What is the recommendation?

In its recent Digital Platforms Inquiry – Final Report (Digital Platforms Report), the Australian Competition and Consumer Commission (ACCC) recommended that a new statutory cause of action be created to cover serious invasions of privacy. Although it is introduced in the context of a report on digital platforms and partly aimed at reducing the “bargaining power imbalance” between individuals and such platforms, the ACCC’s intention is that the tort should apply across the economy.2

The proposed tort would cover invasions of privacy by either misuse of private information or intrusion upon seclusion, in each case where they satisfy a seriousness threshold.  A fault element of either intention or recklessness would need to be present - negligence would not suffice.  A person in the plaintiff’s position would also need to have a reasonable expectation of privacy.  Crucially, the court would need to “be satisfied that the public interest in privacy outweighs any countervailing public interests”, which could include freedom of the media and freedom of expression.3

There would be a broad variety of available remedies, ranging from injunctions and the publication of corrections to damages for emotional distress or economic loss, and in certain “exceptional circumstances”, exemplary damages.4

That sounds familiar…

The proposal to introduce a statutory cause of action for serious invasions of privacy in Australia is not a new one by any means.  Similar recommendations have been made at both a state and federal level over more than a decade but none have been effected.5  In our view, it is clearly preferable to introduce a federal cause of action rather than implementing reform at a state level – there is already a marked mismatch in state privacy frameworks for state government agencies and in respect of health information and also surveillance legislation (including employee monitoring), which gives rise to inconsistencies and increases the regulatory burden of compliance.  Indeed, it is a previous federal proposal that the ACCC has now endorsed – that of the Australian Law Reform Commission (ALRC) in its 2014 report, Serious Invasions of Privacy in the Digital Era (the ALRC Report).  The report’s recommendations met with a lack of support from the government upon release and were never implemented.6

The High Court of Australia also recently noted in Glencore International AG v Commissioner of Taxation7 that the unsuccessful plaintiff had not raised the possibility of expanding the area of the law relating to a “tort of unjustified invasion of privacy”, instead choosing to focus its claim for the return of documents on legal professional privilege.  Their Honours cited the 2001 judgment in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd, which considered whether a common law tort for invasion of privacy might in future be developed in Australia; a potential invitation which has not been taken up by appellate courts since.8  In Glencore, however, even if the plaintiff had been able to rely on the form of tort described, it is highly likely that such a tort – at least as envisaged by the ACCC and the ALRC, and by Gummow and Hayne JJ in Lenah9 – would not be available for the benefit of corporations and would therefore fail to advance its cause.

Isn’t this covered by the Privacy Act?

Not really – at least, not comprehensively.  The Privacy Act 1988 (Cth) (the Privacy Act) is far from thorough with respect to the types of privacy breaches it covers and individuals’ ability to seek recourse for serious invasions of privacy, and it is these gaps that the tort aims to cover.10  The obligations contained in the Privacy Act do not apply to individuals other than in the course of a business they carry on, or to small businesses (which have an annual turnover of less than $3 million).  They do not apply to media organisations engaging in acts or practices in the course of journalism, where they have also committed to observe privacy-related standards.  Their compliance with those standards – or failure to comply – is not regulated under the Privacy Act.  Individuals’ rights of recourse under the Privacy Act largely consist of a right to complain to the Information Commissioner about an act or practice that may interfere with their privacy, to apply for enforcement of a determination of the Commissioner, or to seek an injunction in respect of conduct that breaches the Privacy Act.11 

In the Digital Platforms Report, the ACCC also advocates for the introduction of a direct right for individuals to bring actions and class actions under the Privacy Act, which would improve the degree to which individuals could enforce their existing rights and seek damages for harm caused by breaches of the Privacy Act.12  While the ACCC acknowledges that “there is overlap” between that proposal and the recommendation to introduce the tort, it views the tort as a necessary additional measure to cover a range of serious interferences with privacy in respect of which there may be omissions or exemptions under the Privacy Act,13 including in respect of “interferences with spatial or physical privacy”14 and as described above.

While there is additional legislation at both federal and state levels that regulates certain aspects of surveillance, these statutes are relatively piecemeal.  They are framed by reference to specific types of technology (and are therefore susceptible to becoming outdated as new technology develops),15 there are a range of frustrating discrepancies between them, and they do not provide individuals with anywhere near comparable rights to those proposed by the ACCC and the ALRC.16

What is the potential impact of the proposed tort?

Of course, this depends on whether the ACCC’s recommendation is adopted – given the government’s reluctance to progress this issue in the past in the face of repeated and well-informed calls to do so, we wouldn’t hold our breath – and if so, whether the tort as enacted takes the proposed form.

Unsurprisingly, given its obvious application to the media, the proposal raised concerns from media organisations in particular.  The tort would expose them to liability from which they are largely protected under the Privacy Act on the basis of the journalism exemption we’ve described.  Their arguments focus firstly on the existing schemes and mechanisms applicable to the media, including the Australian Press Council’s Privacy Principles and broadcasting codes of practice.17 Responses to previous inquiries noted that a relatively small number of complaints have been made under such codes, and that they generally provide for alternative dispute resolution, which arguably suggests that there may not be a pressing need for the proposed tort.18  However, these responses do not consider whether the codes themselves are adequate, and whether the limited number of complaints might be explained by the fact that some do not comprehensively address privacy or do not provide individuals with adequate avenues for complaint, rather than an actual absence of breaches of privacy.

The other key concern raised by media stakeholders was that the tort would restrict, or create a “chilling effect upon”, freedom of speech or of the press – not just due to how the tort is formulated but also because of “the risk of over-reach by the courts” in applying it.19  These comments appear to disregard the fact that the ALRC expressly took the importance of freedom of speech into account in its 2014 report.20 Indeed, the tort devised as a result stipulates that freedom of expression, including political communication and artistic expression, should be included as countervailing public interest matters that a court should consider when determining whether it is satisfied that the public interest in privacy is outweighed.   

The threshold of seriousness is likewise intended to reduce the risk that the tort will constrain freedom of the media.21 This reflects the ALRC’s conclusion that “privacy and free speech are both better protected by finding a reasonable balance between them”, and that the result of the balancing exercise will be that “privacy interests give way to free speech, when this is in the public interest”.22  While, in the ALRC’s view, these mechanisms obviated the need for a distinct defence based on public interest, its formulation contains a number of other proposed defences and exemptions, relevantly including requirement or authorisation by law, necessity, consent, publication of public documents, and fair report of proceedings of public concern.23

Of course it is true, as flagged in some submissions, that it is likely to be expensive for individuals to make a claim under the tort and that the outcome would be uncertain,24 but we consider that the availability of an avenue for remediation is preferable to having no recourse.  As noted by others, the ACCC’s proposal is that the tort should extend beyond digital platforms,25 but if that were not the case presumably it would be of limited utility and uneven in its application, penalising digital platforms above others.  It is certainly accurate that the proliferation of social media would likely complicate the assessment of some of the components of the tort – particularly the question of the circumstances in which an individual can be considered to have a reasonable expectation of privacy.

We believe that the tort has merit as a mechanism by which individuals could seek to safeguard their privacy (which extends beyond personal information as couched in the Privacy Act) in scenarios where it is not currently protected by the Privacy Act or the patchwork of surveillance and related legislation.  However, it remains to be seen whether there will be any greater governmental impetus than on previous occasions to make the legislative changes required.  In the meantime, Australia’s approach to this issue continues to lag behind that of New Zealand, Canada, the US and the UK, all of which have developed some form of civil cause of action for invasion of privacy, whether under statute or at common law.26

Authors: Stephanie Essey and Melissa Fai

[1] Recommendation 19, Digital Platforms Report, pp493-496.

[2] Digital Platforms Report, pp24 and 493.

[3] Recommendation 19, Digital Platforms Report, p493, and Recommendations, ALRC Report.

[4] Recommendation 19, Digital Platforms Report, p493.

[5] The 2016 recommendations were made by the New South Wales State Parliament Standing Committee on Law and Justice in its Inquiry into Serious Invasions of Privacy, and recommendations were made in 2008, 2009 and 2010 by the ALRC (For Your Information: Privacy Law and Practice), the NSW Law Reform Commission (Report 120: Invasion of Privacy) and the Victorian Law Reform Commission (Surveillance in Public Places) respectively.

[6] C Merritt, ‘Brandis rejects privacy tort call’, The Australian, 3 April 2014.

[7] [2019] HCA 26 (Glencore) at [7].

[8] [2001] HCA 63 (Lenah), particularly per Callinan J at [335]: “It seems to me that, having regard to current conditions in this country, and developments of the law in other common law jurisdictions, the time is ripe for consideration whether a tort of invasion of privacy should be recognised in this country, or whether the legislatures should be left to determine whether provisions for a remedy for it should be made”; ALRC Report, pp53-54.

[9] Per Gummow and Hayne JJ, with whom Gaudron J agreed, at [132], “Whatever development may take place in that field will be to the benefit of natural, not artificial, persons”, although their Honours also stated in that paragraph: “Nothing said in these reasons should be understood as foreclosing any such debate or as indicating any particular outcome”.  Both Gleeson CJ and Callinan J expressly left the point open (at [43] and [190]-[191] respectively), with Gleeson CJ stating at [43] that “Some forms of corporate activity are private”.

[10] Recommendation 19, Digital Platforms Report, p493.

[11] ss36, 55A and 80W, Privacy Act.

[12] Digital Platforms Report, pp473-475.

[13] Digital Platforms Report, pp473-475 and 496.

[14] Office of the Victorian Information Commissioner, Submission to the Australian Law Reform Commission, December 2013, cited in the Digital Platforms Report, p496.

[15] ALRC Report, pp26 and 282-285.

[16] P Leonard, Gilbert + Tobin, ‘Sound and fury meets privacy: the ALRC and a statutory cause of action for invasion of privacy’, 1 April 2014.  For example, see the Telecommunications (Interception and Access Act) 1979 (Cth), Surveillance Devices Act 2007 (NSW) and the Surveillance Devices Act 1999 (Vic).

[17] Submissions of the Australian Press Council and SBS to the Digital Platforms Inquiry (Preliminary Report).

[18] Law Council of Australia, Submission to the Australian Law Reform Commission, Serious Invasions of Privacy in the Digital Era (14 May 2014).

[19] Law Council of Australia, Submission to the Australian Law Reform Commission, Serious Invasions of Privacy in the Digital Era (14 May 2014).  Also see the submissions of the Law Council of Australia, SBS, Foxtel and Indue to the Digital Platforms Inquiry (Preliminary Report).

[20] ALRC Report, including Principle 3, pp33-35 and 153.

[21] ALRC Report, p133.

[22] ALRC Report, pp18 and 153.

[23] ALRC Report, Recommendations 9-1 and 11.

[24] Nine submission to the Digital Platforms Inquiry (Preliminary Report).

[25] Australian Finance Industry Association submission to the Digital Platforms Inquiry (Preliminary Report).

[26] Victorian Law Reform Commission, Surveillance in Public Places: Final Report 18, May 2010, Chapter 7, and the ALRC Report, pp22-23.  In the UK, the equitable action for breach of confidence has been expanded to deal with the disclosure of private information.

Expertise Area