The right to personal privacy is limited. Information privacy was first protected by Commonwealth legislation, but it has expanded and now also includes state legislation. The Australian Privacy Principles set out broad principles that are binding on government agencies and large companies. Specific laws cover credit reporting and some other Commonwealth legislation. Complaints can be made to the Australian Information Commissioner. Victorian privacy legislation includes the Health Records Act 2001 (Vic) and the Human Rights and Responsibilities Charter.


Helen Versey

Former Victorian Privacy Commissioner

Privacy protection in Australia: The UNICCPR and common law

Last updated

1 July 2020


Most Australian states and territories have enacted legislation to protect information privacy. However, Australian law does not expressly protect the right to personal privacy in the broader sense, either through legislation or the common law. Also, legislative protections of the privacy of personal information do not include breaches by individuals acting in a personal capacity.

Privacy protection under the UNICCPR

The right to privacy in The Universal Declaration of Human Rights (1948) was mirrored in Article 17 of the United Nations International Covenant on Civil and Political Rights (1966) (UNICCPR) to which Australia is a signatory and agreed to be bound on 13 August 1980. The UNICCPR is a schedule to the Australian Human Rights Commission Act 1986 (Cth) (‘AHRC Act’) and the Australian Human Rights Commission is responsible for monitoring Australia’s compliance with the UNICCPR. However, although Australia has agreed to be bound by the UNICCPR, it is not incorporated into the AHRC Act to the extent that it has created enforceable rights.

On 25 September 1991, Australia agreed to be bound by the first optional protocol, which allows individuals whose countries are party to the UNICCPR and the protocol – and who have exhausted all domestic remedies (if any) – to submit a written communication to the United Nations Human Rights Committee (‘HR Committee’).

This occurred when Nicholas Toonen, who lived in Tasmania, sent a communication to the HR Committee arguing that Tasmania’s law that criminalised homosexual sex between consenting adults was a breach of privacy under Article 17 of the UNICCPR. The HR Committee agreed that because of the Tasmanian law, Australia was in breach of its obligations under the treaty and rejected the argument that the interference was not arbitrary (HR Committee Communication No. 488/1992 Toonen v Australia). In response to the HR Committee’s view, the Commonwealth Government passed a law overriding the Tasmanian law. Note that Toonen sent his communication in 1991 and the HR Committee responded in 1994. Also, Australia is not bound by the HR Committee’s response and could have chosen to take no action to remedy the breach.

Privacy protection under the common law

Ettingshausen v Australian Consolidated Press

Australian common law provides limited personal privacy protections, for example, through defamation and trespass laws (see Chapter 11.2: Defamation and your rights, and Chapter 6.4: Neighbour disputes).

In Ettingshausen v Australian Consolidated Press Ltd (1991) 23b NSWLR 443, the plaintiff, a well-known rugby player, successfully took defamation action about the publication of a photograph taken after a game, which was found to show his genitals. This case was, in reality, a claim for breach of privacy.

Australian Broadcasting Corporation v Lenah Game Meats

In 2001, in the case of Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) HCA 63 (‘Lenah Game Meats case’), the High Court heard on appeal a claim of breach of privacy made by a corporation in relation to an animal rights group secretly filming an abattoir that processed possums. The footage had been given to the Australian Broadcasting Corporation (ABC), which planned to broadcast it.

While ultimately rejecting the corporation’s claim of breach of privacy – on the ground that corporations have no rights of privacy, which is fundamentally about personal autonomy – the High Court invited the possibility of the development by courts of a cause of action for invasion of privacy.

Since this decision, Australian courts have been moving towards developing a cause of action for breach of privacy, although this has often been through findings of breach of confidence.

Grosse v Purvis

In the case of Grosse v Purvis [2003] QDC 151, the plaintiff brought an action for breach of privacy after years of stalking by the defendant and public and private statements by him to the effect that the plaintiff engaged in immoral sexual acts.

The Queensland District Court noted that in the Lenah Game Meats case the High Court had removed the barrier to people attempting to rely on a tort of privacy and awarded aggravated and exemplary damages to the plaintiff for breach of her privacy.

Giller v Procopets

In the case of Giller v Procopets [2004] VSC 113, the Victorian Supreme Court stated that the law had not developed to the point where the law in Australia recognised an action for breach of privacy. The facts of that case were that the defendant, while in a relationship with the plaintiff, had secretly and then with her consent, videotaped them having sex. After the breakdown of the relationship, he had disclosed the recordings to family and friends.

Ms Giller brought an action for breach of privacy and breach of confidence, among other actions. While the trial judge rejected the breach of privacy, he found there had been a breach of confidence but since the distress she suffered fell short of mental illness, he found there were no grounds to award compensation.

The Victorian Court of Appeal unanimously confirmed the finding of breach of confidence and as a result found it unnecessary to decide conclusively whether a tort of invasion of privacy should be recognised under Australian law. Importantly, it rejected the decision that compensation could not be awarded and ordered damages against Mr Procopets (Giller v Procopets [2008] VSCA 236).

This case was an important step in breach of confidence being used as a remedy for breach of privacy, although it is limited in scope by the need for a confidential relationship to have existed between the plaintiff and the defendant.

Doe v Australian Broadcasting Corporation

In Doe v Australian Broadcasting Corporation [2007] VCC 281, the ABC published information on two separate occasions that identified the plaintiff as a victim of rape by her husband, contrary to section 41(1A) of the Judicial Proceedings Reports Act 1958 (Vic).

In addition to finding a breach of statutory duty and breach of confidence, Justice Hempel also found the defendant was liable in tort for invasion of privacy, relying on the High Court’s comments in the Lenah Game Meats case. The decision was appealed but the appeal subsequently withdrawn.

Recommendations for law reform

In light of the slow and piecemeal development of a right of privacy at common law there have been a number of recommendations by Australian law reform commissions that there be a statutory cause of action for breach of privacy.

In 2009, the New South Wales (NSW) Law Reform Commission released a report, Invasion of Privacy (report 120); available at It recommended that the Civil Liability Act 2002 (NSW) be amended to provide a statutory cause of action for invasion of privacy.

In 2008, the Australian Law Reform Commission (ALRC) recommended a statutory cause of action be developed for serious invasions of privacy (ALRC report 108).

The Victorian Law Reform Commission made a similar recommendation in its 2010 report, Surveillance in public places: final report; available at

On 3 September 2014, the ALRC’s final report, Serious invasions of privacy in the digital era (ALRC report 123), was tabled. This report responded to the then Attorney-General’s referral to the ALRC following the Australian Government’s release of its issues paper, A Commonwealth statutory cause of action for serious invasion of privacy. The ALRC recommended that if there were to be a statutory cause of action for serious invasion of privacy it should be a Commonwealth Act and be an action in tort. It should be available only in circumstances where a person had a reasonable expectation of privacy and would cover:

intrusion upon seclusion either by physically intruding into a person’s private spaces by watching, listening, recording private activities or affairs or by the misuse of private information such as by collecting or disclosing private information about a person – including untrue information, but only if it would be private if true.

In March 2016, the NSW state parliament’s Law and Justice Committee recommended that NSW should create a new legal action for serious invasions of privacy (report no. 57: Remedies for serious invasions of privacy).

The NSW Government responded on 5 September 2016. In relation to the key recommendation, the government stated that as the federal government has publicly confirmed that it does not support a tort of privacy, and no other Australian jurisdiction has indicated a willingness to take steps in this direction, NSW cannot act alone in the absence of an agreed approach at a national level.

For information on the development of a statutory tort of privacy and common law developments internationally, see the ALRC report 108; Chapter 74 of the report provides a useful overview.

Back to
Government and the individual

Buy the chapter ‘Privacy and your rights’