If passed, the Social Media (Anti-Trolling) Bill 2021 (Cth) will significantly expand the liability of social media platforms for defamatory posts by their users, deny the platforms recourse to the innocent dissemination defence and make access to a new safe-harbour defence conditional on unmasking anonymous end-users (which raises complex practical and ideological issues, with implications for all web users).
What you need to know
The Federal Government has urgently released a defamation reform bill for public consultation called the Social Media (Anti-Trolling) Bill 2021 (Cth) (Bill). The Bill is in response to the High Court’s decision in Fairfax Media Publications Pty Limited v Voller  HCA 27 (8 September 2021) (Voller), which held that media organisations which operated Facebook pages were liable as publishers of third party comments posted on those pages (read our article here).
Although the Bill’s stated aim is to refocus defamation proceedings between the ‘victim and originator’, it risks making social media companies the only target of such actions.
If implemented, the Bill will:
- deem Australian page operators not to be publishers of third party comments, effectively reversing the decision in Voller;
- deem social media services (Providers) – such as Twitter, Facebook and TikTok – to be publishers of comments made in Australia, and in respect of such comments:
- deny Providers recourse to the innocent dissemination defence in defamation actions or the ability to rely on s 235 of the imminent Online Safety Bill 2021 (Cth) (which will come into effect on 23 January 2022, and replaces clause 91 of Schedule 5 of the Broadcasting Services Act 1992 (Cth)); and
- in order to access a new defence, require Providers to:
- set up and comply with a complicated prescribed complaints scheme; and
- collect and disclose end-user identity and country location information to complainants, either under the complaints scheme or in response to an ‘end-user-disclosure’ order;
- require Providers to submit to the jurisdiction by having a “nominated entity” in Australia where they have more than 250,000 Australian account holders.
If an end-user posts anonymously, a Provider cannot access the Bill’s safe-harbour unless country location and (if requested/ordered) contact details for the originator are disclosed to a complainant. Putting to one side the issue of the practical ability of Providers to access accurate contact information for its end-users, disclosing it has significant implications for privacy, freedom of expression and whistle-blower protection.
In order to access the new defence, Providers will need to set up and comply with a complaints scheme that meets prescribed criteria.
If the complaints scheme is engaged, in the first instance Providers are required to disclose whether or not the originator “appears to have been in Australia” when the comment was posted.
If the country location data suggests that the comment was made in Australia, the complainant can request the originator’s contact details. However, the Provider cannot disclose this information without the originator’s consent. Given that the disclosure of this information will allow proceedings to be commenced against the originator, it seems that there is a significant disincentive for the originator to consent (the availability of an end-user information disclosure order only partly mitigates this).
If the commenter does not consent, the Provider cannot provide their identification details and, as a result, cannot rely on the safe-harbour defence at this stage.
The complaints scheme also contemplates that a Provider can remove a comment with the originator’s consent, but such an action does not appear to assist the Provider in relying on the safe-harbour – if the comment is removed but the complainant is still not satisfied with the outcome, both the Provider and the originator may still be on the hook (although any damage would be mitigated).
End-user information disclosure order
To compel the disclosure of the originator’s contact details, or as an alternative to using the complaints scheme, the complainant can approach the court for an “end-user information disclosure” order.
The nub of the test for such an order is that the complainant reasonably believes that there may be a right to obtain relief in defamation against the originator. This is similar to the current test for preliminary discovery in the Federal Court.
The court may refuse to make the order if it is satisfied that disclosure is likely to present a risk to the originator’s safety. The Bill states that the safety ground does not limit the power of the court to refuse to make the order.
It is unclear how the court is to exercise the discretion to make orders. It is concerning that the Bill does not include a requirement to take into account countervailing human rights considerations before ordering the disclosure of the identity of an anonymous online user. Such considerations include data rights, privacy rights, whistle-blower rights and the right of freedom of expression.
There are a number key issues which compromise the Bill’s ability to deliver on its stated aim.
First, ‘trolling’ activity on social media is often not defamatory, and can instead amount to mere vulgar abuse or bullying. The Bill would require Providers to make an assessment as to whether a comment is prima facie defamatory, which may be difficult to do without relevant background information and context.
Second, as discussed above, in circumstances where the originator’s contact details are sought, Providers are not able to avail themselves of the safe harbour defence unless:
- the originator consents (which is unlikely to occur given it exposes them to liability); or
- the complaint seeks an end-user disclosure order.
Platforms have no capacity to control these events, yet no defence has been provided for where neither of these events occurs.
Third, even if either of the above circumstances eventuate such that the Provider is permitted or compelled to disclose relevant contact information, the Provider will not be able to access the safe harbour unless it has legitimate contact information for the originator. Given the vast number of existing social media accounts, there are serious practical impediments to Providers being able to verify the identity of each end-user. There is also an incentive for end-users to provide false information in order to avoid potential liability.
Fourth, even if the Provider has access to relevant contact details, disclosing them may raise significant issues for the privacy of users, freedom of expression and whistle-blower protection.
Fifth, the Bill seeks to incentivise Platforms to comply with its requirements in two ways:
- by imposing a 500 penalty unit per day fine on foreign Platforms that fail to nominate an agent within the jurisdiction which meets the specified criteria, including having access to relevant contact details of end-users of the Platform; and
- by mitigating the strict liability it imposes on Platforms with the safe-harbour defence.
However, given the significant impediments to and issues with accessing the safe-harbour as outlined above, Platforms will be liable as publishers if they are unable to successfully reveal the identity of the originator. The originator is in the best position to justify any statement complained of and, without the cooperation of the originator, the provider is unlikely to be able to raise a defence to a defamation action. In such a scenario, Platforms are essentially sitting ducks.
What happens next?
Direct feedback on the Bill is open until 21 January 2022.
It is unclear how the Bill fits in with Stage 2 of the review of the Model Defamation Provisions currently being undertaken by the Attorneys-General Defamation Working Party. That review is relevantly considering complex issues in relation to complaints processes, and internet intermediary liability and defences.
If you would like more information, contact the Media team.
Isabelle Gwinner | Graduate Lawyer | +61 3 9641 8641 | firstname.lastname@example.org
 See, for example, Seven Consulting Pty Ltd v Google LLC  FCA 203 ; Kabbabe v Google LLC  FCA 126  (note, the nominated entity requirement removes the need to seek leave to serve internationally, which requires a prima facie case to be established).