Technology Media and Communications.jpg

Legal update on information and communication technology - August 2015

10 August 2015

Government procuring agencies must follow the rules

Problem Gambling Foundation of New Zealand v Attorney-General [2015] NZHC 1701

The Problem Gambling Foundation (the Foundation) has been successful in a judicial review of the Ministry of Health's (the Ministry's) decision to award problem gambling services contracts to providers other than the Foundation, following a Ministry RFP process.

The High Court set the Ministry's decision aside because:

  • The Ministry breached the Mandatory Rules of Procurement by Departments (which have since been replaced by the Government Rules of Sourcing) and the Foundation's legitimate expectation, by not following the evaluation criteria and methodology that the Ministry set out in its own RFP

  • The Ministry's evaluation methodology was flawed

  • Some of the panel members evaluating responses had an apparent bias, the Court having applied a high standard of apparent bias that usually applies to judges and jurors.

The case shows that the courts will enforce the Government Rules of Sourcing and any terms set out in the relevant RFP.  Government agencies conducting a procurement process should comply with the requirements set out in the Rules of Sourcing and in their own procurement documents.  This reinforces the principle that purchasing agencies should be careful about what they say in their RFPs and other procurement documents, and do what they said they would do.

For a more detailed discussion of this case and its implications, please click here.


Withholding tax on software

Businesses should be mindful of potential withholding tax costs when acquiring software from non-residents. 

Why does it matter?

When a New Zealand business makes a payment to a non-resident supplier for software, the New Zealand business may need to withhold non-resident withholding tax (NRWT) from the payment to the extent that it represents a "royalty". 

The New Zealand business is required to account and pay the deducted NRWT to the Inland Revenue Department.  NRWT generally applies at the rate of 15% but can be reduced where the non-resident is from a jurisdiction to which tax relief applies.

What is a royalty?

A royalty includes payments that are made for the "use of, or right to use" a copyright or other similar intellectual property rights (including the provision of "know-how"). 

Do all computer software payments come within this definition?

Not all payments made for the use of computer software are necessarily treated as royalties for NRWT purposes.  Whether or not NRWT applies will depend on the nature of the rights for which payment is made. 

Computer software transactions can be classified into two main categories. 

The first category relates to the use of the copyright rights in the computer program.  This includes situations where the payer is granted a licence which permits the payer to exploit the software for commercial purposes, such as a distribution or reseller arrangement.  Typically, such licences would enable the payer to make copies of the software program and sell copies of that software.  Payments falling within this first category are regarded as a "royalty" and are subject to NRWT.

The second category of software transactions relates to the use of copies of the program protected by copyright.  A supply of a copyright protected program (whether by way of sale, lease or licence) does not constitute a supply of copyright.  This sort of supply generally only gives the recipient a right to use the copyright program for personal or business use, as opposed to a right to deal in the underlying copyright for commercial exploitation.  Any payment for the use of a copy of a copyright protected program is not subject to NRWT. 

Aside from the two main categories discussed above, a payment for the provision of "know how" (for example, the provision of information relating to certain programming techniques which are not generally known to computer programmers) can also constitute a royalty and therefore attract NRWT.  The scope of this type of service is not clear cut, and can sometimes be difficult to determine.

Avoid surprises

When entering into a cross-border arrangement with a non-resident software supplier, it is prudent to consider the nature of the payments to ascertain any potential NRWT exposure. This can allow the parties an opportunity to ascertain the potential tax cost and to agree on appropriate terms to avoid any surprises later.


Harmful Digital Communications Act becomes law

The Harmful Digital Communications Act (the Act) received Royal Assent on 2 July 2015.  Certain offences under the Act come into force immediately (eg causing harm by posting a digital communication, section 19) while the rest of the Act (such as the complaint and take down procedure) comes into force in July 2017.  The Act is intended to prevent harm to individuals from digital communications and provide quick redress.

The Act introduces "Communication Principles" (CP) similar to the Privacy Act's Information Privacy Principles that will apply to all digital communications (any form of electronic communications, such as telexes and faxes).  For example, CP 2 says that a digital communication should not be threatening, intimidating or menacing.  The District Court and the "Approved Agency" (whichever Agency is appointed to administer the Act) must take account of the CPs in exercising their powers under the Act.

A person who believes she or he has suffered or will suffer "harm" (serious emotional distress) from a digital communication can take proceedings in the District Court for take down and other orders, provided she or he has first made a complaint to the Approved Agency so the Agency can determine what action to take, if any.  Orders under the Act can also be sought by "school leaders", parents or, in certain circumstances, the Police.

The Act includes safe harbour provisions for the hosts of online content provided the host follows the notice and counter-notice procedure in the Act.  The safe harbour provisions are sections 23 and 24.

An "online content host" is the person who has control over the part of the website or online application, on which a digital communication is posted and accessible by a user.  Content hosts cannot be subject to civil or criminal proceedings if the host receives a complaint about a digital communication and complies with the procedure in section 24(2), namely:

  • The host must as soon as practicable (and in any event within 48 hours) notify the author of the content with the details of the complaint and advise the author that he or she may submit a counter-notice to the host within a further period of 48 hours

  • If either the author's counter-notice is submitted within that period of 48 hours and they accept the taking down of the offending content or if the host receives no counter-notice within the 48 hour period, the host must take down or disable the specific content as soon as practicable (and within 48 hours)

  • If the author gives a counter-notice within the 48 hour period but refuses to take down the content, the host must leave the content in place and notify the complainant.

Online content hosts can be a wide range of persons, including news media outlets, telcos and any other person that runs a website or application that hosts "digital communications".  Once the complaint and take-down procedure comes into force, hosts will need to take all complaints about digital communications seriously and consider their obligations under the Act against existing social media and moderation policies.


Privacy Commissioner launches Privacy Policy Generator

The Office of the Privacy Commissioner has launched 'Priv-o-matic', an online tool to create short-form privacy statements quickly and for free.  

The tool is the first initiative in the Commissioner's 'Making the Future' strategy, which is aimed at finding ways to make privacy compliance easier for businesses.  A privacy statement is often seen as the first step in complying with the Information Privacy Principles set out in the Privacy Act 1993, by telling people what personal information an agency is collecting about them, and what that information will be used for.

The tool is targeted mainly at small and medium sized businesses that collect and use personal information in straightforward ways, and it generates short, easy to read statements that have the basic information necessary to comply with Privacy Principle 3.  It works similarly to Buddle Findlay's Back of a Napkin tool, by asking a set of basic questions about your business and then generating a document based on the answers provided.

The Privacy Commissioner recommends that further help be sought where the information collected is sensitive, complex or intrusive, and reminds users that health or medical information at tracts additional levels of compliance.  For that reason, Priv-o-matic probably won't be suitable in circumstances where, for example, information is shared with third parties or used for additional commercial purposes.  Activities such as profiling, targeted advertising and detailed analytics will also require a more detailed explanation to individuals and would benefit from a more customised privacy statement. 

The Priv-o-matic has been made available on Github under a MIT open source licence (see here), and the Privacy Commissioner is both welcoming feedback on the tool and promising frequent updates.


Emergency response service RFP

On 18 June 2015 the Ministry of Business, Innovation and Employment (MBIE) issued a request for proposals (RFP) for the development of a mobile app and web service that will allow emergency services in New Zealand to better respond to those in need of urgent help.

The RFP differs from traditional requests for proposals because two or three respondents will be selected (based on their qualifications) to participate in a proof of concept process.  

Interestingly, the RFP did not specify the requirements for the service or focus on price.  Instead, selected respondents will work alongside emergency service provider subject matter experts to develop the services' requirements and to create a technical prototype and service proposal.  The respondents will then independently develop their proof of concept and present their technical prototype and proposal for evaluation.  Each shortlisted respondent will receive a $75,000 grant from MBIE to undertake this work.  MBIE will then select its preferred partner and, if an agreement is reached, that partner will develop its solution.  If agreement cannot be reached with the preferred partner, MBIE may negotiate an agreement with the other partner.

We look forward to seeing the results of this innovative procurement approach in the near future.