A common law tort for invasion of privacy has not yet been developed in Australia.

The Office of the Australian Information Commissioner (Commissioner) and the current Australian Privacy Principles endeavour to regulate the use of personal customer information in commercial/business activities. The Commissioner has the powers to investigate a breach of privacy complaint put forward by an individual, however, the Commissioner’s powers are limited to making determinations and enforcing civil penalties. While the Principles endeavour to protect the interests of Australian residents, it has limited application; applying only to ‘APP entities’ – being Government agencies, private sector companies with a turnover of over AUD3million and certain other small businesses.

In addition, the Privacy Act 1988 (Cth) and certain other statutes put in place various measures to protect Australian residents from unauthorised disclosure of personal information held by health providers and telecommunication providers, surveillance and unauthorised photography and conduct amounting to harassment, stalking and defamation.

While the equitable action for breach of confidence provides a potential avenue of recourse to protect individuals from the unauthorised disclosure of confidential information, there is still some uncertainty in Australia as to its sufficiency to address all breach scenarios and the form and extent of remedy available.

The Australian Law Reform Commission in its report regarding the Serious Invasions of Privacy in the Digital Era[1] (ALRC Report), after an extensive examination of the current legal framework, concluded that there was a strong argument for addressing the uncertainty around the existing laws protecting individuals from serious incursions upon their privacy.

In particular, it noted that the current laws providing for affected individuals to obtain monetary compensation, including in respect of emotional distress, were not fully developed. The ALRC Report recommended that Australia introduce new torts of:

  • misuse of personal information; and
  • intrusion upon seclusion.

It proposes various thresholds to establish the breach of privacy as well as possible defences to such breaches.

Tort of ‘intrusion upon seclusion’

A class-action proceeding currently before the courts in Canada is likely to shed some light upon the tort of ‘intrusion upon seclusion’ as it operates in other common law countries. The case is Condon & Ors v Canada[2].

In late 2012, a hard drive that stored the personal information of over 583,000 Canadian Student Loan borrowers (including finance and credit information) was lost. As a result, a class action was brought by students affected by the lost hard drive as against Canada for the alleged recklessness of its employees. This is the first statement of claim in the Federal Court that expressly pleads the tort of ‘intrusion upon seclusion’[3].

The tort of ‘intrusion upon seclusion’ is a privacy tort concerning an intrusion by a person into the private affairs/concerns of another person that would be highly offensive to a reasonable person.

The tort was first recognised by the Ontario Court of Appeal in 2012 in the judgment in Jones v Tsige [4] which was an action brought by the plaintiff against a bank employee for the unauthorised access and review of the plaintiff’s financial information, which the employee did for personal reasons.

The Court held that the current privacy legislation in Ontario, being the Personal Information Protection and Electronic Documents Act (the Act) did not provide sufficient recourse for the plaintiff as it only governed the collection and disclosure of personal information during commercial activities. Therefore, the Act would have applied had the plaintiff sued the bank involved, as opposed to bringing a direction action against the bank employee.

As the Act does not govern breach of privacy laws by individuals during the course of non-commercial activities, the Court held that the Act was not exhaustive and the plaintiff was entitled to assert a common law claim for the tort of ‘intrusion upon seclusion’.

This new Canadian tort, as recognised in the Jones v Tsige case, appears to resemble the US tort of the same name which has been expressly cited in US cases and is defined under section 652B of the US Restatement of the Law Second, Torts as:

One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.

Given the lack of clarity in current Australian laws as to the extent to which individuals have an available cause of action which would permit them obtain monetary compensation, including in respect of emotional distress, there is a risk that Australian rights may be falling dangerously behind those available in other jurisdictions.

The introduction of a tort of ‘intrusion upon seclusion’ is one recommendation which has been made by the ALRC in its 2014 report to address this deficiency. The other alternative is to allow the further judicial development of the common law to recognise such torts[5].

Those looking forward to how such a tort may operate in practice will keep a close eye on this current class action as it advances though the Canadian court system.

For a copy of the ALRC Report, click here.

For a copy of the ALRC Report Summary, click here.