ALRC recommends tort for serious invasion of digital privacy

ALRC recommends tort for serious invasion of digital privacy

Summary: The Australian Law Reform Commission has recommended a tort be implemented for serious invasions of privacy in the digital world, but has stepped back from a safe harbour proposal for internet companies that host content deemed to invade a person's privacy.

SHARE:

The Australian Law Reform Commission has recommended a new Commonwealth tort for a serious invasion of privacy, including the disclosing of a person's private information or images without their consent, or watching, listening or recording a person in their private space.

The recommendation came in the ALRC's Serious Invasions of Privacy In the Digital Era report (PDF) tabled in parliament today, following an inquiry launched in June last year by then-Attorney-General Mark Dreyfus.

Under the tort outlined in the recommendations of the final report, a person would need to prove their privacy was invaded through the disclosure of private information, or the invasion of their private space. The tort would only apply to intentional or reckless invasions of privacy.

Report author Professor Barbara McDonald told ZDNet that the tort would be as technology-neutral as possible.

"It's the activity or the actual interference that is wrongful, rather than how it is made," she said.

"However, in some cases the uses of technology will make it easier to show it was an intrusion because it is not something you could have done with your own sight and hearing."

McDonald said deliberate use of technology to capture a private image would then be seen as possible invasion of privacy.

There is also a public interest test recommended, to allow the court to decide whether the communication of private information was part of freedom of expression, freedom of media, open justice, or as part of national security. It is up to the defendant to prove that the release of the otherwise-private information was in the public interest.

McDonald said that the ALRC had considered making the tort so that plaintiffs would need to prove that privacy outweighed the public interest, but said that it ultimately decided that this might be too high a bar for plaintiffs to meet, and instead opted for defendants to prove that the publication of the private information was in the public interest.

There should be a cap on the damages allowed as a result of a finding of a serious invasion of privacy, under the recommendations, with the fee to work out to the sum of damages for non-economic loss, and exemplary damages. Courts may also order the destruction of the material involved in the privacy breach.

The report also recommends that there be new Commonwealth legislation governing the use of data surveillance, and tracking devices to replace existing state and territory laws, but states there should be a defence for responsible journalism.

One particular recommendation called for surveillance laws to be made consistent. In a recent incident in Victoria, a private conversation of former premier Ted Ballieu with a journalist was recorded allegedly without Ballieu's knowledge. The practice is legal in Victoria, but is illegal in New South Wales. McDonald said that the recommendations would seek to adopt New South Wales position, but provide an exemption for responsible journalism.

"We are recommending that the default position be that you need permission even if you are a party [to the conversation], however, we are suggesting there should be a broader range of defences, and it is in that context that perhaps we should consider a responsible journalism defence."

In March this year, the ALRC flagged that a tort should be developed, but said that internet intermediaries, such as social networking sites like Twitter or Facebook, or internet service providers, be offered safe harbour to be protected from liability for serious invasions of privacy by people who use their services.

But in the final report, these provisions were dropped, leaving the door open for the companies to be found liable if they don't move to remove the material.

"Internet intermediaries should not be liable under the tort for invasions of privacy committed by third parties using their services, where they have no knowledge of the invasion of privacy. Where they do have knowledge, there does not seem to be any justification to provide a complete exemption from liability. The ALRC therefore sees no need to recommend the enactment of a 'safe harbour' scheme, to protect internet intermediaries from liability under the tort."

McDonald said that until the final fault element was settled, the ALRC settle on a safe-harbour provision.

"Most safe harbours only operate if the intermediary doesn't have notice of what is going on. As soon as they have notice, they get held to their behaviour, so there isn't any need for a safe harbour exemption," she said.

"There still would always be a question of whether allowing something to stay up or continue being posted amounts to an invasion, but it wouldn't be too difficult once someone had knowledge of it, their failure to take steps might well be taken as an endorsement and a continuing publication."

If a social networking site, for example, has been given notice to remove the material but fails to do so, then the ALRC said, they could be found liable.

Topics: Privacy, Government, Government AU, Australia

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • How about the little guys?

    Will this allow employees who have had their employers breech their privacy in the name of 'social media policy' - i.e. - profiles that are completely private having private conversations printed off and handed to third parties who cannot in any way shape or form access the information on that profile, nor can anyone else?

    McDonalds would be in a world of shit if it did.....
    Noneofyourdamnbusinesss
  • What a stupid idea

    Moving to a NSW version of 'two party consent' for recording conversations is a retrograde failure of logic. A journalism exception for information 'in the public interest' demonstrates that at least they understand that it is entirely feasible that there will be times that the recording of a private conversation without the knowledge and consent of one of the parties can be valuable, reasonable and provide information or context that is not otherwise available. If that's the case, precisely the same protection should apply to individuals - not only can such recordings assist them legally, they may have application in the public interest if disseminated, such as a conversation with representatives of large corporations whose statements have ramifications for millions of Australians. People won't blow the whistle if they could face criminal prosecution for invasion of 'privacy', so changing the entire country's laws to reflect the minority position of NSW is an unreasonable path to reducing the rights and protections of individuals in the name of protecting individual 'privacy', when in reality a conversation between two parties should be viewed as the right to be recorded by either party.

    For example, when you speak to the customer service desk of most large organisations and government departments, you implicitly agree to them recording the conversation simply by continuing with the call. The only way to assert your equal right to record the conversation from your side is if you explicitly state to the corporate representative that you will be recording the conversation and gain their consent.
    TrevorX