As we foreshadowed last month, the Australian Law Reform Commission has recently released Discussion Paper 80, on “Serious Invasions of Privacy in the Digital Era”. The terms of reference for the discussion paper were to investigate the ways in which law can protect the privacy interests of the public, and in particular, come up with detailed mechanics for a new statutory cause of action to enable people to seek remedy for serious invasions of their privacy.
The ALRC has provided a number of proposals in the discussion paper, most of which relate to the detailed design of the new cause of action. The key features of the ALRC’s proposed ideal design (described in over 180 pages of detailed analysis) are:
- The cause of action would only apply to serious invasions of privacy that were reckless or wilful; mere negligent invasions of privacy would not be covered. A plaintiff would need to prove the relevant mental component for the defendant to be liable.
- The cause of action would only apply where there was a reasonable expectation of privacy.
- The plaintiff would not have to prove they actually suffered a loss or damage as a result of the invasion of privacy.
- The Court must weigh up the plaintiff’s interest in privacy with other competing interests, including freedom of political communication, the needs of media to investigate and report on matters of public concern, public health and safety, law enforcement, and the economy.
- The cause of action would be personal – it could not be used by corporations or a deceased estate.
- The cause of action should permit a number of defences, including absolute privilege (in the same manner as a cause of action for defamation), fair report of proceedings of public concern, and safe harbour defences for internet intermediaries.
The remedies for the cause of action would include an injunction, declaration or correction order, an account of profits or compensatory damages, including exemplary damages, and including damages for the plaintiff’s emotional distress. A number of aggravating and mitigating factors could be considered by the court in calculating a damages award, and damages for non-economic loss would be capped at the same amount as under a defamation action (but economic loss would be uncapped).
However, the ALRC also recommended that if the new cause of action was not to be created, amendments to other laws could be considered instead. For example legislation could be enacted to confirm that plaintiffs are entitled to recover damages for emotional distress in an action for breach of confidence where the defendant has committed a serious invasion of privacy by misusing or disclosing the plaintiff’s personal information (as occurred in the Victorian case Giller v Procopets ), and that a Court should consider the public interest and freedom of expression when determining whether an injunction should be granted to restrain publication of confidential information.
Alternatively, new Commonwealth harassment laws could be enacted that would allow plaintiffs to sue for harassment, including where there has been a serious invasion of their privacy.
The ALRC have also made a few other proposals of interest, not directly connected with a new cause of action for serious invasions of privacy. These proposals have not been described in the same level of detail as those for the design of the new statutory cause of action.
First, the ALRC has recommended that ACMA, the Australian media and broadcasting regulator, be given the power to declare that a person be given a specific amount of compensation by a broadcaster if ACMA determines that the broadcaster’s breach of a broadcasting code of practice constitutes a serious invasion of the person’s privacy. This would be a significant expansion in the scope of ACMA’s authority, and this proposal will be of particular interest to broadcasters subject to regulation by ACMA.
Second, the ALRC propose that a new Australian Privacy Principle be added to the recently amended Privacy Act, which would enable an individual to request that an APP entity (that is, an organisation or federal government agency) take reasonable steps to delete or de-identify any personal information the organisation held about the individual, or otherwise provide reasons for noncompliance. At present, APP11.2 only requires APP entities to delete such personal information once the entity no longer needs it for its functions. This change would give individuals much greater control and authority over the use of their personal information, especially where they had previously consented to their personal information being used or disclosed by the APP entity. This on-request deletion is a new proposal that goes further than the recommendations the ALRC made in its 2008 Report “For Your Information: Australian Privacy Law and Practice”.
The other major proposals relate to the law of surveillance devices. The ALRC recommends that laws about surveillance devices should be harmonised across the country, with a definition of “surveillance device” that is agnostic to the type of technology used, or even to whether the surveillance is done by a “device” at all. This is intended to future-proof any surveillance laws to forms of technological surveillance not yet invented.
Surveillance offences should, in the ALRC’s view, include the recording of private conversations or activities without the consent of all of the participants, regardless of whether or not it is one of the participants doing the recording or where the conversation or activity takes place on private property.
Specifically contemplated are situations like:
- people putting up video cameras in their backyard or from their windows to spy on or record their neighbours;
- activists and other individuals sneaking into private property to film activities, as occurred in the Lenah Game Meats case; or
- covertly recording sexual activity without the consent of one or more participants.
However, such an offence raises interesting questions for some other activities, including law enforcement operations, or the increasing popularity of dashboard-mounted or wearable cameras for drivers or cyclists which may incidentally or deliberately record activities of other persons without their consent. The ALRC recommends that surveillance laws only prohibit recordings of “private activity” to avoid some of these issues, but it was not able to provide a complete definition of “private activity” that should apply.
Finally, the Office of the Australian Information Commissioner should, proposes the ALRC, be permitted
to assist (as a friend of the court) or intervene in privacy-related court proceedings with the leave of the court in both instances.
It is important to bear in mind that the ALRC’s research process is ongoing. There are a number of questions for which the ALRC seeks submissions from stakeholders before a final report and set of recommendations are published. Even then, there is no guarantee that all (or any) of the ALRC’s recommendations will ultimately be adopted by Parliament and passed into law.
Submissions to the ALRC in response to this discussion paper are due by 12 May 2014. The ALRC intends to provide their final report to the Attorney-General by June of this year.
The full ALRC Discussion Paper is available on the ALRC website, here.