Scams legislation welcome, but five key questions need answers
DIGI media release, 17 September: The Digital Industry Group Inc. welcomes the release of the Government’s Scams Prevention Framework exposure draft, particularly the sector-specific codes with strong obligations for digital platforms, telecommunications and banks to protect Australians against scams.
On the release of the legislation, DIGI, Managing Director, Sunita Bose said:
“Scammers must be stopped at every step of their game, on every service across the economy they exploit, and we welcome the Government’s efforts to prevent these relentless criminals robbing Australians of hard-earned savings.
“The mandatory sector-specific codes are a critically important piece of the Scams Prevention Framework, because if every part of the economy that’s exploited by scammers has relevant safeguards in place to bolster their defences, consumers will be better protected.
“DIGI developed a blueprint for anti-scam best practice for the digital industry in the Australian Online Scams Code, signed by major mainstream tech companies, and will continue to work with the Government to fight scammers.
“There are some good consumer protections in this legislation however, when you situate it in the bigger picture, there are five key questions that need to be answered so that the law better empowers both consumers and companies to fight scammers.”
“Particularly as the approach departs from international models, DIGI looks forward to working with the Government, along with other expert stakeholders, on the many hard questions that lie ahead in their proposed model.”
Some of the key questions that DIGI has identified in its analysis of the bill include:
1. What is the role of the National Anti Scam Centre under the new legislation?
The Government has invested $58 million in funding to the complete the setup of the National Anti-Scam Centre (NASC) over the next two years, designed to share information across sector and disrupt scammers. Yet the NASC is not mentioned in the legislation, nor the explanatory memorandum. Consumers and companies should clearly understand the role of the NASC under the new framework. DIGI has long supported the establishment of the NASC and is proud to be represented on its Advisory Board and other working groups.
2. Is any regulator empowered to direct companies to remove scam websites or ads?
The exposure draft proposes a “multi-regulator model” where multiple regulators have powers in relation to scams, yet it doesn’t appear that any regulator can actually take down non-investment scam content. Mainstream companies, like DIGI’s members and the signatories of The Australian Online Scams Code, have longstanding policies to remove scam content. However, a gap remains for 1) less mainstream services without such policies, and 2) edge cases where companies do not have enough information to verifiably conclude that content is a scam – in such cases, strong penalties could incentivise the removal of legitimate small business activity. Today, the Australian Securities and Investments Commission (ASIC) only has takedown powers in relation to investment scam websites – and removes up to 20 scam websites a day – but the legislation does not propose takedown powers for other scam types (e.g. impersonation scams).
3. What does the regulator do with the millions of scams reports it will receive under the scheme?
Under the regulation, entities face serious penalties if they don’t share information about potential scams with the regulator, which will inundate the ACCC with an unprecedented volume of reports about scams. It is unclear what the ACCC will do with all of that information, and how the information they amass will benefit consumers.
4. How do consumers or companies find out if something is a scam before it’s too late?
In relation to question 3, DIGI recommends that the ACCC share a more manageable set of actionable reports with the National Anti-Scam Centre to use that information to develop a public, searchable database of known scams that consumers and companies can use to investigate whether something is a scam in real-time. This should be the focus of the $44 million allocated to the NASC in the federal budget for a “technology build”.
5. How long would a consumer have to wait to be reimbursed from a scam under the scheme?
Unlike international models, such as in the UK where banks reimburse scam victims, under the proposed Australian scheme, there could be a protracted examination through an external dispute resolution body of different companies’ relative roles in the scammers’ attack, in order to determine possible redress. Unlike the UK scheme, that could take years for any form of reimbursement for people who have lost their life savings because of the sheer number of different services scammers exploit in their complex attack chain*.
DIGI looks forward to working with the Government and other expert stakeholders throughout the consultation period on the finalisation of the proposed legislation.
*A typical scam attack chain
About the Australian Online Scams Code
On 26 July 2024, eight leading companies in the tech industry announced the launch of a proactive code aimed at combating scam activity in Australia. The Australian Online Scams Code (AOSC) has been signed by Discord, Google, Meta, Snap, TikTok, Twitch, X and Yahoo as initial signatories, and is open to others to adopt as a proactive consumer protection measure. The Australian Online Scams Code offers a holistic response with 38 commitments grouped under 9 key themes, which span blocking and takedown, advertiser verification measures and increased collaboration with Australia’s National Anti-Scam Centre.
The code was developed by the Digital Industry Group Inc. (DIGI), a non-profit industry association working on online harms, data protection, and consumer protection. The AOSC establishes immediate consumer protections and a blueprint for combatting scams in the digital industry in advance of the Government’s forthcoming reform agenda in relation to scams, recognising that mandatory code development cannot commence until after the passage of the Treasury Laws Amendment Bill 2024: Scams Prevention Framework.
About DIGI
The Digital Industry Group Inc. (DIGI) is a non-profit industry association that advocates for the digital industry in Australia. DIGI is a key Government partner in efforts to address online harms, data and consumer protection online and to grow the digital economy, through code development, partnerships and advocacy for effective and implementable approaches to technology policy.