ALRC Report 123
June 2014
Serious Invasions
of Privacy in the
Digital Era
The Australian Law Reform Commission (ALRC) was established on 1 January 1975 by the Law Reform Commission Act 1973 (Cth) and reconstituted by the Australian Law Reform Commission Act 1996 (Cth).
The office of the ALRC is at Level 40 MLC Centre, 19 Martin Place, Sydney NSW 2000 Australia.
Postal Address: GPO Box 3708 Sydney NSW 2001
Telephone: within Australia (02) 8238 6333 International: +61 2 8238 6333
Facsimile: within Australia (02) 8238 6363 International: +61 2 8238 6363
E-mail: info@alrc.gov.au Website: www.alrc.gov.au
ALRC publications are available to view or download free of charge on the ALRC website: www.alrc.gov.au/publications. If you require assistance, please contact the ALRC.
ISBN: 978-0-9924069-1-2
Commission Reference: ALRC Final Report 123, 2014
© Commonwealth of Australia 2014
This work is copyright. You may download, display, print and reproduce this material in whole or part, subject to acknowledgement of the source, for your personal, non-commercial use or use within your organisation. Requests for further authorisation should be directed to the ALRC.
The Hon Ge Attorney-G Parliament Canberra A 30 June 201 Dear Attorn ALRC On 12 Jun Reference t On behalf accordance present you Digital Era. Yours since Professor R President eorge Brandi General of Aus House ACT 2600 14 ney-General Terms of Re ne 2013, th to undertake of the Mem with the Au u with the Fin
. erely, Rosalind Cro s QC MP stralia eference—Se he Australian a review into mbers of the ustralian Law nal Report on oucher erious Invasi n Law Refor o Serious Inv e Commissio w Reform Co this referenc ions of Priva rm Commiss vasions of Pr on involved ommission Ac ce, Serious In Professor B Commissio cy in the Dig sion received rivacy in the in this Inqu ct 1996, I am nvasions of Pr Barbara McD oner in Char gital Era d Terms of Digital Era. uiry, and in m pleased to rivacy in the Donald rge
Contents
Terms of Reference 5 Participants 7 Recommendations 9Part 1
15 1. Introduction 17Context of the Inquiry 17
The design of a cause of action 18
Should a new tort be enacted? 20
Other reforms 26
The law reform process 27
2. Guiding Principles 29
Summary 29
Principle 1: Privacy is a fundamental value worthy of legal protection 30 Principle 2: There is a public interest in protecting privacy 32 Principle 3: Privacy should be balanced with other important interests 33 Principle 4: Australian privacy laws should meet international standards 35 Principle 5: Privacy laws should be adaptable to technological change 36 Principle 6: Privacy laws should be clear and certain 36 Principle 7: Privacy laws should be coherent and consistent 37 Principle 8: Justice to protect privacy should be accessible 38 Principle 9: Privacy protection is an issue of shared responsibility 39
3. Overview of Current Law 41
Summary 41
Existing legislative privacy protection 42
Existing common law causes of action 47
Filling the gaps in existing law 51
A common law action for breach of privacy in Australia? 53
Part 2
574. A New Tort in a New Commonwealth Act 59
Summary 59
A new stand-alone Commonwealth Act 59
Constitutional issues 62
An action in tort 67
5. Two Types of Invasion 73
Summary 73
A cause of action for two types of invasion of privacy 74
Intrusion upon seclusion 76
Misuse of private information 81
Examples 85
False light and appropriation 87
An open-ended action? 88
One cause of action, not two 89
6. Reasonable Expectation of Privacy 91
Summary 91
A test for what is private 92
Considerations 96
7. Fault 109
Summary 109
Intentional or reckless invasions of privacy 110
Negligence 118
Strict liability 124
Effect of apology on liability 128
8. Seriousness and Proof of Damage 131
Summary 131
Seriousness 132
Proof of damage not required 138
9. Balancing Privacy with Other Interests 143
Summary 143
The balancing exercise 144
Public interest matters 150
Onus of proof 158
A discrete exercise 161
10. Forums, Limitations and Other Matters 163
Summary 163
Forums 164
Alternative dispute resolution processes 168
Cause of action limited to natural persons 171
Non-survival of the cause of action 172
Limitation periods 177
Young plaintiffs 181
First publication rule 182
11. Defences and Exemptions 185
Summary 185
Lawful authority 186
Incidental to the exercise of a lawful right of defence of persons or property 191
Consent 195
Absolute privilege 202
Publication of public documents 204
Fair report of proceedings of public concern 205
Safe harbour scheme for internet intermediaries 207 Exemption or defence for children and young persons 210
Defences unsuited to a privacy action 213
12. Remedies and Costs 219
Summary 219
Damages 220
Account of profits 238
No recommendation on notional licence fee 240
Injunctions 241
Delivery up, destruction or removal of material 251
Correction orders 252
Apology orders 254
Declarations 256
Costs 258
Part 3
26113. Breach of Confidence Actions for Misuse of Private Information 263
Summary 263
The likely future development of the action for breach of confidence 264
Compensation for emotional distress 265
Public interest and injunction applications 273
14. Surveillance Devices 275
Summary 275
Existing surveillance device laws 276
A Commonwealth Act 278
Technology neutral surveillance legislation 282
Telecommunications surveillance 285
Participant monitoring 286
Responsible journalism and the public interest 289
Workplace surveillance 293
Remedial relief and compensation 295
Alternative forums for complaints about surveillance 296
15. Harassment 299
Summary 299
Statutory tort of harassment 300
Criminal offences for harassment 304
16. New Regulatory Mechanisms 309
Summary 309
Privacy Commissioner investigations for serious invasions of privacy 310
Amicus curiae and intervener functions 317
Deletion of personal information 319
Review of the small business exemption 321
Consultations 323
Terms of Reference
SERIOUS INVASIONS OF PRIVACY IN THE DIGITAL ERA
I, Mark Dreyfus QC MP, Attorney-General of Australia, having regard to:
• the extent and application of existing privacy statutes• the rapid growth in capabilities and use of information, surveillance and communication technologies
• community perceptions of privacy
• relevant international standards and the desirability of consistency in laws affecting national and transnational dataflows.
REFER to the Australian Law Reform Commission for inquiry and report, pursuant to s 20(1) of the Australian Law Reform Commission Act 1996 (Cth), the issue of prevention of and remedies for serious invasions of privacy in the digital era.
Scope of the reference
The ALRC should make recommendations regarding:
1. Innovative ways in which law may reduce serious invasions of privacy in the digital era.
2. The necessity of balancing the value of privacy with other fundamental values including freedom of expression and open justice.
3. The detailed legal design of a statutory cause of action for serious invasions of privacy, including not limited to:
a. legal thresholds
b. the effect of the implied freedom of political communication c. jurisdiction
d. fault elements e. proof of damages f. defences
g. exemptions
h. whether there should be a maximum award of damages i. whether there should be a limitation period
j.
whether the cause of action should be restricted to natural and living personsk. whether any common law causes of action should be abolished l. access to justice
m. the availability of other court ordered remedies.
4. The nature and appropriateness of any other legal remedies for redress for serious invasions of privacy.
The Commission should take into account the For Your Information ALRC Report (2008), relevant New South Wales and Victorian Law Reform Commission privacy reports, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and relevant Commonwealth, State, Territory legislation, international law and case law.
Consultation
In undertaking this reference, the Commission will identify and consult relevant stakeholders including the Office of the Australian Information Commissioner, and relevant State and Territory bodies.
Timeframe
The ALRC will provide its final report to the Attorney-General by June 2014. 12 June 2013
Mark Dreyfus Attorney-General
Participants
Australian Law Reform Commission
President
Professor Rosalind Croucher
Commissioner in Charge
Professor Barbara McDonaldPart-time Commissioner
The Hon Justice John Middleton, Federal Court of Australia
Executive Director
Sabina Wynn
Senior Legal Officer
Jared BoorerLegal Officers
Dr Julie Mackenzie Brigit Morris Dr Steven RobertsonLegal Interns
Claire Bready Ravi Gosal Georgie Leahy Alisha Mathew Timothy Maybury Michelle Meares Jack Murray Hagen Sporleder Jackson Wherrett Bradley WoodsAdvisory Committee Members
The Hon Justice Peter D Applegarth, Supreme Court of Queensland Richard Coleman, Fairfax Media Limited
Professor Graham Greenleaf, Professor of Law & Information Systems, University of New South Wales
Anna Johnston, Director, Salinger Privacy Peter Leonard, Partner, Gilbert & Tobin The Hon W H Nicholas QC
Tara McNeilly, Senior General Counsel, Office of General Counsel, Australian Government Solicitor
Timothy Pilgrim, Privacy Commissioner, Office of the Australian Information Commissioner
Professor Megan Richardson, Melbourne Law School, University of Melbourne Associate Professor David Rolph, Sydney Law School, University of Sydney Edward Santow, Chief Executive Officer, Public Interest Advocacy Centre
Veronica Scott, Special Counsel, Media and Communications Group, Minter Ellison David Vaile, Executive Director, Cyberspace Law and Policy Community, Faculty of Law, University of New South Wales
Acknowledgement
Research completed by the University of South Australia, ‘Young People’s Knowledge of and Attitudes toward Online Risks and Privacy’:
Alexander Stretton Larisa Karklins Dr Barbara A Spears
Recommendations
4. A New Tort in a New Commonwealth Act
Recommendation 4–1 If a statutory cause of action for serious invasion of privacy is to be enacted, it should be enacted by the Commonwealth, in a Commonwealth Act (the Act).
Recommendation 4–2 The cause of action should be described in the Act as an action in tort.
5. Two Types of Invasion
Recommendation 5–1 The Act should provide that the plaintiff must prove that his or her privacy was invaded in one of the following ways:
(a) intrusion upon seclusion, such as by physically intruding into the plaintiff’s private space or by watching, listening to or recording the plaintiff’s private activities or private affairs; or
(b) misuse of private information, such as by collecting or disclosing private information about the plaintiff.
Recommendation 5–2 The Act should provide that ‘private information’ includes untrue information, but only if the information would be private if it were true.
6. Reasonable Expectation of Privacy
Recommendation 6–1 The new tort should be actionable only where a
person in the position of the plaintiff would have had a reasonable expectation of privacy, in all of the circumstances.
Recommendation 6–2 The Act should provide that, in determining whether a person in the position of the plaintiff would have had a reasonable expectation of privacy in all of the circumstances, the court may consider, among other things:
(a) the nature of the private information, including whether it relates to intimate or family matters, health or medical matters, or financial matters;
(b) the means used to obtain the private information or to intrude upon seclusion, including the use of any device or technology;
(c) the place where the intrusion occurred, such as in the plaintiff’s home; (d) the purpose of the misuse, disclosure or intrusion;
(e) how the private information was held or communicated, such as in private correspondence or a personal diary;
(f) whether and to what extent the private information was already in the public domain;
(g) the relevant attributes of the plaintiff, including the plaintiff’s age, occupation and cultural background; and
(h) the conduct of the plaintiff, including whether the plaintiff invited publicity or manifested a desire for privacy.
7. Fault
Recommendation 7–1 The new tort should be confined to intentional or reckless invasions of privacy. It should not extend to negligent invasions of privacy, and should not attract strict liability.
Recommendation 7–2 The Act should provide that an apology made by the defendant does not constitute an admission of fault or liability and is not relevant to the determination of fault or liability.
8. Seriousness and Proof of Damage
Recommendation 8–1 The Act should provide that a plaintiff has an action under the new tort only where the invasion of privacy was ‘serious’, having regard, among other things, to:
(a) the degree of any offence, distress or harm to dignity that the invasion of privacy was likely to cause to a person of ordinary sensibilities in the position of the plaintiff; and
(b) whether the defendant was motivated by malice or knew the invasion of privacy was likely to offend, distress or harm the dignity of the plaintiff
Recommendation 8–2 The plaintiff should not be required to prove actual damage to have an action under the new tort.
9. Balancing Privacy with Other Interests
Recommendation 9–1 The Act should provide that, for the plaintiff to have a cause of action, the court must be satisfied that the public interest in privacy outweighs any countervailing public interest. A separate public interest defence would therefore be unnecessary.
Recommendation 9–2 The Act should include the following list of
countervailing public interest matters which a court may consider, along with any other relevant public interest matter:
(a) freedom of expression, including political communication and artistic expression;
(b) freedom of the media, particularly to responsibly investigate and report matters of public concern and importance;
(c) the proper administration of government; (d) open justice;
(e) public health and safety; (f) national security; and
(g) the prevention and detection of crime and fraud.
Recommendation 9–3 The Act should provide that the defendant has the burden of adducing evidence that suggests there is a countervailing public interest for the court to consider. The Act should also provide that the plaintiff has the legal onus to satisfy the court that the public interest in privacy outweighs any countervailing public interest that is raised in the proceedings.
10. Forums, Limitations and Other Matters
Recommendation 10–1 Federal, state and territory courts should have jurisdiction to hear an action for serious invasion of privacy under the Act. Consideration should also be given to giving jurisdiction to appropriate state and territory tribunals.
Recommendation 10–2 The new tort should only be actionable by natural persons.
Recommendation 10–3 A cause of action for serious invasion of privacy should not survive for the benefit of the plaintiff’s estate or against the defendant’s estate.
Recommendation 10–4 A person should not be able to bring an action under the new tort after the earlier of:
(a) one year from the date on which the plaintiff became aware of the invasion of privacy; or
(b) three years from the date on which the invasion of privacy occurred.
Recommendation 10–5 In exceptional circumstances, the court may extend this limitation period, but the period should expire no later than six years from the date on which the invasion occurred.
Recommendation 10–6 Consideration should be given to extending the limitation period where the plaintiff was under 18 years of age when the invasion of privacy occurred.
Recommendation 10–7 Consideration should be given to enacting a ‘first publication rule’, also known as a ‘single publication rule’. This would limit the circumstances in which a person may bring an action in relation to the publication of private information, when that same private information had already been published in the past.
11. Defences and Exemptions
Recommendation 11–1 The Act should provide for a defence that the
defendant’s conduct was required or authorised by law.
Recommendation 11–2 The Act should provide a defence for conduct
incidental to the exercise of a lawful right of defence of persons or property, where that conduct was proportionate, necessary and reasonable.
Recommendation 11–3 The Act should provide for a defence of necessity. Recommendation 11–4 The Act should provide for a defence of consent. Recommendation 11–5 The Act should provide for a defence of absolute privilege.
Recommendation 11–6 The Act should provide for a defence of publication of public documents.
Recommendation 11–7 The Act should provide for a defence of fair report of proceedings of public concern.
Recommendation 11–8 The Act should provide for an exemption for children and young persons.
12. Remedies and Costs
Recommendation 12–1 The Act should provide that courts may award
damages, including damages for emotional distress.
Recommendation 12–2 The Act should set out the following non-exhaustive list of factors that a court may consider when determining the amount of damages: (a) whether the defendant had made an appropriate apology to the plaintiff; (b) whether the defendant had published a correction;
(c) whether the plaintiff had already recovered compensation, or has agreed to receive compensation in relation to the conduct of the defendant;
(d) whether either party took reasonable steps to settle the dispute without litigation; and
(e) whether the defendant’s unreasonable conduct following the invasion of privacy, including during the proceedings, had subjected the plaintiff to particular or additional embarrassment, harm, distress or humiliation.
Recommendation 12–3 The Act should provide that the court may not award a separate sum as aggravated damages.
Recommendation 12–4 The Act should provide that a court may award
Recommendation 12–5 The Act should provide for a cap on damages. The cap should apply to the sum of both damages for non-economic loss and any exemplary damages. This cap should not exceed the cap on damages for non-economic loss in defamation.
Recommendation 12–6 The Act should provide that a court may award an account of profits.
Recommendation 12–7 The Act should provide that the court may at any stage of proceedings grant an interlocutory or other injunction to restrain the threatened or apprehended invasion of privacy, where it appears to the court to be just or convenient and on such terms as the court thinks fit.
Recommendation 12–8 The Act should provide that, when considering
whether to grant injunctive relief before trial to restrain publication of private information, a court must have particular regard to freedom of expression and any other matters of public interest.
Recommendation 12–9 The Act should provide that courts may order the delivery up and destruction or removal of material.
Recommendation 12–10 The Act should provide that courts may, where false private information has been published, order the publication of a correction.
Recommendation 12–11 The Act should provide that courts may order the defendant to apologise.
Recommendation 12–12 The Act should provide that courts may make a declaration.
13. Breach of Confidence Actions for Misuse of Private
Information
Recommendation 13–1 If a statutory cause of action for serious invasion of privacy is not enacted, appropriate federal, state, and territory legislation should be amended to provide that, in an action for breach of confidence that concerns a serious invasion of privacy by the misuse, publication or disclosure of private information, the court may award compensation for the plaintiff’s emotional distress.
14. Surveillance Devices
Recommendation 14–1 The Commonwealth Government should enact
surveillance legislation to replace existing state and territory surveillance device laws. Recommendation 14–2 Surveillance legislation should be technology neutral. It should regulate surveillance through the use of listening devices, optical devices, tracking devices, data surveillance devices, and other devices and systems.
Recommendation 14–3 The Commonwealth Government should consider
consolidating telecommunications surveillance laws with the new Commonwealth surveillance legislation.
Recommendation 14–4 Surveillance legislation should not contain a defence or exception for participant monitoring.
Recommendation 14–5 Surveillance legislation should provide a defence for responsible journalism relating to matters of public concern and importance.
Recommendation 14–6 Workplace surveillance laws should be made uniform throughout Australia.
Recommendation 14–7 Surveillance legislation should provide that a court may order remedial relief, including compensation, for a person subjected to unlawful surveillance.
Recommendation 14–8 State and territory governments should give
jurisdiction to appropriate courts and tribunals to hear complaints about the installation and use of surveillance devices that can monitor neighbours on residential property.
15. Harassment
Recommendation 15–1 If a statutory cause of action for serious invasion of privacy is not enacted, state and territory governments should enact uniform legislation creating a tort of harassment.
16. New Regulatory Mechanisms
Recommendation 16–1 The Commonwealth Government should consider
extending the Privacy Commissioner’s powers so that the Commissioner may investigate complaints about serious invasions of privacy and make appropriate declarations. Such declarations would require referral to a court for enforcement. Recommendation 16–2 The following functions should be conferred on the Privacy Commissioner:
(a) to assist a court as amicus curiae, where the Commissioner considers it appropriate, and with the leave of the court; and
(b) to intervene in court proceedings, where the Commissioner considers it appropriate, and with the leave of the court.
1. Executive Summary
Contents
Context of the Inquiry 17
The design of a cause of action 18
Elements and essential features of the tort 18
Limitation periods and other matters 19
Defences 19
Remedies 20
Should a new tort be enacted? 20
International developments 22
A common law or statutory tort? 23
Other inquiries 25 Other reforms 26 Breach of confidence 26 Surveillance 26 Harassment 27 Regulation 27
The law reform process 27
Context of the Inquiry
1.1 A cause of action for serious invasion of privacy does not presently exist in Australian law. A person’s privacy may be invaded in a range of ways. Such invasions may occur with increasing ease and frequency in the digital era, when the mobile phones in our pockets are all potential surveillance devices, drones are becoming cheaper and more advanced, and personal information once put online seems impossible to destroy or forget.1
1.2 This Inquiry considers how Australian law may be reformed to prevent and remedy serious invasions of privacy. However, it occurs in the context of other concerns about privacy, such as those raised by ‘big data’ and surveillance by governments and others. Indeed, it seems that privacy is rarely out of the news.
1 This has been called the problem of ‘digital eternity’: David Lindsay, ‘The “Right to Be Forgotten” in European Data Protection Law’, Emerging Challenges in Privacy Law: Comparative Perspectives (Cambridge University Press, 2014) 290, 293.
The design of a cause of action
1.3 The Report sets out the detailed legal design of a statutory civil cause of action for serious invasion of privacy. This was the core task given to the ALRC for this Inquiry.2
1.4 Notably, the cause of action designed in the Report is directed at invasions of privacy that are serious, committed intentionally or recklessly, and that cannot be justified in the public interest. It is also confined to invasions of privacy either by intrusion upon seclusion or by misuse of private information.
1.5 The design of this action and the other recommendations in the Report were informed by nine guiding principles, discussed in Chapter 2. These include the principle that privacy is a fundamental value worthy of legal protection and an important public interest.
1.6 Another principle is that privacy should be balanced with other rights and interests, such as freedom of expression. The ALRC considers that privacy and free speech are both better protected by finding a reasonable balance between them.
1.7 The cause of action is designed in detail in the Report. This should make more clear the scope of the action, the extent of protection it may provide, and the impact it may have on potential defendants. The detailed design of the cause of action may also help better inform debates about the desirability of such a cause of action.
1.8 In developing its recommendations, the ALRC considered, among other things, common law principles, developments in other jurisdictions, gaps in Australian common law and statute law, and recommendations made in previous inquiries into privacy law. The ALRC also considered community and industry concerns, including about threats to privacy by new technologies and the vital importance of free speech.
Elements and essential features of the tort
1.9 The cause of action should be enacted in a Commonwealth Act and should be described in the statute as an action in tort. This is the first essential feature of the cause of action. Chapter 4 sets out the constitutional background and legal implications of this recommendation. Importantly, describing the action as a tort will encourage courts to draw on established principles of tort law, when deciding a number of ancillary issues. This will provide a measure of certainty, consistency and coherence to the law.
1.10 Chapters 5 to 8 set out the elements and essential features of the tort. The overall structure and elements of the cause of action should be read together, as each element depends in many ways on the existence of the others.
2 See the Terms of Reference.
1.11 These are the essential elements and features of the cause of action:
• the invasion of privacy must be either by intrusion into seclusion or by misuse of private information (Chapter 5);
• it must be proved that a person in the position of the plaintiff would have had a reasonable expectation of privacy in all of the circumstances (Chapter 6);
• the invasion must have been committed intentionally or recklessly—mere negligence is not sufficient (Chapter 7);
• the invasion must be serious (Chapter 8);
• the invasion need not cause actual damage, and damages for emotional distress may be awarded (Chapter 8); and
• the court must be satisfied that the public interest in privacy outweighs any countervailing public interests (Chapter 9).
1.12 This last point is the crucial ‘balancing exercise’, in which courts weigh privacy against other important public interests, such as freedom of speech, freedom of the media, public health and safety, and national security. The ALRC recommends that such competing interests be considered when determining whether the plaintiff has a cause of action. It should be an element of the tort, rather than a defence. A plaintiff should not be able to claim that a wrong has been committed—that their privacy has been seriously invaded—where there are strong public interest grounds justifying the invasion of privacy.
Limitation periods and other matters
1.13 Chapter 10 deals with important procedural and substantive matters. The ALRC recommends that:
• federal, state and territory courts should have jurisdiction; • the cause of action should be limited to natural persons;
• actions should not survive—either for the estate of the plaintiff or against the estate of the defendant;
• the limitation period should be set at one year after the plaintiff becomes aware of the invasion, or three years after the invasion occurred, whichever comes first; and
• alternative dispute resolution should neither be a bar to, nor a prerequisite for, litigation.
Defences
1.14 Chapter 11 sets out the recommended defences to the cause of action: • a defence of lawful authority;
• a defence of consent; • a defence of necessity;
• a defence of absolute privilege;
• a defence for the publication of public documents; and • a defence for fair reporting of public proceedings.
Remedies
1.15 Chapter 12 discusses the making of costs orders and sets out the monetary and non-monetary remedies that should be available for serious invasions of privacy, including:
• damages, including for emotional distress and, in exceptional circumstances, exemplary damages;
• an account of profits; • injunctions;
• delivery up, destruction and removal of material; • correction and apology orders; and
• declarations.
1.16 The ALRC also recommends a list of factors for courts to consider in assessing damages and that there should be a statutory cap on the amount of damages that may be awarded in any particular case.
Should a new tort be enacted?
1.17 The ALRC was asked to design a cause of action, rather than to determine whether it is needed or desirable. This second question was considered and answered affirmatively by three recent law reform inquiries in Australia. It was also the subject of an Issues Paper prepared by the Department of Prime Minister and Cabinet in September 2011.3 Nevertheless, many stakeholders in this Inquiry commented on the issue.
1.18 The ALRC considers that the question of whether a statutory cause of action for serious invasion of privacy would be beneficial to the Australian community should be assessed on the basis of an understanding of:
• the existing legal protections for privacy; • gaps and deficiencies in that legal protection;
3 See below, [1.41] ff.
• the likelihood of the common law developing a cause of action for invasions of privacy in the absence of a statute;
• the detailed design of the cause of action—its elements, defences and remedies; and
• whether the cause of action is better designed in statute, or left to be developed by the courts.
1.19 Many stakeholders expressed their support for a statutory cause of action.4 Only a few told the ALRC that the law did not need to be changed at all, and that there were no gaps in the legal protection of privacy in Australia.5 Even many of those who opposed a privacy tort did not deny the importance or value of privacy.6 Rather, they based their opposition to the tort on other grounds. It was said that there was little evidence that privacy is invaded in Australia, and that there are no media practices in Australia such as those exposed in the UK phone hacking scandal involving the now defunct News of the World. It was also said that there are no significant gaps in the law, and a new tort would have an undesirable effect on the media, on other businesses, and on the free flow of information.
1.20 The ALRC is not convinced that there is no evidence of invasions of privacy in Australia. Invasions of privacy by intrusion or misuse of private information are known to occur in a wide variety of circumstances.
1.21 While it may be true that the Australian media operate more appropriately than some of their UK counterparts, it is not necessarily the case that the Australian media never unjustifiably invade people’s privacy. Rather, it may be that where they have done so, and the plaintiff complains, they have settled the plaintiff’s claims to avoid litigation, publicity and the setting of a precedent.
1.22 The fact that courts have not recognised a common law cause of action, as they have in other countries, also does not show that there is no need for a statutory cause of action. It may merely indicate that litigants are reluctant to risk lengthy and costly proceedings and appeals arguing a novel point of law. ALRC consultations with practitioners confirmed this view.
1.23 Some who opposed the introduction of a new cause of action recognised that there are gaps in the law, but submitted that it would be preferable to fill those gaps in other ways.7 Other stakeholders who opposed a new privacy tort submitted that it
4 Law Society of NSW, Submission 122; N Witzleb, Submission 116; Women’s Legal Services NSW, Submission 115; T Butler, Submission 114; Australian Privacy Foundation, Submission 110; Office of the Victorian Privacy Commissioner, Submission 108; Public Interest Advocacy Centre, Submission 105; N Henry and A Powell, Submission 104; UNSW Cyberspace Law and Policy Community, Submission 98; Australian Sex Party, Submission 92; G Greenleaf, Submission 76; M Paterson, Submission 60.
5 Free TV, Submission 55; The Newspaper Works, Submission 50.
6 Media and Communications Committee of the Law Council of Australia, Submission 124; AMTACA, Submission 101.
7 Telstra, Submission 107; Australian Bankers’ Association, Submission 84; Guardian News and Media Ltd and Guardian Australia, Submission 80; P Wragg, Submission 73; SBS, Submission 59; AIMIA Digital Policy Group, Submission 56; News Corp Australia, Submission 34.
would nevertheless be preferable to ‘shoehorning’ privacy protection into existing actions.8
International developments
1.24 There are civil causes of action for serious invasion of privacy in New Zealand, the United Kingdom, the United States and Canada.
1.25 The UK has developed extensive legal protection of privacy by extending the equitable action for breach of confidence, under the influence of the Human Rights Act 1998 (UK).9 This Act requires the courts to give effect to the protection of rights and freedoms in the European Convention on Human Rights.
1.26 Article 8 of the Convention provides that everyone has the right to respect for their private and family life, their home and their correspondence, and that there shall be no interference with this right by a public authority except by lawful authority in the interests of national security, public safety, the economic well-being of the country, the prevention of disorder or crime, the protection of health or morals, or the protection of the rights and freedoms of others. Article 10 provides that everyone has the right to freedom of expression, subject to certain necessary restrictions, including the protection of the reputation or rights of others, and the prevention of disclosure of confidential information.
1.27 This UK action for disclosure of private information—sometimes called a tort— has provided a useful guide to the possible structure of the statutory cause of action designed in the Report. The UK has also enacted the Protection from Harassment Act 1997 (UK), which provides a civil remedy for harassment.10
1.28 New Zealand courts have recognised common law torts of misuse of private information11 and of intrusion.12 New Zealand has enacted the Harassment Act 1997
(NZ), which provides criminal penalties for harassment.
1.29 Although committees in the UK and New Zealand have recommended against the introduction of a statutory cause of action,13 this must be seen in light of the
significant and recent developments in the common law in those two countries.
1.30 The Canadian provinces of British Columbia,14 Manitoba,15 Newfoundland and Labrador,16 Quebec17 and Saskatchewan18 have enacted statutory torts for invasion of
8 Guardian News and Media Ltd and Guardian Australia, Submission 80. 9 Campbell v MGN Ltd [2004] 2 AC 457. See Ch 12.
10 See Ch 15.
11 Hosking v Runting (2005) 1 NZLR 1. 12 C v Holland [2012] 3 NZLR 672.
13 Joint Committee on Privacy and Injunctions, Privacy and Injunctions, House of Lords Paper No 273, House of Commons Paper No 1443, Session 2010–12 (2012); New Zealand Law Commission, Invasion of Privacy: Penalties and Remedies: Review of the Law of Privacy Stage 3, Report No 113 (2010). 14 Privacy Act, RSBC 1996, c 373 (British Columbia).
15 Privacy Act, CCSM 1996, c P125 (Manitoba).
16 Privacy Act, RSNL 1990, c P-22 (Newfoundland and Labrador). 17 Civil Code of Quebec, SQ 1991, c 64 ss 3, 35–37.
privacy, and the Ontario Court of Appeal has also recognised common law protection.19
1.31 Privacy torts have been well-established in the United States for many decades, although the protection they provide is limited by the special protection given to free speech by the First Amendment of the Constitution. Some states, such as California, have also introduced a statutory tort of invasion of privacy.20
A common law or statutory tort?
1.32 In contrast to these other jurisdictions, a common law tort for invasion of privacy has not yet developed in Australia, despite the High Court leaving open the possibility in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd.21
While a tort of invasion of privacy has been recognised by two lower court decisions,22 no appellate court has confirmed the existence of this tort. In Chapter 3, the ALRC reviews the relevant case law, but agrees with the general consensus that the direction of the future development of the common law is difficult to predict.23
1.33 However, Australian law is unlikely to stand still, given developments in other countries with similar legal systems and principles. Although Australia does not have a Human Rights Act, Australia is a signatory to the International Covenant on Civil and Political Rights, which requires countries to protect the privacy of its citizens. Privacy is also grounded in clear and important common law principles. Professor Eric Barendt has noted that in the 18th century, property rights that would now be identified as personal privacy interests, ‘were used to safeguard radicals against the arbitrary confiscation of their manuscripts and papers’.24 It will be increasingly difficult to justify denying legal redress to people whose privacy has been seriously invaded, when other countries offer such redress.
1.34 If a cause of action for serious invasion of privacy is likely to be developed in Australia, is it better enacted by parliament, or left for the courts to develop under the common law? There are benefits of having the law develop in the courts. A statute can have unintended consequences.25 It may capture, or fail to capture, activities or conduct
that were not considered when the statute was enacted. A statute may also become outdated by changes in social or technological changes.26 A court, on the other hand, can only decide the case before it, and only the issues in contention between the
19 Jones v Tsige (2012) ONCA 32. 20 California Civil Code § 1708.8.
21 Australian Broadcasting Commission v Lenah Game Meats Pty Ltd (2001) 208 CLR 199.
22 Grosse v Purvis [2003] QDC 151 (16 June 2003); Doe v Australian Broadcasting Corporation [2007] VCC 281. Both cases were settled before appeals by the respective defendants were heard.
23 The case law on the issue since Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd is discussed in Ch 3.
24 Eric Barendt, ‘Privacy and Freedom of Speech’ in Andrew T Kenyon and Megan Richardson (eds), New Dimensions in Privacy Law: International and Comparative Perspectives (Cambridge University Press, 2006) 11, 31.
25 TT Arvind and Jenny Steele (eds), Tort Law and the Legislature: Common Law, Statute and the Dynamics of Legal Change (Hart Publisher, 2013) 8.
parties. It does not need to anticipate or resolve all the possible issues that might arise in other cases. The common law may therefore develop more incrementally and, some would say, cautiously.
1.35 However, there are also many benefits of statutory reform. Parliament can act on its own motion, and proactively address emerging issues in the community. The development of the common law depends on the existence of parties with the will, and the necessary resources, to litigate their claim in court.27 There will be continuing uncertainty about how the law will be developed in the courts.28 Reform by legislation can also be effected more rapidly than development at common law.29
1.36 A statute can legislate for a range of situations, both for what has occurred in the past and for what may happen in the future. A court will focus on the specific issues of a particular case, and this may lead to the development of narrow, fact-specific legal principles.
1.37 There is more flexibility in the development of the law by statute than by common law. Statute is not bound to follow precedent, unlike the courts.
1.38 Statutes can also select the most appropriate elements of a cause of action, remedies, defences, thresholds, caps, conditions and exceptions, while courts often do not have this freedom.30 A statute can also build in incentives to use alternative dispute resolution processes.
1.39 Finally, statutes can address the complex policy issues and legal concepts involved and express the law in language which is more accessible than case law for people without legal training.31 As a result, statutes may be more effective in having a normative impact on behaviour.
1.40 The advantages of statutory reform should not be underestimated by those who oppose a new privacy tort. If instead of statutory reform, the equitable action for breach of confidence were extended, defendants may be faced with a much stricter standard of liability. There may also not be a clear and separate ‘seriousness’ threshold and countervailing public interests may not be given sufficient weight. Such things considered, potential defendants may prefer a more targeted statutory tort, such as the one designed in the Report.
27 Office of the Victorian Privacy Commissioner, Submission No 46 to DPM&C Issues Paper, 2011; Australian Privacy Foundation, Submission No 7 to DPM&C Issues Paper, 2011.
28 Law Council of Australia, Submission No 55 to DPM&C Issues Paper, 2011; Office of the Australian Information Commissioner, Submission No 14 to DPM&C Issues Paper, 2011.
29 Australian Privacy Foundation, Submission No 7 to DPM&C Issues Paper, 2011; Liberty Victoria, Submission No 34 to DPM&C Issues Paper, 2011.
30 Mark Leeming, ‘Theories and Principles Underlying the Development of the Common Law: The Statutory Elephant in the Room’ (2013) 36 UNSW Law Journal 1002, 1021.
Other inquiries
1.41 This Inquiry builds on four other recent inquiries into privacy law or related issues conducted in Australia, three of which recommended the enactment of a statutory cause of action.32
1.42 The ALRC’s 2008 Report, For Your Information: Privacy Law and Practice, focused on data protection: information collection, access and use. The ALRC recommended that Commonwealth legislation should provide for a statutory cause of action for serious invasion of privacy.33
1.43 In 2009, the New South Wales Law Reform Commission recommended that a general cause of action for invasion of privacy was required to provide a ‘basis for the ongoing development of the law of privacy in a climate of dynamic societal and technological change’.34
1.44 In 2010, the Victorian Law Reform Commission issued the report, Surveillance in Public Places, which followed a decade-long inquiry into workplace privacy and privacy in public places.35
1.45 In September 2011, the Department of the Prime Minister and Cabinet released an Issues Paper on a statutory cause of action for invasion of privacy,36 prompted by a number of ‘high profile privacy breaches’ in Australia and overseas.37
1.46 During this Inquiry, the Law Reform Institute of South Australia has initiated an Inquiry into whether or not South Australia should enact a statutory cause of action for invasion of privacy.38
32 Privacy was also the subject of earlier reports by the ALRC. In 1979, the ALRC recommended that a person be allowed to sue for damages or an injunction if ‘sensitive private facts’ were published in circumstances that were likely to cause distress, annoyance or embarrassment to a person in the position of the relevant individual: Australian Law Reform Commission, Unfair Publication: Defamation and Privacy, Report 11 (1979). In 1983, the ALRC released a report concentrating on information privacy, and the need to implement the Organisation for Economic Co-Operation and Development, Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data, 1983: Australian Law Reform Commission, Privacy, Report 22 (1983). This resulted in the enactment of the Privacy Act 1988 (Cth). In the latter report at [1081], the ALRC declined to recommend the creation of a general tort of invasion of privacy. In the ALRC’s view at that time, ‘such a tort would be too vague and nebulous’. The ALRC considers that not only are social and technological conditions 30 years later very different, but also the legal landscape has changed considerably, as shown by developments in other countries discussed above.
33 Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report 108 (2008) Rec 74–1.
34 NSW Law Reform Commission, Invasion of Privacy, Report 120 (2009) [4.14]. 35 Victorian Law Reform Commission, Surveillance in Public Places, Report 18 (2010).
36 ‘A Commonwealth Statutory Cause of Action for Serious Invasion of Privacy’ (Issues Paper, Department of the Prime Minister and Cabinet, 2011).
37 This presumably referred to the widespread phone hacking by journalists and their sources that led to the Leveson Inquiry in the United Kingdom: Lord Justice Leveson, An Inquiry into the Culture, Practices and Ethics of the Press, House of Commons Paper 779 (2012).
38 South Australian Law Reform Institute, Too Much Information: A Statutory Cause of Action for Invasion of Privacy, Issues Paper 4 (2013).
1.47 The Law Reform Committee of Victoria also recommended in early 2013 that Victoria give further consideration to introducing a statutory cause of action for invasion of privacy by the misuse of private information.39
Other reforms
1.48 In addition to designing the statutory cause of action, the ALRC was asked to make recommendations about other legal remedies and innovative ways in which the law could prevent or redress serious invasions of privacy. This is considered in Part 3 of the Report.
Breach of confidence
1.49 Chapter 13 recommends that, if a statutory cause of action for serious invasion of privacy is not enacted, the equitable action for breach of confidence be strengthened by legislation enabling courts to award compensation for emotional distress. As noted in Chapter 3, compensation for emotional distress, falling short of a recognised psychiatric illness, is generally not available for breach of confidence. If a statutory cause of action for serious invasion of privacy is not enacted, enabling courts to award compensation for emotional distress in such cases would provide an important mechanism for redress.
Surveillance
1.50 Chapter 14 concerns legislation regulating the use of surveillance devices. Existing state and territory laws provide important protection of privacy and related rights—such as freedom of speech—however there is significant inconsistency in the law between jurisdictions. This inconsistency can make the laws less effective, undermining privacy, and it can also be costly for businesses that operate nationally. The ALRC considers that surveillance device laws should be the same throughout Australia, and recommends that Commonwealth legislation be enacted to replace existing state and territory laws.
1.51 Surveillance legislation should also be technology neutral, so that the law can apply to new devices, such as unmanned aerial vehicles (drones), as well as to surveillance technologies which are not ‘devices’ in the traditional sense, such as software or networks of devices. The ALRC also questions the value of the existing distinction built into the law between surveillance using a device and surveillance using a communications network.40
1.52 A ‘responsible journalism’ defence to surveillance laws is also recommended, to protect journalists and media groups who make appropriate use of a surveillance device for journalism in the public interest.
39 Law Reform Committee, Parliament of Victoria, Inquiry into Sexting (2013) 187–8.
40 The Senate Standing Committee on Legal and Constitutional Affairs is conducting a comprehensive review of the Telecommunications (Interception and Access) Act 1979 (Cth). It is due to report in August 2014.
Harassment
1.53 Chapter 15 recommends that, if a statutory cause of action for serious invasion of privacy is not enacted, state and territory governments should enact uniform legislation providing for a statutory tort of harassment. A tort of harassment, based on similar laws in other jurisdictions, would provide protection and redress for individuals who experience some of the most serious invasions of privacy. The ALRC also highlights some gaps in state, territory and Commonwealth criminal offences for harassment.
Regulation
1.54 Chapter 16 considers limited reforms to the existing regulatory mechanisms for protecting privacy. In particular, the ALRC recommends that the existing powers of the Privacy Commissioner to investigate breaches of the Privacy Act 1988 (Cth) be extended to allow investigations of complaints about serious invasions of privacy more generally. This would provide a low-cost avenue for individuals to make complaints about serious invasions of privacy. The ALRC also recommends that the Commissioner be given the additional functions of amicus curiae or intervener in relevant court proceedings.
The law reform process
1.55 The ALRC was given Terms of Reference in June 2013 and asked to report to the Attorney-General by June 2014. These Terms of Reference set out and limit the scope of the ALRC’s Inquiry.
1.56 The Report is the final stage in the process. The first stage included the release of an Issues Paper,41 and the second stage was a Discussion Paper.42
1.57 Many valuable submissions to both papers were received.43 The ALRC also conducted a number of consultations with stakeholders and spoke at public and industry forums and conferences. The ALRC met with media, telecommunications, social media and marketing companies, among other organisations; many expert academic commentators, specialist legal practitioners, and judges; public interest groups; and government agencies, including the Office of the Australian Information Commissioner, the Australian Communications and Media Authority, and the Australian Human Rights Commission.44 The ALRC hosted two roundtables of legal
experts, in Sydney and London.
1.58 In addition to the contribution of expertise by way of consultations and submissions, specific expertise is also received by the ALRC from members of its Advisory Committee and the appointment of part-time Commissioners.
41 Serious Invasions of Privacy in the Digital Era (ALRC IP 43, 2013).
42 Serious Invasions of Privacy in the Digital Era (ALRC DP 80, 2014). The Report, the Issues Paper and the Discussion Paper may all be downloaded free of charge from the ALRC website: <www.alrc.gov.au>. Hard copies may be obtained on request by contacting the ALRC on (02) 8238 6333.
43 Public submissions are also published on the ALRC website: <www.alrc.gov.au>. 44 A list of consultations is set out at the end of the Report.
1.59 The role of the Advisory Committee is to advise on the coherence and structure of the ALRC process and recommendations; it does not formulate reform recommendations, and members are invited in their individual capacity. They are explicitly asked not to act in any representative capacity.
1.60 The ALRC acknowledges the contribution made by all the part-time Commissioners, Advisory Committee members and expert readers in this Inquiry and expresses gratitude to them for voluntarily providing their time and expertise.45
1.61 The Report discharges the tasks given to the ALRC in the Terms of Reference: to design a statutory cause of action for serious invasion of privacy, and to recommend other ways the law might be reformed to deter and redress serious invasions of privacy. The ALRC considers that the recommendations in the Report, if enacted, would fill an increasingly conspicuous gap in Australian law. They would help protect the privacy of Australians, while respecting and reinforcing other fundamental rights and values, including freedom of expression.
2. Guiding Principles
Contents
Summary 29
Principle 1: Privacy is a fundamental value worthy of legal protection 30 Principle 2: There is a public interest in protecting privacy 32 Principle 3: Privacy should be balanced with other important interests 33 Principle 4: Australian privacy laws should meet international standards 35 Principle 5: Privacy laws should be adaptable to technological change 36
Principle 6: Privacy laws should be clear and certain 36
Principle 7: Privacy laws should be coherent and consistent 37 Principle 8: Justice to protect privacy should be accessible 38 Principle 9: Privacy protection is an issue of shared responsibility 39
Summary
2.1 The ALRC has identified nine principles to guide the recommendations for reform in this Inquiry. The principles are not designed to limit the scope of the Inquiry, but rather to assist the ALRC, governments and other stakeholders, by providing a policy framework in which to consider options for reform of the law.
2.2 The principles are not the only matters considered by the ALRC, but they generally accord with widely recognised values and concepts that have been set out in discussions about the legal protection of privacy.
2.3 Stakeholders expressed general support for these principles.1 Some stakeholders suggested additional matters that should be incorporated; some argued that certain principles should be given greater emphasis or priority; others stressed that there should be no hierarchy or preference for certain interests.
2.4 Discussion among government representatives, law practitioners, commentators, researchers and others into the value, importance and role of privacy in various contexts and from various perspectives—legal, philosophical, social, political, technical—is extensive. This chapter identifies key considerations from the literature that underpin the recommendations in this Final Report.
1 ASTRA, Submission 99; SBS, Submission 59; Women’s Legal Services NSW, Submission 57; Google, Submission 54; Electronic Frontiers Australia, Submission 44; Australian Privacy Foundation, Submission 39; Australian Bureau of Statistics, Submission 32; Public Interest Advocacy Centre, Submission 30; Insurance Council of Australia, Submission 15.
2.5 The principles draw on leading cases in Australia and other comparable jurisdictions, international conventions, academic commentary on privacy and related fields, the Terms of Reference for this Inquiry, and similar principles identified in earlier ALRC reports and submissions to this Inquiry.
Principle 1: Privacy is a fundamental value worthy of legal
protection
2.6 Privacy is important to enable individuals to live a dignified, fulfilling, safe and autonomous life. It is fundamental to our understanding and appreciation of personal identity and freedom.2 Privacy underpins:
• meaningful and satisfying interpersonal relationships, including intimate and family relationships;
• freedom of speech, thought and self-expression; • freedom of movement and association;
• engagement in the democratic process;
• freedom to engage in secure financial transactions;
• freedom to pursue intellectual, cultural, artistic, property and physical interests; and
• freedom from undue interference or harm by others.
2.7 The right to privacy is recognised as a fundamental human right in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights (ICCPR) and other international instruments and treaties.3 Article 17 of the ICCPR, to which Australia is a signatory, provides:
1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. 2. Everyone has the right to the protection of the law against such interference or attacks.4
2.8 One challenge which arises when determining the boundaries for greater privacy protection is drawing the difficult distinction between the public and the private spheres. In ABC v Lenah Game Meats, Gleeson CJ stated that
There is no bright line which can be drawn between what is private and what is not. Use of the term ‘public’ is often a convenient method of contrast, but there is a large area in between what is necessarily public and what is necessarily private.5
2 Jon L Mills, Privacy: The Lost Right (Oxford University Press, 2008) 13.
3 Convention on the Rights of the Child, opened for signature 20 December 1989, 1577 UNTS 3 (entered into force 2 September 1990) art 16; Convention on the Protection of the Rights of All Migrant Workers and Members of Their Families, opened for signature 18 December 1990, 2220 UNTS 3 (entered into force 1 July 2003) art 14.
4 International Covenant on Civil and Political Rights, opened for signature 16 December 1966, 999 UNTS 171 (entered into force 23 March 1976) art 17.
2.9 There is no doubt that privacy is a complex concept, difficult to define at a conceptual level.6 It has even been said to be dogged by a ‘lack of precision’7 and possibly ‘more akin to a ‘bundle of rights’.8 However, privacy is not less valuable or deserving of legal protection simply because it is hard to define. The New South Wales Law Reform Commission said that to suggest that privacy is impossible to protect because it cannot be precisely defined is to ‘succumb to what Lord Reid once described as “the perennial fallacy that because something cannot be cut and dried or lightly weighed or measured therefore it does not exist”’.9
2.10 In 1890, Professors Samuel Warren and Louis Brandeis famously described privacy as the ‘right to be let alone’.10 In the United States (US), the development of privacy is also closely aligned with protection of autonomy,11 and privacy has been understood to include the right to make choices and exercise personal liberties.12
2.11 There is debate about whether privacy should be expressed as a value, a right or an interest. The Office of the Australian Information Commissioner (OAIC) argued that privacy should be reframed as a right.13 In ABC v Lenah Games Meats, Gleeson CJ drew a distinction between legal ‘rights’ and ‘legal interests’, suggesting that
talk of ‘rights’ may be question-begging, especially in a legal system which has no counterpart to the First Amendment to the United States Constitution or to the Human Rights Act 1998 of the United Kingdom. The categories that have been developed in the United States for the purpose of giving greater specificity to the kinds of interest protected by a ‘right to privacy’ illustrate the problem.14
2.12 Jurisprudence from the European Court of Human Rights has developed a broad understanding of privacy in the context of art 8 of the European Convention on Human Rights. Article 8 has been interpreted to protect an individual’s correspondence, including through modern communication techniques such as email,15 physical integrity,16 home,17 identity,18 personal autonomy19 and personal development.20
2.13 Many stakeholders stressed the importance of privacy to a person’s autonomy and rights of self-determination.21 The Law Institute of Victoria, for example, noted
6 Raymond Wacks, ‘The Poverty of Privacy’ (1980) 96 Law Quarterly Review 73.
7 Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199, [41] (Gleeson CJ).
8 Mills, above n 2, 4.
9 NSW Law Reform Commission, Invasion of Privacy, Report 120 (2009) [4.16], quoting Lord Reid in Ridge v Baldwin [1964] AC 40, 64–65.
10 Samuel D Warren and Louis D Brandeis, ‘The Right to Privacy’ (1890) 4 Harvard Law Review 193. 11 Mills, above n 2, 15.
12 Ibid 4.
13 Office of the Australian Information Commissioner, Submission 66.
14 Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199, [41]. 15 Copland v UK (2007) 45 EHRR 37.
16 YF v Turkey (2004) 39 EHHR 34. 17 Keegan v UK (2007) 44 EHRR 112. 18 I v UK (2003) 36 EHRR 53.
19 Rotaru v Romania (2000) 8 EHRR 449.
20 Gaskin v UK (1989) 12 EHRR 36. See, Ian Walden and Lorna Woods, ‘Broadcasting Privacy’ (2011) 3 Journal of Media Law 117, 125.
that ‘the protection of an individual’s privacy is fundamental to their human dignity and is central to many other human rights such as the right of freedom of association, movement and expression’.22
2.14 Privacy also gives individuals freedom to pursue cultural interests free from undue interference from others. This freedom may be particularly important for some ethnic, religious and cultural groups, such as Aboriginal and Torres Strait Islander people, who have particular cultural identity, knowledge and customs that bear on the privacy interests of individuals within the group.23
2.15 Some representative groups stressed the importance of a right to privacy for protecting vulnerable people in the community.24 Associate Professor Moira Paterson emphasised the potential impact of surveillance on vulnerable people who may rely on public places as social, living and cultural spaces.25 Protecting privacy can play an important role in ensuring personal safety and freedom from harassment.
Principle 2: There is a public interest in protecting privacy
2.16 While privacy must sometimes be set aside for broader public interests, privacy itself is also a vital public interest. The public interest does not simply comprise matters in which the public as a whole has a communal interest, such as the proper administration of government or the proper administration of justice. Rather, there is also a public interest in protecting and enforcing private freedoms, rights and interests.26 In Plenty v Dillon, Gaudron and McHugh JJ said:If the courts of common law do not uphold the rights of individuals by granting effective remedies, they invite anarchy, for nothing breeds social disorder as quickly as the sense of injustice which is apt to be generated by the unlawful invasion of a person’s rights.27
2.17 Contractual and equitable obligations of confidence also have public interest justifications.28 In the Spycatcher case, Lord Goff noted that
the basis of the law’s protection of confidence is that there is a public interest that confidences should be preserved and protected by the law 29
2.18 Privacy, like confidentiality, underpins other important individual freedoms. Privacy and the ability to speak freely without fear of disclosure is important for social order and public health, private wellbeing, and the achievement of many social ideals and objectives. Without privacy and confidentiality, a person may feel unsafe or unable
22 Law Institute of Victoria, Submission 22. 23 Arts Law Centre of Australia, Submission 43.
24 Women’s Legal Services NSW, Submission 57; Women’s Legal Service Victoria and Domestic Violence Resource Centre Victoria, Submission 48.
25 M Paterson, Submission 60.
26 Australian Privacy Foundation, Submission 110; UNSW Cyberspace Law and Policy Community, Submission 98.
27 Plenty v Dillon (1991) 171 CLR 635, 655 (Gaudron and McHugh JJ).
28 On the public interest in upholding confidences, see Prince of Wales v Associated Newspapers Ltd [2007] 3 WLR 222, [67]. See Ch 12.
to speak freely and honestly about important private matters, such as private sexual or medical matters.
2.19 There is a public interest in the security of confidential information about an individual’s financial and commercial interests. There is, for example, a public interest in the benefits that online trade and commerce can offer. Respecting privacy helps establish consumer trust in these services. The preamble to the Asia-Pacific Economic Cooperation Privacy Framework states that balancing and promoting effective information privacy protection and the free flow of information is ‘a key part of efforts to improve consumer confidence and ensure the growth of electronic commerce’.30 2.20 Protecting privacy also has an important role to play in protecting and promoting free speech—another vital public interest. Professor Eric Barendt has written:
One value of privacy, and a reason why it is recognised as a constitutional or legal right, is that it gives individuals the space to develop their own identity by themselves, and in communication and cooperation with friends and lovers, free from observation and interference by Big Brother or even by a liberal democratic state. Some privacy is essential to enable us to read, contemplate and formulate thoughts, and some confidentiality and security is similarly necessary to exchange ideas with friends and colleagues.31
2.21 Although privacy has been said to lie at the heart of liberty, and will often support other fundamental rights and freedoms, sometimes it must be balanced with other important interests.
Principle 3: Privacy should be balanced with other important
interests
2.22 The privacy of an individual is not an absolute value or right that necessarily takes precedence over other values of public interest. As many stakeholders noted, it must be balanced with a range of other important values, freedoms and matters of public interest.32 These may include, in no particular order or hierarchy:
• freedom of speech,33 including the freedom of the media and the implied constitutional freedom of political communication;34
• freedom of artistic and creative expression and innovation in the digital era;35
30 Asia-Pacific Economic Cooperation, APEC Privacy Framework (2005) [1].
31 Eric Barendt, ‘Privacy and Freedom of Speech’ in Andrew T Kenyon and Megan Richardson (eds), New Dimensions in Privacy Law: International and Comparative Perspectives (Cambridge University Press, 2006) 11, 30–31.
32 Australian Human Rights Commission, Submission 75; SBS, Submission 59; Google, Submission 54; ASTRA, Submission 47; Law Institute of Victoria, Submission 22; Office of the Information Commissioner, Queensland, Submission 20.
33 In Attorney-General (SA) v Corporation of the City of Adelaide [2013] HCA 3 (27 February 2013) French CJ summarises the ways in which freedom of speech as a value underpins much of Australian common law and statute law.
34 RSPCA, Submission 49. The RSPCA submission referred to ABC v Lenah Game Meats, where Kirby J suggests that courts should give a wider interpretation to the matters falling within the implied freedom: Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199, 286–287. 35 Facebook, Submission 65.
