Serious Invasions of Privacy in the Digital Era: ALRC’s New Report

In June 2013, then-Australian Federal Attorney-General Mark Dreyfus tasked the Australian Law
Reform Commission (ALRC) to draft recommendations on how legislation can be
tailored for the digital era and the serious invasions of privacy that seem to
now be a constant source for tabloid gossip.

This was no surprise. The increased use of Internet capable portable devices like
smartphones and tablets, the widespread use of cloud services to store private
data, companies’ use of geolocation to custom-tailor delivery of content based
on an internet user’s location, and, significantly, the United Kingdom’s
Leveson Inquiry into “the culture, practices and ethics of the [British] press”
had drawn global public attention to the relative ease in which privacy could
be invaded through technological means.

The ALRC’s final report has just been published. Entitled “Serious Invasions of
Privacy in the Digital Era,” the report contains recommendations for a new tort
for intentional and/or reckless invasions of an individual’s privacy. This is a
departure from the established Australian position made clear in the 1993
decision of Cruise v Southdown Press. In that case, Tom Cruise and his then
wife Nicole Kidman sought to stop publication of images of their newly adopted
child taken on board a boat in Sydney Harbour from a distance using a
telescopic camera. The Court found that this did not give rise to a cause of
action under Australian law, although the Court expressed sympathy for the
plaintiffs. Other Australian cases have also rejected a right of privacy. (A 2003
Queensland District Court case, Grosse v Purvis, which laid out rules for a
tort of privacy, does not seem to have been followed by any other court since.)

Commissioner in Charge Barbara McDonald has stressed that even though effort has been made
to make the tort impartial to technology (as it is the act that is considered
wrongful and not the means), the technological medium is important because its
use will decide whether an intrusion was made: invasion of privacy would not
have been possible if only using a person’s “own sight and hearing.”

The report also recommends conducting a public interest test, as this will give the
court means to weigh in on whether the collection of private data is covered by
freedom of expression, media, open justice, or a matter of national security.
The onus will be on the defendant to prove that the act was in the public
interest.

Originally, the commission wanted to design the tort in a way that plaintiffs are required
to prove that privacy is more important than public interest in their
situation, but concluded that this was too high a bar for plaintiffs to meet.

One of the parts of the report that stand out is the call to make all Australian
surveillance laws consistent, with the recommendation that permission be required
even if a person is party to the conversation. However, they also note that
there should be a broader range of defences, including “a responsible
journalism defence.”

Curiously, on one reading of the report, the report seems counter to the ALRC’s interim
public position, which is to offer safe harbour and protect internet
intermediaries (such as social networking sites and ISPs) from liability in
case people who use their services commit serious invasions of privacy. The
final report allows internet intermediaries to be found liable if they do not
make an effort to remove the material after being notified. This might be a
consequence of the Full Federal Court’s findings in Roadshow Films v iiNet
Limited (to do with copyright piracy and not privacy issues), and the push
towards internet service providers in Australia being compelled to act upon
piracy infringement warnings. A similar system could work for privacy
violations.

Wrays Industry Insights