Tort: a ‘Negligent’ Approach
The Case of New Zealand
New Zealand takes a common law approach to protection of privacy. The privacy tort established by Hosking v Runting  1 NZLR 1 [‘Hosking’] requires two fundamental requirements to be proved – firstly, the existence of facts in which there is a reasonable expectation of privacy and secondly, the publicity of those facts are considered highly offensive to an objective reasonable person.111 The Court has regard to the particular facts of the case and the use of the offending material in the circumstances.112
However, the approach in New Zealand is narrow. In fact, the Court of Appeal in Hosking held that any all-encompassing action for breach of privacy should be ‘at the instigation of the legislature, not the courts’.113 The common law action is restricted only to invasions of privacy where the defendant gives publicity to private and personal information of the plaintiff.114 The tort does not cover intrusions upon a plaintiff’s seclusion. The tort does not protect situations where the private act or information is not publicised, for example in a peeping-Tom scenario where privacy is invaded by a neighbour looking into the home of another and viewing intimate acts or conversations. The tort also does not provide a simple test for determining what a private fact is.115
Only fifteen people have taken action under this tort, many of them without a public profile.116
The Case of the United States
A majority of American states provide common-law privacy protection.117 However, the original complex-of-four torts put forward by Prosser in 1960 (seclusion, appropriation, publicity and false light)118 have proved of limited effect in the United States. 119 The torts ‘failed to provide effective protection of privacy,’ 120 because of the priority afforded to free speech under the First Amendment of the United States Constitution. Whilst the privacy torts were not originally anchored in any constitutional guarantees, the Courts have since developed zones of privacy121 within a penumbra of guarantees under the Bill of Rights, in order to provide constitutional protection of privacy.122
Despite this, constitutional privacy laws only cover narrow issues such as marriage, the family, procreation and abortion, and do not extend to information and seclusion privacy.123 This is largely due to the strength of the constitutionally-entrenched right to freedom of the press,124 and the low threshold requirement for disclosure of information: If information is newsworthy, it is generally held to be of legitimate public concern and may be published.125
A Privacy Tort in Australia?
A common law tort for invasion of privacy is not an adequate avenue for protecting privacy in Australia. Statute is preferred over common law development. Minister for Privacy and Freedom of Information, Brendan O’Connor, announced in July 2011 that the government supports a statutory right to sue for serious privacy invasions, ‘rather than letting the system of privacy regulation evolve in an ad-hoc way through court decisions.’126 Simply plugging the gaps in Australian privacy law by extending existing common law causes of action is not preferred.127
Furthermore, the Courts are unwilling to allow such a development. For sixty years, Australian Courts rejected the proposition that there was a tortious action for invasion of privacy.128 In 2001, the High Court in Lenah held that the authority in Victoria Park Racing129 did not stand in the way of developing a tort for invasion of privacy, therefore extending an invitation130 to the common law to create the action. However, no Court has yet taken this bold step.131 The District Court of Queensland and Victorian County Court represent some of the only Courts to hold that such a step is a logical and desirable one to take.132 Yet, in the latter Court, the decision was appealed and eventually settled, therefore providing no definitive precedent.133 Other Courts continue to reject tortious claims for invasion of privacy.134
The Lenah High Court had the opportunity to create a tort for invasion of privacy. However, given this chance, it refused recognition, therefore failing ‘on all counts’135 to protect privacy generally. The reluctance of the common law to find a cause of action for invasion of privacy therefore exemplifies why the common law is inadequate to protect privacy in any concrete and measurable way.
Equity: the new fusion fallacy
The Case of the United Kingdom
Like Australia, the United Kingdom ‘knows no common law tort of invasion of privacy’.136 Furthermore, previous attempts at legislative reform in the UK failed at the first hurdle.137 However, without a general or ‘freestanding’ right to privacy, the UK’s equitable action for breach of confidence138 evolved instead, representing a rights-based approach to privacy protection.139 This was driven partly by the heavy hand of international privacy obligations contained in Article 8 of the ECHR,140 which was ratified to some extent in the Human Rights Act 1998 (UK).141 Significantly, however, the Act also upholds the right to freedom of expression,142 which is manifested within Article 10 of the ECHR.143 Both rights are considered to be prima facie equal and are weighed against each other by the courts using a proportionality test.144
However, such an extension within the traditional interpretation of the equitable cause of action represented an attempt to fit a square peg in a round hole. The second element for breach of confidence – that the information was imparted in circumstances giving rise to an obligation of confidence145 – finds no solace in privacy protection. This is because many instances of privacy violation occur where there is no pre-existing relationship of confidence. Media organisations, for example, do not have fiduciary duties to ordinary members of the public. The obligation of confidence would have to arise once the defendant has unlawfully or surreptitiously acquired the information that he or she should have known was ‘not free to use’,146 which is counter-intuitive and would represent a significant leap for Courts of Equity to make.
Extending breach of confidence in Australia?
The idea that the equitable action for breach of confidence can protect privacy interests in Australia is not new.147 Rivette argues that the case of Giller v Procopets (2008) 40 FamLR 378 gives breach of confidence the ‘teeth to respond to invasions of privacy arising from the non-consensual disclosure of personal information’.148 Read with Lenah, Rivette argues that there may be an actionable breach of confidence in the case of a secretly-obtained photograph or piece of information by the media, where that material is considered private if its disclosure would be highly offensive to a reasonable person of ordinary sensibilities.149 While at first blush, this approach may seem to adequately address the concern, such an approach in reality is a toothless tiger for several reasons.
To begin with, confidentiality and privacy are ‘simply different concepts. While most confidential acts and information could arguably be described as private, not all private activity is necessarily confidential.’150 To reconcile the two would entail trying to fit a square peg in a round hole.151 Plaintiffs would be left without redress.152 Breach of confidence is traditionally used to protect information imparted under the fiduciary obligation of confidence. Breach of confidence is not, under its current construction, suited to all situations where one person invades the privacy of another, particularly when the parties involved are strangers and do not hold obligations of confidence to one another. Only intrusions of privacy which result in actual publication are actionable under the current test for breach of confidence, no matter how ‘strong and understandable may be the feeling of harassment of a person who is hounded by photographers’153 or the media. This would mean that the plaintiff in Australian Broadcasting Commission v Jane Doe  VCC 281 would have an equitable action in breach of confidence, because she was identified on television as a victim of rape.154 Conversely, the plaintiff in Grosse v Purvis  QDC 151 would not, because the privacy action related to stalking and other acts that were not publicised by the media.155 This approach would thereby create inconsistency if it were applied in Australia, particularly given the reticence of the courts toward providing equitable privacy protection at the present time.
Additionally, confidentiality actions are creatures of equity. Equitable protection of privacy would therefore only attach to information that ought not to be disclosed, without any real regard for the intrinsic value of the information itself.156 Furthermore, not all privacy actions are information-related. Interference with personal bodily privacy157 would not be covered under an extension of the breach of confidence doctrine.
Finally, mere emotional distress will often be the only damage for which a plaintiff claims as a result of an invasion of privacy. However, there appears to be no Australian authority to support equitable damages or equitable compensation to be awarded for mental distress alone. While Neave and Ashley JJA relied upon English authority to support a finding of equitable compensation in Giller v Procopets,158 this is an approach that is simply not applicable in Australia.159 Moreover, Australia does not have a Bill of Rights statute upon which to base that action.
Extending the breach of confidence action to cover privacy cases is inappropriate, and stretches the limits such that the core of both actions is compromised. The two actions should be separate.
A Statutory Solution
A small number of jurisdictions have created statutory protection for privacy. Australia is therefore in a unique position to draw upon the benefits of the jurisdictions with successful legislation, and also to learn from and avoid failures of other jurisdictions. For example, some provinces of Canada and some American states provide general statutory protection for privacy; however the laws are not uniform across the countries. Ireland160 and Hong Kong161 have considered passing legislation which create causes of action for invasions of privacy, however both countries’ respective parliaments have not yet passed any laws. Appendix Table Two: ‘Elements, Defences and Remedies in Privacy Statutes from Overseas Jurisdictions’ compares these jurisdictions.162 Consideration of these approaches is essential to creating the most successful proposal in the Australian context.
The Case of North America
The Canadian Provinces of Saskatchewan,163 Manitoba,164 Newfoundland165 and British Columbia166 each passed privacy legislation creating statutory torts for violation of privacy. All four jurisdictions create a tort, actionable without proof of damage, for a person who wilfully and without claim of right, violates the plaintiff’s privacy without their consent or lawful authority.167
Manitoba utilises a higher threshold for the elements of the action by requiring the violation to be substantial, unreasonable and without a claim of right.168 However, even in the other three Canadian jurisdictions maintaining lower thresholds, there have been few actions for violation of privacy, and plaintiffs have successfully instituted such actions in only 25% of the cases.169 Furthermore, nominal damages and exorbitant litigation costs have meant that ‘the tort of privacy has achieved little’170 in terms of social utility.
Each province, except for British Columbia, provides a non-exhaustive list of examples of the types of violations of privacy which would come under the tort, including auditory surveillance, listening to conversations, using a person’s name or likeness in advertising, and use of personal documents.
Each province lists defences171 for the tort, which include consent, lawful right, public interest, exercising duties of peace officers, reasonable news gathering172 and defamation privileges. Each province, except for British Columbia, also provides a range of remedies, including damages, injunctions, account of profits and destruction of the offending material.
There is limited statutory protection of privacy in the United States, however this is also piecemeal. Some states simply recognise or alter the common law torts through statute.173 The California Civil Code creates a range of statutory torts. For example, the tort of entering land with the intent to capture images, sound recordings or physical impressions of the plaintiff engaging in a personal or familial activity, which is proved in situations where physical invasion occurs in a manner that is offensive to a reasonable person.174 The Massachusetts General Law also provides that a person has ‘a right against unreasonable, substantial or serious interference with his privacy. The superior court shall have jurisdiction in equity to enforce such right and in connection therewith to award damages.’175 However, like Australia, the United States has a piecemeal and patchy framework for protection of privacy. Such an approach lacks consistency and uniformity – two factors that are highly valued in any legal system. Australia can and should learn from the successes and failures in overseas jurisdictions in order to formulate the best possible approach to privacy protection.
A Statutory Approach in Australia
This paper strongly endorses a statutory approach to the protection of privacy. The reluctance of the common law to develop, and the inadequacy of equity to formulate the action for invasion of privacy, provides the impetus for statutory reform within the privacy law area. A statutory cause of action ‘avoids the problems inherent in attempting to fit all the circumstances that may give rise to an invasion of privacy into a pre-existing cause of action.’176 Moreover, a statutory scheme provides a more ‘flexible approach to defences and remedies’,177 is not constrained by rules or assumptions of torts or equity, and allows for explicit consideration of competing public interests.178 While the Canadian and United States statutes provide some guidance as to the wording of legislation relating to invasions of privacy, the fact that they are inconsistent nationwide means that the Australian approach should be uniform and dependent on the unique Australian legal, social and political context. The following two chapters will explore the Australian statutory reform options in detail.
PREVIOUS ATTEMPTS AT REFORM
The pattern is familiar. Private lives are made public spectacle by the tabloids. A general sense of unease ensues. Politicians appear to fret. Judges lament the incapacity of the common law to help. Committees are established. ‘Privacy’ legislation is proposed. Alarms are sounded by the quality press about the onslaught against freedom of speech. Inertia settles on politicians, reluctant to offend newspaper editors. The debate subsides until the next series of sensationalist disclosures.179
The call for privacy reform in Australia is well established. Both the ALRC and NSWLRC recently recommended the overhaul of the privacy law framework and the creation of a statutory cause of action for invasions of privacy. The Victorian Law Reform Commission also recommended privacy reform; however it proposed two narrow causes of action;180 one related to misuse of private information181 and the other related to intrusion upon seclusion.182 This paper focuses on the federal and NSW proposals.
In 2008 and 2009, the ALRC and NSWLRC worked together with the common aim of creating a statutory cause of action for invasions of privacy, to be introduced under a uniform legislative framework. The NSWLRC took primary responsibility of formulating the proposals.183 Nonetheless, there are some differences in approach between the federal and State Commissions, and these are illustrated in Appendix Table 3: ‘Comparison of Recommendations for a Statutory Cause of Action in Australia’.184 Ultimately, both recommended change to Australian privacy law in the form of a statutory cause of action for invasion of privacy. This chapter examines, compares and evaluates these recommendations185 in light of recent developments.
The Australian Law Reform Commission Report
The ALRC’s 2008 Report, For Your Information: Australian Privacy Law and Practice, was, amongst numerous other aims,186 designed to create a statutory cause of action for serious invasions of privacy. Chapter 74 of the Report contains 7 recommendations related to the statutory cause of action.187
The ALRC recommended that the cause of action be contained in a separate federal statute.188 This aimed to reduce inconsistencies and confusion, particularly surrounding the Privacy Act 1988 (Cth) which already deals with information privacy. The ALRC recommended that all other common law actions for invasion of privacy (if any) be abolished, in order to ensure the consistency and primacy of the legislation.189 A new statute would also result in national uniformity, as the statute would cover federal, state and territory jurisdictions. However, the ALRC noted that it would be a matter for government to decide how best to achieve consistency if the states and territories enacted mirror legislation.190
The ALRC took a conservative approach to the cause of action. The cause of action relates to serious invasions of privacy,191 thereby importing a higher threshold for actionability than the NSWLRC, which recommended a cause of action for invasions of privacy without the need for the invasion to be serious.192 This was consciously intended by the ALRC to ensure that privacy’s concomitant, the public interest in freedom of expression, was not unjustifiably curtailed.193 The ALRC also recommended that the requisite mental element be limited to intentional or reckless acts by the respondent.194 This means that accidental invasions are not actionable under the statute, for example through photography or street art.195
The test to establish a serious invasion of privacy requires both a reasonable expectation of privacy in all the circumstances, and the act must be ‘highly offensive to a reasonable person of ordinary sensibilities’.196 Consent is also an essential element of the cause of action at this stage of the inquiry.197 Notably, privacy is not defined by the ALRC.
The ALRC specified that the court take into account ‘whether the public interest in maintaining the claimant’s privacy outweighs other matters of public interest’,198 including matters of public concern and freedom of expression, when determining whether there has been an invasion of privacy. This reflects the need to balance the public interest in maintaining the claimant’s privacy with the public interest in freedom of expression, which is a delicate process. By placing consideration of public interest at the forefront as an element of the cause of action, and not as a defence to the action, the ALRC places the competing rights on equal footing.199 This contrasts with the Canadian approach, which identifies reasonable news gathering200 and the public interest and fair comment201 as defences to the cause of action.
The ALRC recommended including a non-exhaustive list of the types of invasion that might fall within the cause of action. These comprise of factual scenarios in which there has been a) interference with home or family life; b) unauthorised surveillance; c) interference, misuse or disclosure of an individual’s correspondence; and d) disclosure of sensitive facts about an individual’s private life.202 This is a useful method to indicate legislative intention, and assists courts with developing the scope of the action.203 This mirrors the Canadian statutory approach, which also provides a non-exhaustive list of examples.204
The ALRC recommended that the cause of action be brought only by natural persons, 205 on the basis that the ‘desire to protect privacy is founded on notions of individual autonomy, freedom and dignity’,206 which are values that do not extend after death.
The ALRC recommended providing an exhaustive list of the possible defences to the action. The list contains three main defences: acts or conduct incidental to the exercise of a lawful right of defence or person or property, conduct required or authorised by law, and the publicised information was privileged under the law of defamation.207 The ALRC took a restrictive approach to defences, choosing not to include defences such as consent, rebutting
an untruth or information already being in the public domain. The defences are unnecessary because the public interest and consent are both addressed in the elements of the cause of action.208
The ALRC recommended that a Court be empowered to choose the most appropriate remedy to the factual circumstances before it, free from jurisdictional constraints.209 The proposed legislation provides a non-exhaustive list of remedies. These include, but are not limited to, damages (including aggravated but not exemplary damages), account of profits, injunctions, apology orders, correction orders, destruction orders, and declarations (for example a declaration stating that an invasion of privacy has occurred).210 The ALRC further recommended that the cause of action be actionable without proof of damage.211 This enables individuals to claim damages for humiliation, insult212 and emotional distress they have suffered as a result of invasion of their privacy.213
Finally, the ALRC recommended that the Office of the Privacy Commissioner provide information to the public concerning the cause of action,214 so that the public may be informed of their rights and responsibilities under the statute.