Page | 1

Jessie Porteus
Submission to the Department of Prime Minister and Cabinet 2 November 2011
The time is ripe for a statutory cause of action for invasions of privacy in Australia

The recent News of the World phone-hacking scandal has brought into sharp focus a number of questions surrounding the scope and parameters of privacy rights for individuals in Australia and around the world. With the Gillard government announcing its intention to create a federal statutory action for serious invasions of privacy, this area of law now necessitates comprehensive analysis and review. This dissertation argues that the fragmented state of Australian law does not currently provide sufficient or direct protection ofprivacy. It surveys the gaps in privacy law previously canvassed in the 2008 Australian Law Reform Commission Report ‘For Your Information’ and the 2009 New South Wales Law Reform Commission Report ‘Invasion of Privacy’, and evaluates the proposed reforms in light of recent developments. This dissertation examines the reluctance of the common law and the inadequacy of equity to stitch up the unravelling fabric of the current privacy framework, and draws upon both domestic Commission Reports and best-practice approaches in overseas jurisdictions to propose a statutory cause of action which aims to strike a balance between the right to privacy in a technology and media-driven world, and the fundamental right to freedom of speech.

TABLE OF CONTENTS

TABLE OF CONTENTS...... 2

INTRODUCTION...... 4

  1. THE NEED FOR PRIVACY...... 7
  2. Definitional Difficulties...... 7
  3. The Ripening of the Fruit...... 13
  4. The [Anti] Social Network...... 15
  5. News of the World and the Phone-Hacking Scandal...... 21
  6. The Need for Privacy...... 23
  1. THE CURRENT PRIVACY LAW FRAMEWORK: AUSTRALIAN AND OVERSEAS APPROACHES...... 25
  2. The Missing Cause of Action...... 25
  3. Tort: A Negligent Approach?...... 27
  4. The Case of New Zealand…………………………………………………………...………27
  5. The Case of The United States………………………………………………………………28
  6. A Privacy Tort in Australia?……………………………………………………………….29
  7. Equity: The New Fusion Fallacy?...... 30
  8. The Case of the United Kingdom…………………………………………………………...30
  9. Extending breach of confidence in Australia?……………………………………………31
  10. A Statutory Solution...... 34
  11. The Case of North America……………………………………………………………....…34
  12. A Statutory Approach in Australia…………………………………………………………36
  1. PREVIOUS ATTEMPTS AT REFORM…...... 37
  2. The Australian Law Reform Commission Report...... 38
  3. The New South Wales Law Reform Commission Report...... 42
  4. The Australian Government’s Response...... 46
  1. REFORM PROPOSALS: THE INVASION OF PRIVACY ACT 2011 (CTH)...... 48
  2. New Federal Statute...... 49
  3. Objects Clause...... 49
  4. Definition...... 52
  5. Entitlement...... 54
  6. General Cause of Action...... 55
  7. Threshold……………………………………………………………………………………...55
  8. Test……………………………………………………………………………………………..56
  9. Mental Element……………………………………………………………………………….59
  10. Factors to be Taken into Account………………………………………………………..…60
  11. Consent………………………………………………………………………………………...61
  12. Limitation Period……………………………………………………………………………..63
  13. Defences...... 64
  14. Remedies...... 66
  15. Education Campaign...... 67
  16. A Familiar Inertia...... 70
  17. Future Application of the New Framework...... 71

CONCLUSION...... 73

APPENDIX...... 75Table 1: Current Legal Protection of Privacy...... 75

Table 2: Elements, Defences and Remedies in Overseas Privacy Statutes...... 81

Table 3: Comparison of Recommendations for a Statutory Cause of Action in Australia...... 86

BIBLIOGRAPHY...... 93

INTRODUCTION

I do not pretend that it is easy to safeguard privacy in the current age. But surrendering the endeavour as just too difficult to achieve is not an option.[1]

Most Australians are under the mistaken belief that they have a right to privacy.[2] At the same time, Australians are increasingly willing to disclose private feelings, information and photographs everyday on social networking websites and through other technological media such as smart phones. Public knowledge about the realm of privacy protection is lessening, yet, and somewhat paradoxically, Australians are lamenting the erosion of their privacy rights as the ‘inevitable result of technological advance’,[3] and are outraged by the recent scandal surrounding widespread media phone-hacking.

The fabric of the privacy law framework is unravelling. The recent unveiling of surreptitious behaviour by News of the World and other media organisations overseas has pulled the last remaining thread, and has called into question the currently fragmented and ad-hoc approach to protecting the various notions of personal privacy in Australia.

Darwin’s theory of evolution states that life’s forms evolve as Mother Nature’s forces respond to new pressures exerted by changes in the environment. ‘The more dramatic the change, the greater the pressure, the faster the evolution.’[4] The law develops in much the same way, as an organic and ever-changing life-form, responding to social, political and economic changes around it.

A new wave of privacy regulation is now in an embryonic[5] stage as a result of recent developments. In 2011, there is an overwhelming need to change the currently defective privacy framework, and to strike a flexible and common-sense balance[6] between the privacy interests of individuals and public concerns such as freedom of speech, national security and freedom of information.

The purpose of this paper is to fill a gap in the academic literature by responding directly to the recent phone-hacking scandal and other contemporary challenges to privacy by offering a new legislative proposal. In formulating the proposal, this paper addresses the need for general privacy protection in Australian law, given the current socio-economic climate, advancements in technology, the domination of social networking in the everyday lives of Australians, and the clandestine behaviour by major media organisations, brought to the widespread attention of the public particularly over the last twelve months. This paper draws upon the 2008 Australian Law Reform Commission Report For Your Information and the 2009 New South Wales Law Reform Commission Report Invasion of Privacy, and statutory causes of action operating in Canadaand other jurisdictions, which provide sound statutory models upon which the proposed legislation is based.

This paper firstly considers why the issue of privacy should pervade current legal and academic thinking. Chapter One evaluates the contemporary arguments as to why Australia requires privacy protection and how modern threats to private life provide the impetus for legal reform in 2011. The Chapter pays particular attention to the explosion of social networking, the free flow of information, and the News of the World phone-hacking scandal.

Secondly, the paper surveys the currently fragmented state of privacy law in Australia. Chapter Two examines the fact that privacy is only incidentally protected under Australian law. There is no general law protecting privacy. The chapter then evaluates the different legal methods of privacy protection utilised in overseas jurisdictions such as New Zealand, United Kingdom, Canada and the United States, and applies each approach to the Australian legal landscape. By demonstrating the reluctance of the common law and the inadequacies of equity to protect privacy, the chapter concludes that privacy is best protected through statute.

Thirdly, this paper reviews existing academic and legal literature on privacy law reform. Chapter Threeassesses and compares the previous models of reform put forward by the Australian and New South Wales Law Reform Commissions in 2008 and 2009. The chapter considers those recommendations in light of recent developments in order to plug the gap in privacy laws and literature in 2011.

Finally, this paper will explain how to address the problems and gaps in privacy protection canvassed in the previous chapters by proposing a new model for reform. Chapter Four recommends new federal legislation that creates a statutory cause of action for invasions of privacy. The proposed legislation draws upon the value of individual autonomy, the need for national consistency and the delicate balancing process between individual privacy interests and the public interest in freedom of expression. The chapter also recommends a comprehensive education campaign aimed at improving social norms and expectations relating to privacy.

This paper will illustrate that there is urgent need for Australia to build a new privacy framework that adapts to contemporary concerns and values. The time is ripe for statutory protection of privacy.
1. THE NEED FOR PRIVACY

In our overexposed world, is anything private anymore? Currently, the law recognises as private only information that is completely secret. Information exposed to others is public. Privacy, however, is far more complicated, as it involves a cluster of nuanced expectations of accessibility, confidentiality and control. If we are to protect privacy today, we need to rethink our understandings of privacy.[7]

1.1. Definitional Difficulties

In order to understand why protection of privacy is needed in Australia and how it should be protected, the intricacies and complexities within the meaning of privacy should first be acknowledged.

‘Privacy seems to encompass everything, and therefore it appears to be nothing in itself.’[8] While privacy law authors may disagree on the scope and parameters of privacy protection and how it should be reformed, the one thing they can agree on is that there is no satisfactory definition of privacy. Rhetoric such as: ‘[n]obody knows what that thing means. But you have to define it; you have to define it. And the Court has not given it definition’,[9] has played a somewhat critical part in the Australian Government’s failure to develop a coherent and uniform system of privacy laws.[10] This essential first step has also been avoided by the Law Reform Commissions in the past, defining privacy as something that should ‘speak for itself’.[11]

Some authors have attempted to define privacy’s parameters, despite the commonly-held belief that privacy is ‘beyond the scope of the law’.[12] In 1979, the Australian Law Reform Commission described privacy as ‘material which so closely pertains to a person’s innermost thoughts, actions and relationships that he [or she] may legitimately claim the prerogative of deciding whether, with whom and under what circumstances he [or she] will share it’.[13] Westin defined privacy as ‘the claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others.’[14] Cooley simply described it as the ‘right to be let alone’.[15]

The judicial definition proposed by Gleeson CJ in Lenah also appears to be widely accepted, even finding endorsement by the Irish Working Group on Privacy:[16]

Certain kinds of information about a person, such as information relating to health, personal relationships or finances, may be easy to identify as private; as may certain kinds of activity, which a reasonable person applying contemporary standards of morals and behaviour, would understand to be meant to be unobserved. The requirement that disclosure or observation of information or conduct would be highly offensive to a reasonable person of ordinary sensibilities is in many circumstances a useful practical test of what is private.[17]

The legal definition of privacy however remains elusive,[18] particularly as social norms change. The concept is ambiguous on at least three levels – status, features and coherence.[19]

Firstly, the status and value of privacy is uncertain. Privacy is not a recognised right in Australia. Indeed, Australia has international obligations to protect people’s privacy. Article 12 of the Universal Declaration of Human Rights 1948 and Article 17 of the International Covenant on Civil and Political Rights [‘ICCPR’] both provide that ‘no one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.’[20]

Despite ratifying the ICCPR on 13 August 1980, Australia’s domestic approach follows a traditional trend of reticence towards rights.[21] In 1988, the Office of the United Nations High Commissioner for Human Rights announced that Article 17 was to apply to states, natural persons and legal persons, and that ‘all member states are required to adopt legislative and other measures to give effect to the prohibition against such interferences and attacks as well as to the protection of this right’.[22] The Australian government passed the Privacy Act 1988 (Cth) as a way to implement the ICCPR obligations. However, the Act only relates to information privacy and therefore only partially implements Article 17. Furthermore, Australia does not have a Bill of Rights (although ACT[23] and Victoria[24] have rights legislation), which is another possible method of implementing Article 17 and other rights. As a result, privacy is not a wholly-recognised right in Australia.

Secondly, the features of privacy are unformulated. In 1890, American writers Warren and Brandeis argued that there should be a general right to privacy in the United States.[25] This spawned the development of four types of privacy invasion, which were authoritatively stated by Prosser in 1960 as intrusion upon seclusion, public disclosure of embarrassing private facts, appropriation of the plaintiff’s name and likeness, and publicity which puts the plaintiff in false light.[26] However, Prosser’s features of privacy do not wholly represent all of the types of privacy interests valued by individuals, nor do they reveal the only ways in which privacy can be invaded. Wacks argues that by addressing the issue of privacy in terms of personal information only, the definitional strait-jacket is removed, resulting in a ‘less artificial and more effective legal resolution’.[27] However, restricting the concept to information privacy limits the boundaries of the concept. What about some less traditional features of privacy such as sexual orientation, gender identity or a woman’s decision to use contraceptives or abort a foetus?[28] On the one hand it would be impractical to list every conceivable invasion of privacy. On the other hand, there is merit in arguing that privacy must have value to be effective. The worth and features of privacy must therefore derive from social values and norms. The definition is heavily reliant on context.

Demarcating between what is private and what is public is also an indeterminate exercise. ‘A strict public/private divide is unsustainable - or at least is a very blurred ideal. Not only is the boundary between public and private constantly shifting but it is inherently political.’[29] A broad interpretation of the meaning of private life is expounded in Von Hannover v Germany [2004] ECHR 294, which held that any publication of an unauthorised photograph taken of a particular person engaged in everyday activities outside their public duty will constitute a violation of the right to privacy under Article 8 of the European Convention on Human Rights [‘ECHR’].[30] In Murray v Big Pictures (UK) Ltd [2008] EWCA Civ 446, the Court held that the 19-month old son of the writer of the Harry Potter books, JK Rowling, had an action for invasion of privacy as a result of a photograph being taken of the family walking down a public street. The Court reasoned that Big Pictures UK Ltd would not have taken the photograph if he was the child of ordinary parents.[31] Drawing a line between public and private spheres is therefore a highly context-dependent exercise. An activity is not private simply because it is not done in public, and at the same time, an activity does not lose its private nature simply because it occurs in a public place.[32]

Furthermore, in the modern world of technology and social networking, it may not be possible to enforce a binary view of public versus private spheres. Rather, a more nuanced view may need to be adopted, given the ease in which something that takes place in public can be made permanent and widespread simply by uploading a photo to the internet or sending photos via mobile phone technology, by members of the public or the members of what has become known as the ‘citizen media’.[33] Other modern developments also highlight the blurring of the private and public spheres and the increased intrusion upon individual privacy, such as full body scanners at airports, identification-card scanners and facial recognition at nightclubs, smart cards, telemarketing, debt recovery, anti-terrorism checks, Google Earth and WikiLeaks. How can we deal with an increasingly invasive and globalised world where nothing is sacred anymore? A flexible definition of privacy will allow the law to adapt to these invasions.

Thirdly, protection of privacy is incoherent. The Australian legal system only protects privacy indirectly through protecting some of the values underpinning it, such as property rights, human dignity and reputation. This parasitic[34] approach means that the current framework fails to achieve direct and effective legal privacy protection. These difficulties are further ‘exacerbated when a precise definition of the term is sought for legal purposes’.[35] Ultimately, the concept currently does not have a consistent core[36] capable of providing hard and fast answers to what is private and what is not. This is further illustrated in Chapter Two of this paper.

What makes the meaning of privacy even more difficult to characterise is the fluidity of the concept. The concept changes according to generational norms, particularly in relation to the dissemination of personal information:

It does appear that young people are more comfortable than their parents, and certainly their grandparents, in sharing personal information, photos and other material on social networking websites. The question is whether this represents the beginnings of an enduring cultural shift, or simply the eternal recklessness of youth, played out in a new medium and utilising new technology. Put another way, will today’s teenagers be horrified in a decade’s time when prospective employers—and prospective partners and in-laws—can easily ‘google up’ intimate and potentially embarrassing images and information?[37]

There exist immense difficulties for lawmakers and academic writers in arriving at a definition of privacy. However, the common element that unites the literature is that privacy’s meaning is contextually-relative. The following discussion identifies the current legal and social context that should inform the meaning of privacy, which demonstrates why it is necessary to give legal recognition to privacy interests in Australia.

1.2.The Ripening of the Fruit

Privacy is a key policy issue facing our legal system.[38] There is an overwhelming need for protection of personal privacy. The exigencies of modern day living, our media-driven society, the connectedness resulting from the forces of globalisation and the advent of social networking have coalesced to create a world where there appears to be only one domain – the public domain. The News of the World phone-hacking scandal should represent the last remaining sensationalist disclosure[39] to spark the privacy debate in Australia. It is time to reform the law.

A decade has elapsed since Justice Callinan advocated for change to the privacy law framework in the landmark case of Australian Broadcasting Commission v Lenah Game Meats (2001) 208 CLR 199 [‘Lenah’]: