Most Australian states and territories have enacted legislation to protect information privacy.
However, Australian law does not expressly protect the right to personal privacy in the broader sense, either through legislation or the common law.
Also, legislative protections of the privacy of personal information do not include breaches by individuals acting in a personal capacity.
Privacy protection under the UNICCPR
The right to privacy in The Universal Declaration of Human Rights (1948) is mirrored in Article 17 of the United Nations International Covenant on Civil and Political Rights (1966) (UNICCPR). Australia is a signatory to the UNICCPR and agreed to be bound by it on 13 August 1980.
The UNICCPR is a schedule to the Australian Human Rights Commission Act 1986 (Cth) (‘AHRC Act’); the Australian Human Rights Commission (AHRC) is responsible for monitoring Australia’s compliance with the UNICCPR. However, although Australia has agreed to be bound by the UNICCPR, it is not incorporated into the AHRC Act to the extent that it has created enforceable rights.
On 25 September 1991, Australia agreed to be bound by the first optional protocol, which allows individuals whose countries are party to the UNICCPR and the protocol – and who have exhausted all domestic remedies (if any) – to submit a written communication to the United Nations Human Rights Committee (‘HR Committee’).
This occurred when Nicholas Toonen, who lived in Tasmania, sent a communication to the HR Committee arguing that Tasmania’s law that criminalised homosexual sex between consenting adults was a breach of privacy under Article 17 of the UNICCPR. The HR Committee agreed that because of the Tasmanian law, Australia was in breach of its obligations under the treaty and rejected the argument that the interference was not arbitrary (HR Committee Communication No. 488/1992 Toonen v Australia). In response to the HR Committee’s view, the Commonwealth Government passed a law overriding the Tasmanian law. Note that Toonen sent his communication in 1991 and the HR Committee responded in 1994. Also, Australia is not bound by the HR Committee’s response and could have chosen to take no action to remedy the breach.
Privacy protection under the common law
Ettingshausen v Australian Consolidated Press
In Ettingshausen v Australian Consolidated Press Ltd (1991) 23b NSWLR 443, the plaintiff, a well-known rugby player, successfully took defamation action about the publication of a photograph taken after a game, which was found to show his genitals. This case was, in reality, a claim for breach of privacy.
Australian Broadcasting Corporation v Lenah Game Meats
In 2001 – in the case of Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) HCA 63 (‘Lenah Game Meats case’) – the High Court heard on appeal a claim of breach of privacy made by a corporation in relation to an animal rights group secretly filming an abattoir that processed possums. The footage had been given to the Australian Broadcasting Corporation, which planned to broadcast it.
While ultimately rejecting the corporation’s claim of breach of privacy – on the ground that corporations have no rights of privacy, which is fundamentally about personal autonomy – the High Court invited the possibility of the development by courts of a cause of action for invasion of privacy.
Since this decision, Australian courts have been moving towards developing a cause of action for breach of privacy, although this has often been through findings of breach of confidence.
Grosse v Purvis
In the case of Grosse v Purvis  QDC 151, the plaintiff brought an action for breach of privacy after years of being stalked by the defendant. The defendant had also made public and private statements to the effect that the plaintiff engaged in immoral sexual acts.
The Queensland District Court noted that in the Lenah Game Meats case, the High Court had removed the barrier to people attempting to rely on a tort of privacy. The court awarded aggravated and exemplary damages to the plaintiff for breach of her privacy.
Giller v Procopets
In the case of Giller v Procopets  VSC 113, the Victorian Supreme Court stated that the law in Australia had not developed to the point where it recognised an action for breach of privacy.
The facts of this case were that the defendant (Procopets), while in a relationship with the plaintiff (Giller), had secretly and then with the plaintiff’s consent, videotaped them having sex. After the breakdown of the relationship, the defendant had disclosed the recordings to family and friends.
Giller brought an action for breach of privacy and breach of confidence, among other actions. The trial judge rejected the breach of privacy; he found there had been a breach of confidence, but since the distress she suffered fell short of mental illness, he found there were no grounds to award compensation.
The Victorian Court of Appeal unanimously confirmed the finding of breach of confidence. As a result, the court found it unnecessary to decide conclusively whether a tort of invasion of privacy should be recognised under Australian law. Importantly, the court rejected the decision that compensation could not be awarded and ordered damages against Procopets (Giller v Procopets  VSCA 236).
This case was an important step in breach of confidence being used as a remedy for breach of privacy, although it is limited in scope by the need for a confidential relationship to have existed between the plaintiff and the defendant.
Doe v Australian Broadcasting Corporation
In Doe v Australian Broadcasting Corporation  VCC 281, the ABC published information on two separate occasions that identified the plaintiff as a victim of rape by her husband, contrary to section 41(1A) of the Judicial Proceedings Reports Act 1958 (Vic).
In addition to finding a breach of statutory duty and breach of confidence, Justice Hempel also found the defendant was liable in tort for invasion of privacy, relying on the High Court’s comments in the Lenah Game Meats case. The decision was appealed but the appeal was withdrawn.
Recent recommendations for law reform
Considering the slow and piecemeal development of a right of privacy at common law, various law reform commissions have recommended that there be a statutory cause of action for breach of privacy.
In 2009, the New South Wales Law Reform Commission released a report, Invasion of privacy (report 120). It recommended that the Civil Liability Act 2002 (NSW) be amended to provide a statutory cause of action for invasion of privacy.
In 2008, the Australian Law Reform Commission (ALRC) recommended a statutory cause of action be developed for serious invasions of privacy (ALRC report 108).
The Victorian Law Reform Commission made a similar recommendation in its 2010 report, Surveillance in public places: Final report.
On 3 September 2014, the ALRC’s final report, Serious invasions of privacy in the digital era (ALRC report 123), was tabled. This report responded to the Attorney-General’s referral to the ALRC following the Australian Government’s release of its issues paper, A Commonwealth statutory cause of action for serious invasion of privacy. The ALRC recommended that if there were to be a statutory cause of action for serious invasion of privacy it should be a Commonwealth Act and be an action in tort.
It should be available only in circumstances where a person had a reasonable expectation of privacy and would cover:
intrusion upon seclusion either by physically intruding into a person’s private spaces by watching, listening, recording private activities or affairs or by the misuse of private information such as by collecting or disclosing private information about a person – including untrue information, but only if it would be private if true.
In March 2016, the New South Wales Parliament’s Law and Justice Committee recommended that New South Wales should create a new legal action for serious invasions of privacy (Remedies for serious invasions of privacy (report 57)).
The New South Wales Government responded on 5 September 2016. In relation to the key recommendation, the government stated that as the federal government has publicly confirmed that it does not support a tort of privacy, and no other Australian jurisdiction has indicated a willingness to take steps in this direction, New South Wales cannot act alone in the absence of an agreed national approach.
In the same year, an inquiry by the South Australian Law Reform Institute also recommended the establishment of a South Australian civil law action for serious invasion of personal privacy (Too much information: A statutory cause of action for invasion of privacy (report 4)).
Since 2019, the adequacy of Australia’s privacy protection has gained significantly more traction as an issue for law reform. The Australian Competition and Consumer Commission’s (ACCC) 2019 Digital Platforms Inquiry examined the adequacy of the existing regulation of digital platforms considering their impact on the news media and advertising sector. Privacy laws were one aspect of this broad-ranging inquiry that led the ACCC to the view that a statutory cause of action would increase business accountability for data management and give consumers greater control over their personal information (Digital Platforms Inquiry: Final report, July 2019).
The federal government responded to the ACCC’s reform proposals in December 2019 and reiterated an earlier commitment to amending the Privacy Act 1988 (Cth) (‘PA Act 1988’) to increase penalties, strengthen enforcement, and require social media platforms to subscribe to a binding privacy code. The recommendation to introduce a statutory cause of action was ‘noted’ and the recommendation for a direct right of action under the PA Act 1988 was supported in principle, subject to consultation and design of specific measures.
The federal government announced that the recommendation for a statutory cause of action would be further examined as part of a review of the PA Act 1988 and related laws. This review would consider whether broader reform is necessary in the medium to long term to empower consumers, to protect their data, and to best serve the Australian economy (Australian Government, Regulating in the digital age: Government response and implementation roadmap for the Digital Platforms Inquiry, 2019).
This review is currently underway and running alongside the Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021 (Cth) (‘Online Privacy Bill’). The Online Privacy Bill will introduce a binding Online Privacy Code for social media and certain other online platforms. It will also increase penalties and enhance enforcement measures. For more information about the review, visit the Attorney-General Department’s website.
Further impetus for the creation of a statutory tort of invasion of privacy has been evidenced through the Australian Human Rights Commission’s (AHRC) separate examination during its ongoing inquiry into human rights and technology; the AHRC has proposed that the ALRC’s recommendations be implemented (‘Human rights and technology: Discussion paper’, December 2019).
In 2020, the New South Wales opposition party introduced into New South Wales Parliament the Civil Remedies for Serious Invasions of Privacy Bill 2020 (NSW) but the Bill has lapsed.
For more detailed information about the development of a statutory tort of privacy and common law developments internationally, see the ALRC report 108; Chapter 74 of the report provides a useful overview.