Lawthentic Loop

Stay updated, stay in the loop

Lawthentic Loop

Stay updated, stay in the loop

That means enterprises could be liable for damages as compensation for invasions of privacy.

Privacy and data protection: A statutory tort for invasions of privacy?

Author: Katie Akpinar, Principal Lawyer

15 February 2022

That means enterprises could be liable for damages as compensation for invasions of privacy.

As part of its commitment to supporting the digital economy and protecting consumers, the Privacy Act 1988 (Cth) is under review. This process aims to ensure robust privacy and data protection exist and are agile enough to respond to privacy issues emerging in the digital economy.

In October 2021, the Privacy Act Review Discussion Paper (“Discussion Paper”) was released, calling for submissions on various privacy recommendations.

One recommendation is a statutory tort of privacy

That means enterprises could be liable for damages as compensation for invasions of privacy.

Responses on a statutory tort for privacy ranged from:

  • Submissions in support by individuals, academics, experts, privacy regulators and not-for-profits.
  • Submissions from media interests and business stakeholders rejecting the tort arguing existing frameworks are adequate.
  • Submissions advocating a tort established through the common law. Dr Jelena Gligorijevic, Lecturer at the Australian National University offered a robust submission on the desirability of a common law tort.

Full support for a statutory tort for privacy

Submissions in favour saw the tort as a remedy for existing shortfalls in the regulatory regime because:

  • Federal, state and territory legislation are inconsistent
  • Existing actions do not allow for the invasion of privacy as a standalone interest
  • Compensation for emotional suffering is not available within current legislation
  • Australian common law appears reluctant to create the cause of action

Deakin University supported a statutory tort, calling for a broad right to compensation for those who’ve lost control of their private information, regardless of whether they’ve claimed financial loss or distress. The Deakin submission advocated a shift to EU General Data Protection Regulation (GDPR) style data harmonisation in Australia too.

The Office of the Australian Information Commissioner (OAIC) supported the introduction of a single, comprehensive, no-fault tort. The tort proposed by the OAIC is much broader than the tort recommended by the Australian Law Reform Commission  (ALRC 123) and supported as an option in the Discussion Paper.

No statutory tort for privacy

Submissions disagreeing with a tort insisted the existing regulatory framework is sufficient:

  • Laws already cover confidentiality, defamation, and protection in the Online Safety Framework
  • A statutory tort will affect the media and free flow of information
  • The already sluggish legal system will be affected by more litigation

Common law tort for privacy

In her submission, Dr Gligorijevic supported introducing a statutory tort only if Australian courts continue their failure to respond to existing High Court precedent acknowledging its availability.

Dr Gligorijevic argued the nuance and complexity of privacy issues means a tort at common law can respond with the flexibility and agility afforded by precedent. Digital technology is emerging at such an explosive pace a statutory tort may fail to capture unforeseeable breaches.

The submission argued the existing High Court decision in Australian Broadcasting Corporation v Lenah Game Meats (Lenah) provides ample scope for the creation of a tort, along with the High Court’s later reaffirmation for a tort for privacy in Smethurst v Commissioner of Police,

Appellate courts in subsequent privacy cases have interpreted the rulings restrictively, and should it continue, statutory intervention is necessary as privacy is now a normative human right.

In her comprehensive article on Lenah, Dr Gligorijevic examined the current common law position in Australia and the potential for a tort of privacy at common law. It confirms her view that a common law tort is available.

Where to from here?

Submissions for the Discussion Paper closed in January 2022. Given the support for a statutory tort, the Discussion Paper anticipates considering four options.

Option 1: A statutory tort

Introducing the statutory tort detailed in the Australian Law Reform Commission Report 123 (ALRC 123).

The ALRC 123 statutory tort has two different privacy breaches:

  • Intrusion upon seclusion, such as physically intruding into a plaintiff’s private space, recording or listening, for example, or
  • Misuse of private information, such as collecting and disclosing private information

The plaintiff needs to prove:

  • There is no public interest more compelling than the public interest in privacy (for example, national security, freedom of the press, public health and safety)
  • The breach of privacy satisfied a seriousness threshold
  • They had a reasonable expectation of privacy in all circumstances.

Option 2: A minimalist statutory tort

A less prescriptive model is a minimalist statutory tort where legislation recognises the cause of action, allowing the courts to develop the scope and application of the tort, providing remedies in appropriate cases.

Option 3: Extending the Privacy Act to individuals

Broaden the Privacy Act to recognise the harm caused by the misuse of information by individuals, usually on the internet where it’s shared widely. This proposal would be a narrower cause of action than a statutory tort because it would apply only to people in non-business capacities and only to the mishandling of personal information.

There would be no statutory tort, and the common law could continue to develop.

Option 4: Make damages for emotional distress available for breach of contract

Or, the Australian states to legislate to make damages available for emotional distress in equitable actions for breach of confidence. There is uncertainty at common law about damages and this would provide some protection against the misuse of private information.

There are interesting times ahead. We are following the review closely and will update you as always. In the meantime, don’t hesitate to get in touch with the Lawthentic team.

About Lawthentic | Commercial Lawyers

Based in Sydney, Lawthentic provides high-level, specialist, commercial and corporate legal advice to business Australia-wide and across APAC. We deliver progressive end-to-end commercial law services that address the full spectrum of legal issues a business may encounter, driving “Real Progress for Enterprise”. Our legal services cover all areas of Commercial law, Corporate law, Intellectual Property law, Data and Technology law, Regulatory Compliance, and Dispute Resolution. We work with medium to large corporate businesses looking for friendlier and more cost-efficient legal services without compromising on expertise. We provide in-house, face-to-face, or remote support from our offices in Sydney.

About the Author

Katie Akpinar, Principal Lawyer

Katie is a Principal Lawyer and Founder at Lawthentic. She is an accomplished commercial and corporate lawyer with considerable experience working with organisations in Australia and across the Asia Pacific region. Katie has a simple philosophy, to consistently apply a commercial approach in delivering practical, considered, and specialist legal guidance. Combining her top-tier law firm experience with corporate acumen and a wealth of industry insight, she provides strategic solutions, whilst playing a meaningful role in her clients’ mission and purpose, helping business to do business. Read more about Katie >

Get in touch