The Court of Appeal for England and Wales has held that the cause of action recognised in English law since Campbell v Mirror Group for misuse of private information should be classified as a tort rather than an equitable cause of action.
The question of classification was important in litigation against Google, Inc, because the plaintiffs needed to establish that the cause of action was a tort in order to be eligible to be granted leave to serve the proceedings on Google outside England. In the result, the court confirmed the earlier decisions to grant leave to serve Google.
The reasons for decision contain a valuable overview of the development of the cause of action in the English courts. It is clear from that narrative that the development of the English judge-made law has been influenced in a particularly European manner. The English courts, taking their cue from the provisions of the Human Rights Act, have imported the content of the European Convention on Human Rights (article 8 concerning respect for private and family life, and article 10 concerning freedom of expression) into the common law, such that “the values enshrined in articles 8 and 10 are now part of the cause of action”. Whilst the Australian courts develop the common law incrementally, and the High Court of Australia has held open the possibility of the development of a tort that protects the interests of the individual in leading, to some reasonable extent, a secluded and private life, the Australian courts are unlikely to give the same degree of weight to the European Convention principles as has occurred in England.
Even in England the development of the common law of privacy may be affected if the new Conservative government acts on its pre-election promise to repeal the Human Rights Act and replace it with a “British Bill of Rights”. If a British Bill of Rights does not contain an equivalent to articles 8 and 10 of the European Convention, will we see the content of the English tort adapt?
The court’s decision in the Google case also considered whether compensation for mere distress (non-economic loss) may be awarded under the English Data Protection Act. In another example of the application of European law, the English court concluded that the domestic legislation, which expressly limited the circumstances in which damages for distress are available to cases where the plaintiff has also suffered economic loss, was incompatible with the European Directive. Accordingly, that element of the domestic law was effectively held to be invalid, and the plaintiffs will be allowed to pursue a claim for distress only. In Australia, damages for injury to feelings and/or for humiliation are expressly recoverable and the Australian Privacy Commissioner has awarded damages for non-economic loss on multiple occasions (see s52(1A) Privacy Act and this post for a list of the cases in which damages for non-economic loss has been awarded)
The other aspect of the case which may be of more direct relevance to Australian lawyers is the court’s conclusion that there was a serious issue to be tried as to whether so-called ‘browser-generated information’ which had been collected covertly by Google was “personal data” for the purposes of the Data Protection Act. The browser-generated information took the form of cookies that identified website browsing histories and linked them to a particular device or user, so that advertisements could be targeted to those users based on an analysis of their browsing histories. Because the information allowed Google to single out a device or user (ie distinguish it from others), the court held that it was arguable that the information was “personal data”. The question is similar in some respects to that considered by the Australian Privacy Commissioner in the recent Grubb v Telstra determination (which Telstra has appealed to the Administrative Appeals Tribunal).
A more detailed discussion of the English decision has been published by our European colleagues here.