Loading...

The Future of Personal Privacy Protection in NSW – What does it look like?

2017-02-17T17:12:34+00:00August 15th, 2016|

In March 2016 the NSW Legislative Council’s Standing Committee on Law and Justice (Committee) released a report titled ‘Remedies for the Serious Invasion of Privacy in New South Wales’ (Report), recommending the adoption of a statutory cause of action for serious invasions of privacy. This Report adds to the growing momentum for statutory action of this kind. We have summarised some of the main points of the Report below.

Current Laws are Inadequate

At present, the protection of individuals’ privacy is provided by a patchwork of legislative provisions and the equitable action of breach of confidence. Current legislative and common law protection falls short in a number of ways:

  • Much of the current legislation only applies to specific agencies and/or organisations, rather than applying generally. Notably the Privacy and Personal Information Protection Act 1998 (NSW), which aims to protect individuals from privacy breaches by NSW public sector agencies among others, does not apply to the NSW Police Force, unless it is operating in an educational or administrative capacity.
  • Current legislation is targeted at specific information or activities rather than focusing on the individual’s inherent right. The Privacy Act 1988 (Cth) focuses on data and prevents certain uses of ‘personal information’ by Government agencies and businesses with an annual turnover of over $3 million, but fails to address intrusions to personal privacy or the behaviour of individuals or entities under the threshold.
  • Existing criminal offences also do not comprehensively and reliably apply to the more recent technology-facilitated or assisted invasions of privacy such as ‘revenge porn’, the unauthorised distribution of intimate images of an individual.
  • There is a gap in the surveillance legislation framework in relation to video recordings. The framework is further complicated by the increased use of drones or unmanned aerial vehicle surveillance.
  • There is no common law tort in Australia designed to protect privacy. Gaps and inconsistencies in existing common law protections such as nuisance, trespass, defamation and breach of confidence fail to adequately address serious invasions of privacy.
  • On the Federal level and in some States, there is no bill of rights.

The current piecemeal approach to privacy leaves impermissibly large gaps in the protection of individuals. The lack of a single statutory cause of action commonly leads to individuals trying to protect their privacy under ill-suited legislative provisions, which do not satisfactorily address the wrongs perpetrated.

Other Jurisdictions

The Report canvasses the approaches taken by other jurisdictions.

  • United Kingdom – The UK has not enacted a statutory cause of action for serious invasions of privacy. However, enactment of the Human Rights Act 1998 (UK) means that courts are mandated to develop the common law in a way that gives equal effect to both Article 8 of the European Convention on Human Rights (the protection of private life) and Article 10 (the protection of freedom of speech). The courts have carved a distinct cause of action for ‘misuse of personal information’, effectively creating a common law right to privacy from the equitable doctrine of breach of confidence.
  • New Zealand – Similarly, developments through common law has seen the creation of a privacy tort, with protection extending to breaches of privacy that involve publicising private and personal information, and for intrusion upon seclusion.
  • Canada – Four Canadian Provinces have enacted statutory torts for the invasion of privacy, which the Report evaluates as having been successful. Notably this legislation saw the first successful prosecution of a ‘revenge porn’ case in Canada, with total damages of $141,708.03 awarded to a woman whose ex-boyfriend had posted a sex-tape of her online.

The Report points out the difference with NSW from these foreign examples. NSW has no human rights legislation and the common law has not developed to adequately protect privacy. However, NZ and Canada did not start with a human rights framework providing with an express right to privacy.

The Report Recommends Statutory Protection

The Report recommends the NSW Government base a statutory cause of action for serious invasions of privacy on the model presented in the Australia Law Reform Commission’s (ALRC’s) 2014 Report on ‘Serious Invasions of Privacy in the Digital Era’. The elements of the cause of action are:

  • Protection against conduct constituting an invasion of privacy by intrusion into seclusion (watching, listening to and recording another’s private actions) and misuse of private information.
  • An objective test where the plaintiff must prove that a person in their position would have a reasonable expectation of privacy in the circumstances and a Court must be satisfied that the public interest in privacy outweighs any countervailing interest.
  • The plaintiff show that the invasion was reckless or intentional. The Committee differed from the ALRC on the issue of negligence. The Committee recommended that corporate and government defendants also be liable for negligent conduct, as well as for intentional or reckless invasions of privacy. The Committee based this recommendation on big data breaches.
  • The invasion must be ‘serious’ to deter trivial actions. While the definition of ‘serious’ is not included, the Committee recommended that legislation provide specific guidance on the meaning of ‘serious’ which will be tested by case law.

The remedies available would include damages, injunctions, account of profits and other non-financial redress. However, the model does not require damages to be proven by the claimant to give rise to a claim.

The Committee recommends that the NSW Privacy Commissioner be given non-financial forms of redress including apologies, take down powers, and cease and desist order. The NSW Privacy Commissioner would also have power to refer any non-compliance to the NSW Civil and Administrative Tribunal. As an alternative route to the courts, the Committee also recommended conferral of jurisdiction on NCAT to hear claims.

The NSW Government is expected to respond by 5 September 2016.

If you have any questions on privacy issues, including serious invasion of privacy, contact us to speak to one of our privacy lawyers.