does Australia have a need for a statutory cause of action for breach of privacy?
IntroductionThe nature of privacy and the evolution of the public demand for protection of it are a relatively recent phenomenon. In a single generation, it is now possible for a person with no technical skills or knowledge to acquire miniaturised video surveillance equipment anonymously over the internet with only minor expenditure. The average Australian, who invariably owns a mobile phone, now has the capacity to covertly create video and voice recordings quite literally at the tips of their figures. The speed at which these technologies has progressed has left the law struggling to catch up.
In Australia, the current position regarding a person’s legal right to sue for breach of privacy is uncertain. Although some Australian courts appear to have recognised the existence of a common law cause of action for breach of privacy, it appears that such recognition is far from universal. There has been a recent push in favour of removing this uncertainty through pursuit of a statutory cause of action. The purpose of this essay is to resolve whether there is such a need.
Current law in AustraliaWhile the Privacy Act 1988 (Cth) does provide for relief in the event of breach of confidence , there is currently no legislative framework providing a statutory remedy for breach of privacy.
The Australian common law position is unclear. While there are some cases that appear to have recognised a common law right of action for invasion of privacy , other cases have stated that Australian Law does not recognise such an action.
The Australian Law Reform Commission cites the 1937 case of Victoria Park Racing & Recreation Grounds Co Ltd v Taylor as the major obstacle to the recognition in Australia of a common law right to privacy. The plaintiff in that case carried on a business of horse racing. The (first) defendant owned land near the racecourse and placed an elevated platform on his land from which the races could be viewed. On appeal to the High Court, Latham CJ stated:
I am unable to see that any right of the plaintiff has been violated or any wrong done to him. Any person is entitled to look over the plaintiff's fences and to see what goes on in the plaintiff's land. If the plaintiff desires to prevent this, the plaintiff can erect a higher fence…
The principle in Victoria Park Racing appeared to impose an obligation upon the person seeking to protect their privacy (or “spectacle” as it had been described by the plaintiff), from the prying eyes of one’s neighbours. The remedy to a breach of privacy in such a case appeared to rest with the plaintiff investing in better mechanisms of protection.
The 2001 case of Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd clearly refuted any view that Victoria Park Racing obstructed the recognition of a common law cause of action for breach of privacy. On appeal, the High Court rejected that a tort of invasion of privacy could be invoked by a corporation, however, the Court held by majority that Victoria Park Racing did not preclude the establishment of such a tort with respect to a natural person.
It seems that the first opportunity provided by the High Court’s holding in Lenah Game Meats was seized by the District Court of Queensland. In the case of Grosse v Purvis  Skoien SJ states:
It is a bold step to take, as it seems, the first step in this country to hold that there can be a civil action for damages based on the actionable right of an individual person to privacy. But I see it as a logical and desirable step. In my view there is such an actionable right .
In the case of (Jane) Doe v Australian Broadcasting Corporation, Hampel J traversed the cases named above before finding that an action could be recognised:
Accepting the force of the concerns expressed by the High Court, and despite the spirited attempts by senior counsel for the defendants to dissuade me from taking what he repeatedly described as a bold step, I have nonetheless come to the conclusion that this is an appropriate case to respond, although cautiously, to the invitation held out by the High Court in Lenah Game Meats and to hold that the invasion, or breach of privacy alleged here is an actionable wrong which gives rise to a right to recover damages according to the ordinary principles governing damages in tort.
For a cause of action to be sustained under the Australian model, the following are required to be proven by a plaintiff:
That the act was intentional (ie that it was a willed act by the defendant);
That the act intruded upon the plaintiff’s privacy;
That the intrusion was such that a reasonable person of ordinary sensibilities would consider it highly offensive; and
That the plaintiff suffered detriment .
Notably, and in contrast to some overseas jurisdictions, a cause of action for breach of privacy under the current common law model in Australia requires proof of damage. It is the author’s view that such a requirement is undesirable and renders the cause of action for breach of privacy inconsistent with both common law torts such as trespass, and statutory based torts such as defamation.
British modelThe legal frameworks of the European jurisdictions operate in the context of the European Convention on Human Rights. As such, and noting the lack of an Australian bill of rights , the European experience may not provide an example that is readily transferable to the Australian domestic context.
The significance of the European Convention on Human Rights lies in article 8 of that convention. Specifically, Article 8 provides:
Everyone has the right to respect for his private and family life, his home and his correspondence.
The British Courts have held the existence of a common law cause of action for breach of confidence, yet have rejected such a cause of action relating to invasion of privacy. The importance of such a distinction is that a cause of action will arise from the misuse of confidential information as opposed to the wrongful acquisition of it.
In order to establish a breach in the British model, a plaintiff is required to satisfy two elements . The first threshold test relates to the nature of the information itself. The plaintiff must prove that the information is entitled to be classified as confidential in nature . The second threshold test requires an unauthorised use of the information by the defendant, and to the detriment of the plaintiff.
Canadian modelIn four Canadian provinces , a statutory right to privacy has been enacted. The wording of the legislation can be described as largely analogous between the provinces.
The Saskatchewan Privacy Act 1978 provides:
Violation of privacy
2. It is a tort, actionable without proof of damage, for a person wilfully and without claim of right, to violate the privacy of another person.
The Privacy Act of Manitoba became effective in 2008 and therefore represents the most contemporary Canadian enactment on the subject matter. It provides:
Violation of privacy
2(1) A person who substantially, unreasonably, and without claim of right, violates the privacy of another person, commits a tort against that other person.
Action without proof of damage
2(2) An action for violation of privacy may be brought without proof of damage.
Importantly, all participating provinces in the Canadian model provide for a cause of action without any proof of damage. Courts are given specific statutory authority to award damages, grant an injunction, order the defendant to account for profits accrued by a violation, or grant any other relief that appears necessary under the circumstances. New Zealand model
The New Zealand model is based in common law and arises from the case of Hosking v Runting . Although rejecting the plaintiff’s case, the New Zealand Court of Appeal confirmed that a tort for invasion of privacy did exist and relied upon the plaintiff establishing two fundamental requirements :
The existence of facts in respect of which there is a reasonable expectation of privacy; and Publicity given to those private facts that would be considered highly offensive to an objective reasonable person.
The requirement for the breach to be considered “highly offensive to an objective reasonable person” mirrors the phrase adopted within the Gleeson CJ in the Australian case of Lenah Game Meats and has been criticised in some quarters as setting too high a threshold.
Interestingly, and in contrast to the Canadian approach, the New Zealand Court of Appeal expressed that injunctive relief would not ordinarily be granted, stating that the award of damages should be the primary remedy for a privacy breach. The author does not support such a restrictive view on available remedies with respect to the Australian model.
Common law or statute based?Within the Australian context, the question seems to revolve around whether recognition of a cause of action should be left for the common law to develop, or whether parliament should implement some form of regulatory regime. There are legitimate advantages to both options.
The primary difficulty with a common law approach is the slow pace at which the law might develop. Currently there are very few examples of cases where a judicial authority has been prepared to recognise and develop the cause of action. The uncertainty that this generates must surely be a disincentive to potential plaintiffs. The threat of an adverse costs order, at least in the short term, would appear to restrict actions to those with multiple causes of action (as was the case in Grosse v Purvis).
On the other hand, the unhurried, incremental development of the common law may provide some advantage. The flexibility inherent in the nature of the common law’s expansion and modification over time arguably allows for greater judicial discretion to develop law befitting of the times. It is the author’s view that such a contention, however, does not provide sufficient justification to rationalise maintaining a position against legislative reform.
The benefits of a statutory cause of action are significant. The legislative model provides a level of certainty that often evades the common law. It is more readily understood by business and laypersons. Variations and improvements upon the law, even if quite radical, can be enacted as quickly as parliament allows such amendment.
In its submission to the Australian Law Reform Commission, the Office of the Privacy Commissioner argued in favour of a statutory, as opposed to a common law, cause of action for breach of privacy. The submission mirrors the eventual position taken by the Australian Law Reform Commission and argues that, in recognition of the fact that the current status of the law provides for little recourse against invasions of privacy, statutory development would :
clearly establish that privacy is an important human right that warrants specific recognition and protection within the Australian community, and in a way that accords with the community expectations and understanding of the meaning of ‘privacy’. The Office [of the Privacy Commissioner] reiterates its view that a dedicated privacy based cause of action could serve to complement the already existing legislative based protections afforded to individuals and address some gaps that exist both in the common law and legislation
It is the author’s view, largely in agreement with the position adopted by the Australian Law Reform Commission, that a statutory based cause of action is more conducive to providing certainty and also allows for a more defined range of defences and remedies than would be available under the common law model, at least in the short to medium term. It would signal to the community that privacy is a right worthy of protection and in a manner consistent with the existing legislative structures dealing with privacy and access to information.
There is, finally, a risk that ought to be considered by those proposing to leave the matter in the hands of the common law. Noting the positions taken by various legal interest groups and the recommendations made to government, to do nothing may signal to the judiciary that Parliament has refused to act despite calls to do so. Such a signal may significantly slow the development of any common law cause of action.
DefencesWhen considering a statutory cause of action, analysis would be incomplete without contemplating the range of defences that might warrant inclusion in any potential legislation. The Australian Law Reform Commission recommends that the defences to any statutory based model should include that the :
act or conduct was incidental to the exercise of a lawful right of defence of person or property;
act or conduct was required or authorised by or under law;
disclosure of information of public interest; or
disclosure of the information was, under defamation law, privileged.
The author is of the view that the Canadian statutory model ought to be regarded as a sound basis for the development of Australian statutory defences. In the Privacy Act of British Columbia, for example, the statute provides for a wide range of sensible inclusions that is not entirely dissimilar from the defences provided by Australian defamation statutes:
(2) An act or conduct is not a violation of privacy if any of the following applies:
(a) it is consented to by some person entitled to consent;
(b) the act or conduct was incidental to the exercise of a lawful right of defence of person or property;
(c) the act or conduct was authorized or required under a law in force in British Columbia, by a court or by any process of a court;
(d) the act or conduct was that of
(i) a peace officer acting in the course of his or her duty to prevent, discover or investigate crime or to discover or apprehend the perpetrators of a crime, or (ii) a public officer engaged in an investigation in the course of his or her duty under a law in force in British Columbia,
and was neither disproportionate to the gravity of the crime or matter subject to investigation nor committed in the course of a trespass.
(3) A publication of a matter is not a violation of privacy if
(a) the matter published was of public interest or was fair comment on a matter of public interest, or
(b) the publication was privileged in accordance with the rules of law relating to defamation.
(4) Subsection (3) does not extend to any other act or conduct by which the matter published was obtained if that other act or conduct was itself a violation of privacy.
Although the Canadian model does not provide for a defence of self-defence as has been proposed by the Australian Law Reform Commission, it remains a helpful benchmark.
In addition to those matters raised above, it is the author’s view that any statutory cause of action, as a minimum, ought to include defences for consent, justification, absolute and qualified privilege and disclosure that is in the public interest. It should also be the case that the disclosure of private information that in all the circumstances is trivial should not attract liability.
Freedom of expressionPerhaps the greatest balancing act in protecting an individual’s right to privacy is the protection of freedom of expression which may be impinged by overzealous legislation. The NSW Law Reform Commission summarised the position as follows:
A particular argument in support of this position [that an action for invasion of privacy poses a threat to freedom of expression], is that, unlike the situation that tends to apply in human rights instruments where protection is afforded both to privacy and to freedom of expression, the provision of a statutory base for the protection of privacy alone would unfairly tilt the balance in favour of the interest in privacy at the expense of the interest in freedom of expression, which would not itself be protected by statute. The result would be that the individual interest in privacy would acquire a strength that would impede the free flow of information to the public on matters of public concern.
The potential for a dilution of freedom of expression is a genuine concern that warrants careful consideration. It is acknowledged that there are significant benefits that would result from the introduction of a statutory cause of action, but equally as important is the need to balance the public interest in protecting freedom of expression, freedom of the press and the free flow of information. The hazards to freedom of expression do not, and should not be made out to, define the debate as an ‘either/or’ proposition. While the author agrees with the need for caution in legislative drafting in order to consciously preserve existing freedoms of expression, any danger can be adequately mitigated by Parliament building sufficient protections into the legislation. Proposed Australian model
The author’s position is that any statutory model ought to create a liability in tort for a person who substantially, unreasonably, and without claim of right, violates the privacy of another person. As previously stated, the author’s view is that proof of damage should not be required. The liability should be designed to cover interference with privacy, unauthorised surveillance, the interference with personal correspondence and the unreasonable disclosure of a person’s private life.
The Australian Law Reform Commission’s proposal goes beyond that of the author and, in particular, suggests that a fault element should apply. The position suggested by the Commission is a requirement that the conduct of the respondent be intentional or reckless. The intention behind the inclusion of such an element is to preclude actions brought for negligent or accidental invasions of privacy. There is merit in such a position.
The NSW Law Reform Commission, in their 2009 paper, suggested the following draft Bill to provide a statutory cause of action:
Invasion of privacy actionable(1) An individual has a cause of action against a person under this Part if that person’s conduct invades the individual’s privacy.
(2) An individual’s privacy is invaded for the purposes of an action under this Part if the conduct of another person invaded the privacy that the individual was reasonably entitled to expect in all of the circumstances having regard to any relevant public interest (including the interest of the public in being informed about matters of public concern).
(3) Without limiting subsection (2), a court determining whether an individual’s privacy has been invaded by the conduct (the conduct concerned) of another person (the alleged wrongdoer) for the purposes of an action under this Part:
(a) must take into account the following matters:
(i) the nature of the subject matter that it is alleged should be private, (ii) the nature of the conduct concerned (including the extent to which a reasonable person of ordinary sensibilities would consider the conduct to be offensive), (iii) the relationship between the individual and the alleged wrongdoer, (iv) the extent to which the individual has a public profile, (v) the extent to which the individual is or was in a position of vulnerability, (vi) the conduct of the individual and of the alleged wrongdoer both before and after the conduct concerned (including any apology or offer to make amends made by the alleged wrongdoer), (vii) the effect of the conduct concerned on the health, welfare and emotional well-being of the individual, (viii) whether the conduct concerned contravened a provision of a statute of an Australian jurisdiction, and
(b) may take into account any other matter that the court considers relevant in the circumstances.
(4) Conduct does not invade an individual’s privacy for the purposes of an action under this Part if the individual, or another person having lawful authority to do so for the individual, expressly or impliedly consented to the conduct.
The NSW Law Reform Commission draft Bill is both sensible and comprehensive and is supported in principle by the author. Little would be achieved in suggesting trivial amendments of minor consequence, although the draft Bill does not, in the author’s view, sufficiently deal with negligence or accident . This matter should be properly addressed in any proposed legislation.
ConclusionThe current uncertainty regarding a person’s legal right to sue for breach of privacy in Australia is unsatisfactory. That some Australian courts appear to have recognised the existence of a common law cause of action for breach of privacy is insufficient to mitigate such uncertainty.
Although there are a number of valid concerns that require careful consideration in the drafting process, it is the author’s view that Australia should adopt a statutory cause of action for breach of privacy. A statutory regime has many benefits and is preferable to the common law model for a number of reasons, not least of which is the speed at which the legislation can be introduced in a complete form.
The submissions arguing against such a statutory regime on grounds of freedom of expression, made by media interests groups in particular, are valid but not insurmountable. The author’s position is that any statutory cause of action for breach of privacy should be balanced by an appropriate statutory protection of freedom of expression. Having resolved such issues, there appears to be little impediment to implementing the necessary legislative framework.
EndnotesSection 93(1) of the Privacy Act 1988 (Relief for breach etc. of certain obligations of confidence) states: “A confider may recover damages from a confidant in respect of a breach of an obligation of confidence with respect to personal information”.
See Grosse v Purvis (2003) Australian Torts Reports 81 – 706 and Doe v Australian Broadcasting Corporation  VCC 281
See Giller v Procopets  VSC 113 and (on appeal) Giller v Procopets  VSCA 236. In the first case, Gillard J found that “…the law has not developed to the point where the law in Australia recognises an action for breach of privacy” (at 188). Unhelpfully, on appeal, Neave JA left the matter unresolved by stating “Because I have already concluded that Ms Giller has a right to compensation on other grounds, it is unnecessary to say more about whether a tort of invasion of privacy should be recognised by Australian law.” (at para 452)
(1937) 58 CLR 479
ALRC Report 108, For Your Information – Australian Privacy Law and Practice para 74.61
(2001) 208 CLR 199
 QDC 151
Grosse v Purvis (2003) Australian Torts Reports 81 – 706 at para 442
 VCC 281
Ibid at para 157
In the form of mental, emotional, physiological harm or distress, or which prevented the plaintiff from doing an act which the plaintiff was lawfully entitled to do.
See the Canadian model for example
ACT and Victorian legislation notwithstanding.
As formulated in Coco v A N Clark (Engineers) Ltd  RPC 41
A further element may exist in some circumstances, requiring the plaintiff to establish that the confidential information was imparted in such circumstances as to give rise to an obligation or duty to treat the information in a confidential manner. Such proof would not be necessary if the nature of the information is such that the information is plainly confidential - per Douglas v Hello! Ltd  EWCA Civ 595, per Lord Phillips MR
Canada has a total of 10 provinces and three territories
Chapter P-24 of The Revised Statutes of Saskatchewan, 1978
Privacy Act C.C.S.M. c. P125
See s7 of the Privacy Act 1978, Chapter P-24 of The Revised Statutes of Saskatchewan, 1978 as an example
 1 NZLR 1
Ibid, at para 117
Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199
ALRC Report 108, For Your Information – Australian Privacy Law and Practice, para 74.85
Ibid, para 74.169
Privacy Act 1996 RSBS c373 (British Columbia)
New South Wales Law Reform Commission, Report 120: Invasion of Privacy (2009) para 3.3
ALRC Report 108, For Your Information – Australian Privacy Law and Practice para 74.164.
New South Wales Law Reform Commission, Report 120: Invasion of Privacy (2009) Appendix A; available at http://www.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.nsf/pages/LRC_r120appA
The draft Bill also does not raise negligence and accident as a defence.
BIBLIOGRAPHYAustralian Law Reform Commission, Report 108, For Your Information – Australian Privacy Law and Practice (2008)
Caldwell, J. Protecting Privacy Post Lenah: Should the Courts Establish a New Tort or Develop Breach of Confidence?  UNSWLawJl 4; (2003) 26(1) University of New South Wales Law Journal 90
Commonwealth of Australia, Department of the Prime Minister and Cabinet Issues Paper, A Commonwealth Statutory Cause of Action for Serious Invasion of Privacy, September 2011
Evans, K. Hosking v Runting: balancing rights in a privacy tort  Privacy Law and Policy Reporter 28
New South Wales Law Reform Commission, Report 120: Invasion of Privacy (2009)