under a 2012 law that automatically generates a digital summary of citizens’ key health information. Amendments were enacted in December 2018 to address privacy concerns, requiring a court order before My Health Record data can be released to the police or government agencies.24 However, concerns persist regarding the security of the data, especially because almost a million medical practitioners have access to the system, increasing the risk of breaches.25 The OAIC reported that in 2019–20, it had been notified of one data breach related to the My Health Record database (see C8).26

C6 1.00-6.00 pts0-6 pts
Does monitoring and collection of user data by service providers and other technology companies infringe on users’ right to privacy? 3.003 6.006

Technology companies have become more involved in state surveillance in recent years, thanks largely to the Assistance and Access law adopted in December 2018 that gives Australia’s intelligence and security agencies the power to compel ”communications providers” to undermine their own encryption technology in order to obtain user data.1 The law allows these agencies to issue requests for encrypted data under a broad set of circumstances, including for the purpose of safeguarding the country’s national security, foreign relations, or economic well-being. Requests may also be issued for the purpose of enforcing criminal law.

According to the Department of Home Affairs, tech companies were issued “Technical Assistance Requests” under the new law on seven occasions between July 2018 and June 2019. These are voluntary requests for the companies to use existing capabilities to assist agencies with access user information. While the Assistance and Access law allows relevant agencies to compel tech companies to comply, including with requests to build capabilities into products to facilitate access, no such compulsory requests were issued as of August 2020.2

Rights groups have criticized the Assistance and Access law’s broad reach, relative lack of oversight, and harsh penalties. Opponents have also raised concerns about its potentially stifling effect on the country’s technology sector, as local companies could be forced to create products that are less secure than those of their foreign competitors.3 Companies that fail to cooperate could face fines of up to AU$10 million (US$7.37 million), while individuals could face prison time. The Department of Home Affairs maintains that the Assistance and Access law is necessary, and that it will operate with sufficient oversight to prevent abuse. All requests for assistance are overseen by various Commonwealth bodies, depending on the requesting agency. Organizations subject to a request for assistance have the right to complain or appeal to the relevant oversight body for the requesting agency, and technical capability notices—which require the recipient to change or break their own encryption technology—must be issued by the attorney general and approved by the minister for communications.4

Law enforcement agencies with a lawful warrant may search and seize computers. They may also compel ISPs to intercept and store data from individuals suspected of committing a crime, as governed by the Telecommunications (Interception and Access) Act 1979 (TIAA). ISPs and similar entities are prohibited from, on their own imperative, monitoring and disclosing the content of communications without the customer’s consent.5 Unlawful collection of a communication and disclosure of its content can draw both civil and criminal sanctions.6 The TIAA and the Telecommunications Act explicitly authorize a range of disclosures, including to specified law enforcement and tax agencies. ISPs are currently able to monitor their networks without a warrant for “network protection duties,” such as curtailing malicious software and spam.7

Under the Online Safety Act 2021 (see B3), the e-Safety Commissioner has powers “to obtain information about the identity of an end-user and the contact details of an end-user from a social media service, relevant electronic service or designated internet service.” The Commissioner can only exercise these powers where the information sought is relevant to the operation of the Act.8

The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 requires telecommunication companies to store two years’ worth of customer metadata.9 Telecommunications companies were required to update their technology to be compliant with the law by April 2017, receiving a substantial grant from the government to assist with the process.10 That month, the government confirmed that metadata would not be available for use in civil cases.11

In October 2020, the PJCIS released a report on its review of Australia’s data retention regime with 22 recommendations for changes, including that the Department of Home Affairs prepare national guidelines on the operation of the mandatory data retention scheme for enforcement agencies. The report further recommended that the Act be amended to clarify that service providers are not required to store information generated by “Internet of Things” devices.12

The Department of Home Affairs reported that in 2019–20, 311,312 authorizations were issued to access retained data, which was used by state police forces to “enforce criminal law.” In the same reporting period, the Department disclosed that 1,385 warrants had been issued to law enforcement agencies for stored communications under the TIAA. Law enforcement agencies also made 32,856 authorizations for the disclosure of prospective telecommunications data. The AFP did not seek any warrants in 2019–20 for metadata disclosure for the purpose of identifying journalists’ sources.13

The Commonwealth Ombudsman reported in April 2021 that, since 2007, the Australian Capital Territory’s police force had systematically gained access to location-based services under the TIAA, in a manner that was not compliant with the law. For example, compliance issues included accessing locations of the wrong individuals, accessing location after an authorization expired, and authorizations not being signed by the appropriate individual.14

The TIAA’s 2015 amendment added extra privacy protections for journalists, requiring security agencies to obtain a warrant before accessing journalists’ metadata. However, incidents of unauthorized access and loopholes in the Assistance and Access law have undermined faith in these safeguards (see C4).15

The data collection practices of technology firms have also come under scrutiny. Following revelations that Cambridge Analytica had improperly accessed the data of Facebook users, including more than 300,000 Australians, the OAIC launched an investigation into the matter in April 2018, which found that Facebook had breached privacy laws by disclosing Australian users’ personal information to a third party, including Cambridge Analytica and other political profiling operations.16 The commissioner initiated a civil suit against Facebook in March 2020, seeking declaratory relief and civil penalties under the Privacy Act, which can entail fines of up to AU$1.7 million (US$1.25 million) for each serious or repeated interference in a person’s privacy.17 The case remained pending at the end of the coverage period, though in September 2020 the court ruled on an interlocutory matter, finding that Facebook does conduct business within Australia, which brings it within reach of Australian regulations. Facebook has appealed that decision.18

The Federal Court of Australia ruled in April 2021 that Google breached Australian consumer laws by misleading Android users about how they can limit the company’s ability to obtain, retain, and use personal location data.19 As of May 2021, the Court had not yet announced when and what penalty will be imposed on Google.20

The Data Availability and Transparency Bill 2020 also provides a mechanism by which the government can share citizens’ data with “accredited” third parties, such as academics and scientists. To become accredited, entities must satisfy certain security, privacy, and governance requirements.21

C7 1.00-5.00 pts0-5 pts
Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in relation to their online activities? 5.005 5.005

Violence against online commentators is rare in Australia. Controversial figures are occasionally subject to intimidation and death threats.

In a widely criticized move, the AFP raided the offices of the ABC and the home of a journalist in June 2019. The raids came in response to the broadcaster’s publication in 2017 of the “Afghan Files,” a series of stories based on leaked documents that focused on misconduct and unlawful killings by Australian soldiers in Afghanistan. The AFP presented a warrant before entering ABC premises and searched through files relating to the stories, which appeared on the ABC’s website.1

In a separate June 2019 incident, the AFP raided the home of News Corp journalist Annika Smethurst, in response to a story she wrote the previous year regarding leaked plans to expand the government’s spying powers. The warrant gave the AFP permission to search Smethurst’s home, computer, and phone as part of their investigation into the alleged publication of classified material.2

In April 2020, the High Court of Australia ruled that warrant relied upon by the AFP in the Smethurst raid was invalid, as it lacked basic details about the nature of the alleged offense. Although the High Court declined to prohibit the evidence produced by the search from use by prosecutors,3 the AFP subsequently confirmed that it would not pursue charges against Smethurst.4

The media industry and civil society denounced these raids as a disturbing threat to press freedom that undermined reporting on national security and defense matters.5

The eSafety Commissioner recorded an increase in reports of cyberabuse on social media platforms during the coverage period, with a 12 percent increase in complaints in 2019–20 compared to 2018–2019. The majority of victims were women. In the same period, the eSafety commissioner recorded a substantial increase in reports of image-based abuse, which includes the nonconsensual sharing of intimate images, with 2,702 reports received, compared to 950 in the previous period.6

C8 1.00-3.00 pts0-3 pts
Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack? 1.001 3.003

Cyberattacks and hacking incidents remain a common concern, though they generally target larger institutions and have not been widely used to censor online speech or punish government critics.

Australian public institutions and businesses were targeted by a large-scale coordinated cyberattack in June 2020. Though the government did not specify the source of the attack, Prime Minister Scott Morrison stated that a sophisticated state-based actor was behind it, leading many to suspect that the Chinese government was responsible.1 Separately, Western Australia’s state parliament was targeted by a cyberattack involving Microsoft software in March 2021. No sensitive data was stolen as a result of the attack, though the parliament’s internal mail servers were temporarily disabled. Hackers linked to the Chinese government were suspected to have been behind the attack.2

A significant cyberattack in March 2021 targeted Parliament, causing employees to lose access to their emails for a limited period of time. The government reported that no information had been compromised. Channel 9, a major Australian broadcaster, was affected by a similar attack in March, causing interruptions to some broadcasting.3

These incidents followed several notable attacks affecting Australians in the previous coverage period. In May 2020, the office of West Australian premier Mark McGowan was targeted in an attempted attack using malware that had previously been traced to hackers linked to the Chinese government. It remains unclear whether any information was compromised.4 Earlier, in February 2019, the government announced that the computer networks of Parliament and major political parties, including the Labor, Liberal, and National Parties, had been subjected to malicious cyberactivity.5 The incident was blamed on a ”sophisticated state actor,” which Prime Minister Morrison declined to name.6 Public discussion focused suspicion on the Chinese government, which dismissed the notion as “baseless.”7 In September 2019, Australian intelligence reportedly came to the conclusion that China’s Ministry of State Security was behind the attack.8

A September 2018 breach at the international hotel company Marriott was attributed to Chinese intelligence services.9 Hackers based in China breached the Australian National University’s computer systems in both July 2019 and May 2019;10 the latter resulted in the theft of 200,000 people’s personal data.11

The Australian Cyber Security Center (ACSC) responded to 2,266 cyber security incidents in 2019–20, with an increase in COVID-19 themed malicious cyberactivity. A large proportion of reported incidents affected Commonwealth institutions, state and territory governments, and critical infrastructure.12

On Australia

See all data, scores & information on this country or territory.

See More
  • Global Freedom Score

    95 100 free
  • Internet Freedom Score

    76 100 free
  • Freedom in the World Status

  • Networks Restricted

  • Websites Blocked

  • Pro-government Commentators

  • Users Arrested