The average internet user will click “I agree” to countless Privacy Policies (or 1,462 in a year, if you believe this research) without a second thought. Yet, as we forge further into the ever evolving digital age, more and more personal data is being shared by an increasing number of internet users (Facebook counted 1.23 billion users last month), without them (us?) necessarily understanding the ways in which the entities receiving their personal data can use it. And so, the question naturally arises as to whether it is for our lawmakers to step in and create laws to prevent any potential abuses afforded by such information sharing.
The ALRC is endeavouring to address these types of concerns with its current Inquiry into “Serious Invasions of Privacy in the Digital Era”. Commenced at the request of the Attorney-General in June 2013, this Inquiry aims to determine the scope of a potential statutory cause of action for serious breaches of privacy.
As the lawyers amongst us might remember from their law school days, back in the 1930s, in a case which examined the legality of broadcasting from a raised platform on a racecourse’s neighbouring property (see? we told you’d remember this one!) the High Court ruled there was no common law right to privacy in Australia (which is directly opposite to the position in the United States, where the common law tort of ‘invasion of privacy’ allows individuals to bring common law claims against parties who unlawfully intrude into their private affairs, disclose their private information, publicize them in a false light or appropriate their name for personal gain). However, rapid technological growth, the expansion of social networking and the invention of cloud computing has ensured privacy issues have not ceased to preoccupy policymakers across Australian jurisdictions for the past decades.
The ALRC’s latest inquiry follows four previous inquiries conducted across Australia into privacy laws (found here: 2008, 2009, 2010, 2011), three of which recommended the enactment of a statutory cause of action to remedy serious privacy breaches. These inquiries have been met with a variety of submissions, providing a useful resource for the ALRC when deciding what issues need further consideration. However, all have failed to result in any legislative reform (for a fun summary of Australia’s history of battling with Privacy laws, see this article http://journlaw.com/2013/10/05/privacy-in-australia-a-timeline-from-colonial-capers-to-racecourse-snooping-possum-perving-and-delving-drones/).
The Scope of the Inquiry
The ALRC aims to produce recommendations which balance the value of privacy with other fundamental values, including freedom of expression and open justice. The Inquiry calls for recommendations from the public to provide answers to a variety of questions, including whether a statutory cause of action should be enacted, possible defences to that statutory cause of action, exemptions and appropriate remedial relief.
Submissions closed on 11 November 2013. The ALRC received submissions from a wide array of interested parties, including major players in the telecommunications industry Telstra and Optus, information giant Google, Facebook, media stakeholder Newscorp Australia, online shopping powerhouses eBay and PayPal and civil rights representative bodies such as the Queensland Council for Civil Liberties.
In the submissions received, many parties expressed a concern about the potential commercial restrictions that the introduction of such a cause of action would bring.
The view generally expressed by Google, eBay and PayPal is that most website privacy policies provide sufficient protection to consumers.
Submissions from activists such as the Queensland Council for Civil Liberties, present an opposing view, which is that the current state of the law does not allow individuals to control which aspects of their information they wish to keep private. An example of this lack of privacy control is demonstrated by employers using services that track social media behaviour to filter potential employees.
A Global issue
The inquiry comes at an interesting time for international privacy law, with the recent introduction of the European Union’s (EU) General Data Protection Regulation, which allows for the imposition of hefty fines (Article 79) for data protection breaches. It shows the EU has decided to take a strong stand on data protection. Importantly, it sets the tone for global data protection, and a potential precedent for the adoption of a unified cause of action in Australia. However, after four inquiries resulting in no legislative reform, it is unlikely Australia will be rushing to follow suit. Legislators may pause to see whether this new European legislation negatively impacts Australian corporations sharing data across Europe before implementing a cause of action here.
A final report is due to be provided to the Attorney-General later this year. We will (of course!) keep you updated as to the outcome.