The New South Wales Law Reform Commission Report
In 2009, the NSWLRC released its Report, Invasion of Privacy. The Report was solely dedicated to formulating a cause of action for invasions of privacy, unlike the ALRC Report which made 288 recommendations that were unrelated to the cause of action. The appendix to the NSWLRC Report contained a draft of the wording of the proposed legislation, called the Civil Liability Amendment (Privacy) Bill 2009,215 expressed as a Schedule to the Civil Liability Act 2002 (NSW). This differs to the ALRC’s proposal, which recommended a separate statute.
Significantly, the NSWLRC recommended an objects clause. The ALRC did not. The clause recognises the importance of protecting privacy and the need to balance the right against other interests. The clause also identifies the aims of the legislation, which are to create a statutory cause of action and to provide remedies to individuals for invasions of privacy.216 The objects clause therefore provides clear legislative intent. This is essential given that the cause of action is a new concept, and Courts may require assistance with interpreting and applying the statute.
The NSWLRC expressed support for a lower threshold than the ALRC to establish a prima facie case for a statutory cause of action. The action simply requires an invasion of privacy, therefore not restricting liability to serious invasions.217 This is a favourable approach given the:
[A]bsence of any broad protection of privacy in civil law; the detrimental effects on privacy of an increasingly invasive social environment; the desirability of giving effect to Australia’s obligations under international law; the need for more general protection of privacy suggested by consideration of the law of other jurisdictions… and the recent weakening of privacy protection in defamation law.218
The test states that an individual’s privacy is invaded ‘if the conduct of another person invaded the privacy that the individual was entitled to expect in all the circumstances having regard to any relevant public interest,’219 which includes the interest of the public in being informed of matters of public concern. This is a wider formulation than the ALRC’s qualified test. However, its objective nature still restricts trivial and unduly sensitive220 claims from being brought before the courts.221 Like the ALRC, the NSWLRC recommends that only natural persons can bring actions under the statute,222 and that consent will vitiate actionability.223
The issue of balancing the right to privacy with the public interest is dealt with as an element of the action, similar to the ALRC’s approach. Fundamental social values and norms, such as free speech, safety, security, health and justice, are weighed up against the asserted interest in privacy in order to determine which is to be preferred in the circumstances.224 At the same time, the NSWLRC acknowledges that those interests are not always at loggerheads. Indeed, the values that underpin freedom of expression such as autonomy and liberty may also underpin some privacy interests. Courts must therefore perform incisive and targeted analysis with regard to the facts of the case.225 Importantly, competing interests are of equal weight, with no interest necessarily trumping another one. The Courts must therefore engage in exercises of proportionality.226
Like the ALRC, the NSWLRC did not attempt to define privacy, instead opting for a statutory cause of action which identifies the ‘general conditions in which an invasion of privacy is actionable’.227 However, the NSWLRC does not list the types of invasion of privacy which might come under the statute,228 instead leaving this entirely up to the courts. Despite this, the court is guided through eight matters which must be taken into account in determining actionability: the nature of the subject matter; nature of the invasion; the relationship between the parties; whether the claimant has a public profile and whether it affects actionability; vulnerability; conduct before and after the invasion; the effect of the invasion on health, welfare and emotional wellbeing; whether the conduct contravenes an Australian law; and any other matter that the court considers relevant in the circumstances.229 This facilitates flexibility in the common law interpretation of the statute, and ensures that each case turns upon its own merits.
The NSWLRC’s proposal neither specified the requisite mental element for the action, nor specified the proof of damage required. The ALRC’s proposal was clear on these points. The NSWLRC argued that specification was not required because the cause of action is statutory and not tortious.230 The same reasoning applies to the NSWLRC’s remedies recommendation, proposing the term ‘compensation’ instead of damages because it reflects a more statutory approach.231
The NSWLRC recommended very similar defences to the ALRC, but added two more. Clause 75(1)(d) of the proposed legislation provides a defence where the defendant publishes the matter as an agent or employee of a subordinate distributor, and the defendant ought not to have known (but not through any negligence) that publication of that matter constituted an invasion of privacy.232 Secondly, it is a defence under clause 75(1)(e) of the legislation that the defendant had a corresponding duty to give and have the published information.233 This defence mirrors the qualified privilege defence in defamation law and would cover the situation where, for example, a defendant publishes, to a prospective employer, personal information about the plaintiff, in a reference, that is relevant to the job.234 The NSWLRC therefore takes a less restrictive approach to excusing actionability under the statute and places more focus on defamation defences than the ALRC.
Clause 76 of the NSWLRC draft legislation lists a range of remedies available to a Court to grant in the event of an invasion of privacy under the statute. The Court is also given discretion to consider any other relief that would be necessary in the circumstances,235 which the NSWLRC identifies as possibly including asset preservation orders, search orders and variation of contract.236 The remedies are largely parallel to the ALRC recommendations,237 although the NSWLRC prefers prohibitory orders over injunctions, because of the statutory nature of the cause of action.238 There is also a significant monetary restriction under the NSWLRC Report which is absent in the ALRC’s proposal. The NSWLRC recommends a $150,000 cap on compensation for non-economic loss.239
While the ALRC is silent on the limitation period for the action, the NSWLRC’s proposal specifies a one year limitation period, accruing from the date of the defendant’s conduct.240 The period may be extended for up to three years if reasonable in the circumstances.241
Unlike the ALRC, the NSWLRC does not recommend an education campaign.
The Australian Government’s Response
The Australian Government has only embarked upon Stage One of its response to the changes proposed by the ALRC, addressing 197 of the 295 recommendations made in the ALRC’s Report.242 However, Stage One did not include the recommendations surrounding the statutory cause of action that are under consideration in this paper. The Government decided to postpone addressing those particular recommendations until the Second Stage Response due to the ‘complexity and sensitivity’243 of the proposals to particular interest groups in Australian society. This is also so that the foundations of privacy reform could be laid down first.
Despite this delay, an Issues Paper released in September 2011 has called for submissions and comments from the Australian public244 on the elements, defences and remedies of the proposed cause of action.245 This provides renewed support for the statutory cause of action to be enacted in Stage Two of the Government Response.
REFORM PROPOSALS: THE INVASION OF PRIVACY ACT 2011 (CTH)
It is most surprising that the Australian courts have yet to develop common law or equitable principles for breach of privacy in Australia. Australia is becoming increasingly out of step with other common law jurisdictions in this regard. It may well be that the courts would be amenable to such a development, should the right case come before them. In the absence of common law or equitable protection, there is good justification for the development of legislation to fill the void.246
Disappointingly, progress in the privacy law area tends to fall idle to media pressure and political inertia. This is due in part to the eagerness of politicians247 to continue good relations with the papers that portray them so as to avoid the enmity of the two main players in the Australian press – Fairfax and Murdoch. This is particularly pertinent because the Murdoch press controls 68% of capital city and national newsprint in Australia.248 In 2011, Australia faces new challenges. Potential phone-hacking and the explosion of social network use in Australia now threaten the value of privacy further. This has led to a gap in the literature. While the previous Law Reform Commission Reports form the academic literature upon which this paper is based and canvass the steps to be taken to formulate the cause of action, the emerging threats and developments in contemporary Australian society require further analysis and review in order to adapt the cause of action to the climate in 2011 and beyond.
Reform to the privacy area requires a back to basics approach.249 This involves creating a new cause of action from the ground up, without recourse to the existing plethora of laws that might incidentally protect privacy or those which could be extended to cover privacy in a limited way.
New Federal Statute
As discussed in Chapter Two, common law and equitable solutions are not appropriate ways to tackle the issue of privacy in Australia. This paper strongly recommends creating new federal legislation. A new statute would reduce public confusion and would avoid the incidental and patchy protection currently provided by a range of laws and forms of law, as exemplified in Appendix Table 1. A name such as the Invasion of Privacy Act 2011 (Cth)250 would communicate the legislation’s purpose effectively, and would also differentiate it from the Privacy Act 1988 (Cth).
Australian privacy laws currently lack coherence, consistency and an overarching rationale. A core rationale that sets out the reasons why the legislation is in force and how it will achieve those goals should therefore be included in the objects clause of the proposed legislation. ‘This involves a consideration of the justification for the right to privacy and what we as a community seek to achieve by giving legal recognition and protection to such a right’.251
The core rationale of the legislation proposed in this paper is to protect the privacy of individuals, and recognise that privacy protection is important in modern society. Doyle and Bagaric suggest that privacy protection creates a supportive context for the development of individual autonomy, which plays an essential role in the pursuit of happiness.252 The authors argue that individuals ought to be protected where decisions are made on the basis of information about them without any opportunity to comment or respond to the information.253 They also argue that individuals should be able to enjoy situations of solitude and control the circumstances in which they are observed. For example, these instances would include privacy inside the home, and particularly when showering, going to the toilet, and engaging in sex.254 This paper supports the value of individual autonomy as a core rationale for the protection of privacy. The need for privacy to be weighed against the public interest should also be identified in the objects clause. 255
The objects clause should also explain how it will achieve individual autonomy and a balance between the right to privacy and the public interest. The clause should clearly state that the legislation intends to create a statutory cause of action for invasion of privacy and provide remedies to individuals whose privacy has been invaded.256 The clause should also explain that the legislation intends to educate the public on their rights, responsibilities and liabilities that are created under the statute, and inform the public of how to protect their own private information and conduct. The education campaign is an important feature of the proposed legislation. Furthermore, the objects clause should make it clear that the Act is to be enacted uniformly throughout the states and territories.
Recommendation 1: Objects Clause
1 Object of Act
The objects of this Act are:
y clearly stating the objectives and aims of the new legislation, the Courts and the Australian public should be adequately informed about their rights and liabilities, which will facilitate and enhance the effectiveness of the new framework.
To create national uniform legislation;
To recognise that it is important to protect privacy in order to protect individual autonomy and the right to the pursuit of happiness;
To recognise that it is important to balance privacy against other interests, including public interest, in appropriate circumstances;
To create a statutory cause of action for the invasion of an individual’s privacy;
To provide a number of different remedies to enable a court to redress any such invasion of privacy; and
To educate the public on their rights, responsibilities and liabilities under this legislation and to inform the public on how they can protect their privacy and prevent invasions of privacy.
This paper acknowledges the difficulties involved in arriving at a satisfactory definition of privacy.257 Fluidity and adaptability should be essential features of the proposed legislation, rather than searching for a fixed definition.
It is a ‘perennial fallacy that because something cannot be cut and dried or lightly weighed or measured therefore it does not exist.’258 The concept of privacy is value-laden and complex.259 The definition is culturally and historically relative,260 and must be adaptable to modern developments and the value which privacy is given at the time. . Wacks argues that ‘[i]nstead of pursuing the false god of “privacy”, attention should be paid to identifying what specific interests of the individual we think the law ought to protect’.261 Similarly, Doyle and Bagaric believe that ‘[t]o define a term or concept is to set out the necessary and sufficient conditions which demarcate the correct usage of the term or concept’.262 ‘Bearing in mind the impossibility of arriving at a satisfactory definition’,263 and the ‘danger of gaps in privacy protection’264 resulting from a fixed definition, the meaning of privacy under the proposed legislation should be canvassed in a way which lists the types of invasions of privacy and the conditions which require protection in the circumstances. This allows the judiciary to develop the concept over time and take into account ‘the need of individuals for privacy in an evolving technological environment’.265
In line with the ALRC and NSWLRC recommendations, this paper proposes that there be no definition per sé.266 Rather, there should be a workable classification of the types of invasions of privacy that would be protected by the statute. This is similar to the ALRC’s proposal.267
In addition, and as will be discussed in further detail later in this chapter,268 there should be explicit reference to the ability for family members to take action for invasion of privacy of their deceased relatives. This refers directly to the News of the World scandal where murder victims’ voicemails were allegedly intercepted, which caused significant distress to family members. Reference should also be made to invasions of privacy occurring online such as on social networking sites, or through websites and email, in order to tackle the various online privacy issues discussed in Chapter One. The other examples proposed in Recommendation 2 follow those of the ALRC. In addition, a catch-all provision ensures that other situations of privacy invasion are not limited to the factual matrix contained in the section.
Recommendation 2: Non Exhaustive List of Types of Privacy Invasion
2 Types of Privacy Invasion under this Act
An invasion of privacy may occur in (but is not limited to) the following circumstances:
(a) Where there has been an interference with an individual’s home or family life, which includes the situation where a deceased family member’s privacy has been invaded and this causes distress or harm to the living relatives which the court deems to be an invasion of privacy under the Act; or
(b) An individual has been subjected to unauthorised surveillance; or
(c) An individual’s correspondence or private written, oral or electronic communication has been interfered with, misused or disclosed without the permission of such individual; or
(d) Sensitive facts relating to an individual’s private life have been disclosed; or
(e) An individual’s activity online, which includes but is not limited to social networking sites, is interfered with, misused or disclosed without the individual’s consent;
(f) Under any other circumstances which the court determines is an invasion of privacy.
Who is entitled to bring an action under the statute is important, particularly in light of the News of the World phone-hacking scandal. The proposed legislation therefore takes a slightly different approach to the recommendations of the ALRC269 and NSWLRC in this regard. This paper acknowledges that generally, deceased individuals have no privacy interests.270 This paper agrees with the recommendation that natural persons are entitled to bring the action, however extends this concept to where natural persons are directly affected by invasion of a deceased individual’s privacy, and that the action also invades the privacy of the natural person bringing the action, particularly in instances where there is a prior relationship, whether familial or fiduciary, between the deceased and the individual seeking relief for invasion of privacy.
Recommendation 2(a) therefore specifically states that relational actions are within the ambit of privacy invasions envisaged by the statute. By extending the concept of home or family-life privacy invasions to include invasions relating to deceased individuals,271 the statute responds directly to the fear created by News of the World’s alleged phone-hacking of 9/11 victims and murder victims. Family members in similar situations should be able to seek remedies and redress for the distress they suffered from media phone-hacking or any other kind of invasion, as long as the invasion of privacy satisfies the elements of the cause of action and is not subject to any defences or other limitations.
General Cause of Action
The cause of action under the new legislation should be general and statutory. It should not be a tort, because tortious actions ‘do not generally require the courts to engage in an overt balancing of relevant interests’,272 which would be required in the case of privacy invasions. The cause of action should relate to invasions of privacy, which is in line with the NSWLRC recommendation. The higher threshold test suggested by the ALRC, which requires the conduct to be of sufficient seriousness and ‘highly offensive to a reasonable person of ordinary sensibilities’273 is too high a bar for claimants to meet. This would undermine the effect of the legislation in protecting privacy. Many claimants would be precluded from taking action for invasions of their privacy, if they had a reasonable expectation of privacy but it was not considered by the court as objectively serious or highly offensive enough to warrant liability.274 For example, where an intimate conversation between husband and wife following their involvement in a car accident involving drink-driving is filmed and broadcast on television, they would have a reasonable expectation of privacy in those traumatic circumstances. However, the conversation is not likely to be objectively serious or highly offensive to the reasonable person.275 A high threshold of seriousness therefore does not give adequate protection to individuals’ right to privacy.
Instead, as is made clear below, the test should balance the privacy interest against the other interests in question on the particular facts of the case, and take into account a range of factors to assist the court in making a determination.
The test for the statutory cause of action should be flexible, adaptable, reasonably accessible to individuals, and fair to other competing interests, which is likely to include the interest of Australian media organisations in delivering news. Most importantly, the test should be applied by the courts through an intense focus on the facts,276 and should assist in developing social norms and expectations of privacy in modern society.277
The public interest and freedom of speech issue is a difficult one to reconcile statutorily. A traditional view is that there will ‘always be a clash of rights, which must be resolved either in favour of the privacy right or of the right to freedom of speech’.278 Privacy is deemed to be the arch-nemesis to public interest, the right to know and freedom of expression. Law reform submissions, primarily from media organisations, urged the freedom of speech right to be a concomitant279 to the right to privacy, given that Australia does not have a constitutional or statutory right to freedom of speech or freedom of the press, even though Australian Constitutional law already implies a right to freedom of political communication.280 There is currently limited protection for privacy under Australian law. The way that privacy and freedom of expression should interact is therefore left uncertain under the current legal framework.
The notion of privacy, and its conceptual rivalry with freedom of expression, does not occur in a vacuum. Society’s attitudes towards the correct balance will change according to expectations281 relating to technology, artistic tastes, the commercial environment and demographic changes. The key to a contextual and workable test is therefore adaptability and proportionality. Courts should be able to apply a sophisticated balancing test to the specific facts of the case. The proposed legislation should therefore be specific about how to balance these competing rights.
Interestingly, Barendt argues that in limited cases, the two rights will not be in conflict. He cites a pertinent example. The right to privacy and the right to free speech would both be violated if there was interception of electronic or social communications between individuals or a small group on the internet.282 However, this creates complexity for reform. For example, if a claimant’s Facebook profile is set to private, but a Facebook friend of the claimant publishes the information contained in the claimant’s status, should that information be protected as private information? The explosion of social media has posed difficult questions relating to defining the realm of what is private and what is public.
Furthermore, the blurring and shifting of the line between public and private life necessitates a flexible approach. There is no expectation of privacy in public places generally, such as public transport, shopping centres, bars and restaurants. However, cultural norms exist which require privacy in public toilets, change rooms and hotel rooms, despite the ‘absence of a right to exclusive possession or control of [the] immediate surroundings’.283 On the one hand, if a line is not drawn between the public and private spheres of life, then ‘there will be virtually no aspect of [a person’s] life which cannot be characterised as private’.284 On the other hand, regard should be given to the degree of privacy reasonably expected in the circumstances of the particular case.285 A cause of action should not draw such a line in advance.
The legislation should assist Courts in reshaping those norms in order to reflect the current challenges to individual privacy, particularly in the face of sly media behaviour and the exponential increase of information flow on the internet.
As a result, the test recommended in this paper combines some elements of the ALRC and NSWLRC recommendations. As drafted in Recommendation 3 below, the test combines a subjective and objective element. The test requires the individual to have a reasonable expectation of privacy in the circumstances, but that privacy interest is considered in light of, and on balance with the relevant public interests, which are presumed to start from an equal footing. This paper initially considered placing the public interest consideration as a defence instead of an element of the test, which is the approach used in Canada.286 However, the former option fails to recognise the value of open justice, accountability and free speech. However, there should be a clear demarcation between public interest and public curiosity. A fair balancing process would ensure that interest groups on either side of the fence could have their say. The test also explicitly provides that the cause of action is actionable without proof of damage, which is important in the privacy context given that most actions will involve emotional and/or mental distress, as opposed to economic loss or physical damage.
This paper recommends not specifying the mental element. While the ALRC recommended that the cause of action only apply to intentional and reckless acts, the NSWLRC did not find it necessary to lay down an absolute rule,287 as the cause of action is not a tort and does not import a requirement for a particular mental element. By leaving mental element out of the equation, courts should still be able to effectively determine liability by applying the threshold test to the particular facts at hand. This way, accidental invasions of privacy may still be actionable under the statute, if they occur in the appropriate circumstances.