ALRC recommends tort for serious invasion of digital privacy

The Australian Law Reform Commission has recommended a tort be implemented for serious invasions of privacy in the digital world, but has stepped back from a safe harbour proposal for internet companies that host content deemed to invade a person's privacy.
Written by Josh Taylor, Contributor on

The Australian Law Reform Commission has recommended a new Commonwealth tort for a serious invasion of privacy, including the disclosing of a person's private information or images without their consent, or watching, listening or recording a person in their private space.

The recommendation came in the ALRC's Serious Invasions of Privacy In the Digital Era report (PDF) tabled in parliament today, following an inquiry launched in June last year by then-Attorney-General Mark Dreyfus.

Under the tort outlined in the recommendations of the final report, a person would need to prove their privacy was invaded through the disclosure of private information, or the invasion of their private space. The tort would only apply to intentional or reckless invasions of privacy.

Report author Professor Barbara McDonald told ZDNet that the tort would be as technology-neutral as possible.

"It's the activity or the actual interference that is wrongful, rather than how it is made," she said.

"However, in some cases the uses of technology will make it easier to show it was an intrusion because it is not something you could have done with your own sight and hearing."

McDonald said deliberate use of technology to capture a private image would then be seen as possible invasion of privacy.

There is also a public interest test recommended, to allow the court to decide whether the communication of private information was part of freedom of expression, freedom of media, open justice, or as part of national security. It is up to the defendant to prove that the release of the otherwise-private information was in the public interest.

McDonald said that the ALRC had considered making the tort so that plaintiffs would need to prove that privacy outweighed the public interest, but said that it ultimately decided that this might be too high a bar for plaintiffs to meet, and instead opted for defendants to prove that the publication of the private information was in the public interest.

There should be a cap on the damages allowed as a result of a finding of a serious invasion of privacy, under the recommendations, with the fee to work out to the sum of damages for non-economic loss, and exemplary damages. Courts may also order the destruction of the material involved in the privacy breach.

The report also recommends that there be new Commonwealth legislation governing the use of data surveillance, and tracking devices to replace existing state and territory laws, but states there should be a defence for responsible journalism.

One particular recommendation called for surveillance laws to be made consistent. In a recent incident in Victoria, a private conversation of former premier Ted Ballieu with a journalist was recorded allegedly without Ballieu's knowledge. The practice is legal in Victoria, but is illegal in New South Wales. McDonald said that the recommendations would seek to adopt New South Wales position, but provide an exemption for responsible journalism.

"We are recommending that the default position be that you need permission even if you are a party [to the conversation], however, we are suggesting there should be a broader range of defences, and it is in that context that perhaps we should consider a responsible journalism defence."

In March this year, the ALRC flagged that a tort should be developed, but said that internet intermediaries, such as social networking sites like Twitter or Facebook, or internet service providers, be offered safe harbour to be protected from liability for serious invasions of privacy by people who use their services.

But in the final report, these provisions were dropped, leaving the door open for the companies to be found liable if they don't move to remove the material.

"Internet intermediaries should not be liable under the tort for invasions of privacy committed by third parties using their services, where they have no knowledge of the invasion of privacy. Where they do have knowledge, there does not seem to be any justification to provide a complete exemption from liability. The ALRC therefore sees no need to recommend the enactment of a 'safe harbour' scheme, to protect internet intermediaries from liability under the tort."

McDonald said that until the final fault element was settled, the ALRC settle on a safe-harbour provision.

"Most safe harbours only operate if the intermediary doesn't have notice of what is going on. As soon as they have notice, they get held to their behaviour, so there isn't any need for a safe harbour exemption," she said.

"There still would always be a question of whether allowing something to stay up or continue being posted amounts to an invasion, but it wouldn't be too difficult once someone had knowledge of it, their failure to take steps might well be taken as an endorsement and a continuing publication."

If a social networking site, for example, has been given notice to remove the material but fails to do so, then the ALRC said, they could be found liable.

Editorial standards