You can’t breach someone’s confidence if you disclose untrue information, but you can breach their privacy.
In an historic ruling, a Judge in the Victorian County Court has recognised a distinct common law tort of invasion of privacy, and awarded $30,000 in damages, in a matter brought by a daughter (the plaintiff) against her estranged father (the defendant).
Why does this matter?
This case shifts us closer to a scenario in which a person who has suffered an invasion of privacy – the breaching of the “private sphere” which protects “human dignity and autonomy”, via conduct that would be considered “highly offensive” by a reasonable person – can directly sue another person, or organisation, for damages.
Under a common law tort, unlike under constrained informational privacy statutes like the Privacy Act, there is no carveout for individuals, small businesses, political parties or the media. There is no exemption for employee records. There is no arguing about the finer points of the definition of ‘personal information’, or whether or not someone consented to something via a Privacy Policy. There is no need for a plaintiff to wait in the queue of complaints lodged with a privacy regulator. Anyone can sue anyone else.
In other words – every one, and every organisation, needs to understand that privacy, in its broader sense, is protected by law, and that offensive conduct which invades someone’s privacy could make you liable for damages.
The circumstances of this case are exceptional and truly devastating, but are not of themselves relevant to thinking about the wider implications. And while there were multiple causes of action brought by the plaintiff concerning the disclosure of her information by the defendant, of particular interest to us is the journey Judge Tran takes us on with her considered and thorough analysis of the development of the common law tort, including how it can flex to provide redress for the privacy harms we might expect to see in a digital age.
Background
The plaintiff alleged that the defendant was the source of information about her that was published via several channels, including in a magazine, newspaper articles, a current affairs TV show, and a published book.
The plaintiff claimed that, in providing that information, the defendant:
- breached his statutory duty to comply with an Intervention Order
- committed the tort of negligence
- acted in breach of confidence, and
- committed the tort of breach of privacy.
Judge Tran noted that each of these causes of actions have different elements and apply to different subject matter. The Judge dealt with each cause of action separately, and separated the precise allegations that may fall within them. (The first two causes failed, for reasons not relevant to this discussion of privacy and confidence.)
In order to make out a cause of action for breach of confidence, the first element needed is that the ‘information’ disclosed must be of a confidential nature. In considering each piece of information disclosed by the defendant in relation to the claimed breach of confidence, the Judge noted that one piece of information (an apology issued by the plaintiff to the defendant) did not pass the threshold test of being an identifiable piece of information of a confidential nature. This was because the Judge was not satisfied that the plaintiff actually had apologised to the defendant, via the email the defendant claimed constituted an apology.
In other words: you can’t breach someone’s confidence if the information you disclosed about them was not given to you in confidence – which of course it can’t be, if it was never given to you at all.
Given this finding, the plaintiff was not able to establish the elements of a cause of action for breach of confidence. This allowed the Judge to ask: “Could, perhaps, the recognition that there exists in the common law an actionable claim for invasion of privacy fill this gap?” ([232]).
The Judge then considered the ability of the common law to develop incrementally and in a confined manner; the state of Australian case law in relation to the existence of a tort of privacy; approaches applied in the UK, NZ, Canada and the USA; and – if there is such a cause of action – whether it covers a situation where there has been a statement made that discloses private information, but that where that statement is not correct.
Running through a history of privacy scholarship and judicial consideration, from Warren and Brandeis to deepfake pornography, Judge Tran found that the common law must recognise a right to privacy, in order to protect both confidential and non-confidential information, both true and untrue information, both defamatory and non-defamatory but intensively private matters, and the “private sphere” whether impacted by informational privacy invasions or other types of intrusions.
In Judge Tran’s view, the recognition of a tort of invasion of privacy can be viewed as an incremental development of the existing action for breach of confidence.
According to the Judge: “…it should be recognised that an action for invasion of privacy forms part of the common law of Australia. Although historically this action has been housed under the overarching doctrine of breach of confidence, it is better viewed as separate and distinct from the action for breach of confidence. This does not amount to the creation of a tort, but rather a recognition of the bifurcation which has developed in relation to the action known as breach of confidence, between actions which at their heart protect confidential trade information; and actions (available only to natural persons) which at their heart protect human dignity in privacy. It is proposed to elucidate that bifurcation, by renaming the latter category as an action for invasion of privacy.” ([315])
The Judge acknowledged that at times there will be an overlap between the two causes of action, for example where a celebrity seeks to trade on their private information.
Elements of the common law tort
The Judge preferred “not to attempt to define the essential elements of this action” ([316]) and instead preferred a more cautious approach of working out the principles for a tort of invasion of privacy on a case-by-case basis in an Australian context. However, the Judge stated: “relief should continue to be available, at a minimum, in the circumstances where it has been available in the past – that is, the making public of private matters in circumstances that a reasonable person, standing in the shoes of the claimant, would regard as highly offensive” ([318], emphasis added).
The Judge reiterated that an actionable breach of privacy can occur even though a Court may not be satisfied that the information disclosed was ‘factually correct information’. The Judge also reiterated that the tort also covers aspects of privacy that are broader than information privacy; “the concern of the action for invasion of privacy is not so much protecting private information, but protecting a private sphere within which human dignity and autonomy can be furthered.” ([323])
Applying these elements, the Judge determined that the circumstances and the nature of the information disclosed by the defendant (i.e. a private email) was “incontrovertibly” within the plaintiff’s private sphere, and that “a reasonable person in [the plaintiff’s] shoes” would have found the disclosure of the information to be “highly offensive.” ([331])
Defences and balancing other interests and rights
The Judge decided it was “preferable to leave for others the question of the availability of defences to such a cause of action, including defences which aim to protect other important rights, such as the constitutional right to political free speech. Clearly, any development in this cause of action “would need itself to follow a path consistent with the constitutional guarantee of freedom of political communication”. This may require careful attention to be paid to available defences. However, there has been no suggestion that such a defence would arise in the present case.” ([319])
The Judge also acknowledged “the distress experienced by [the plaintiff] at having [the defendant] say anything about her in public. However, in view of the constraints that an action for invasion of privacy may place on other important common law rights, such as free speech and autonomy of action, an action for invasion of privacy must be carefully limited. … It is only where [the defendant] has transgressed and exposed to the public the plainly private sphere of [the plaintiff] (that is, private father/daughter conversations, the counselling meeting and her email to him) that I find there to have been an actionable invasion of privacy. ” ([332])
Damages for harm caused by the invasion of privacy
The damages awarded in relation to the invasion of privacy ($30,000) were calculated having regard to the mental distress caused to the plaintiff by the defendant’s conduct. The Judge also found there was no need for the plaintiff to prove a diagnosable psychiatric illness to recover damages for the invasion of privacy. ([432])
Observations: which tort will win?
As Ed Santow and Sarah Sacher perfectly describe, we are now facing the “problem familiar to anyone who has spent hours at a bus stop: having waited decades for a privacy tort, now two have come along at once”.
The development of a common law tort of invasion of privacy occurring alongside the development of a statutory tort via the POLA Bill currently before Parliament is a bit like watching the tale of the tortoise and the hare play out.
The development of a common law tort is slow and incremental – a court can only decide cases on the facts and actions brought before it, and when it comes to a tort for serious invasions of privacy, plaintiffs may be understandably unwilling to bring actions in areas of law that are uncertain and not well developed. A statutory tort, on the other hand, can be developed much more rapidly. There is more flexibility with a statutory tort to reflect community issues and norms, and to provide certainty around the elements and scope of the tort, including available defences.
It has been well over 20 years since the High Court gave its decision in ABC v Lenah Game Meats Pty Ltd and left open the possibility for a common law tort of invasion of privacy. Since that time, a statutory tort for serious invasions of privacy has been recommended in a number of law reform inquiries (including the ALRC in 2008, the NSWLRC in 2010, the VLRC in 2010, and the Law Reform Institute of SA in 2016). After receiving responses to its Issues Paper released in 2011, the federal government progressed the matter by providing a reference to the ALRC to make recommendations on the design of a statutory cause of action for serious invasions of privacy (which it did in its 2014 report). Following a lengthy review of the Privacy Act, the federal government announced in 2023 it would progress a new statutory tort for serious invasions of privacy as part of its plans for privacy law reform.
And finally, in late 2024, we have a Bill setting out the federal government’s proposed statutory tort – and we are watching to see if and when it will be passed by Parliament.
While there are many reasons why the development of a statutory tort may be preferable over waiting for the common law to develop (including that it is more democratic than being subject to ‘Judge made’ law), one of the key reasons why many have argued that we need a tort of privacy in Australia in the first place is to address a weakness in the Privacy Act – the media/journalism exemption from compliance with the Australian Privacy Principles.
However, the proposed statutory tort also contains a significant exemption for ‘journalism’, contrary to the model carefully developed by the ALRC, which – if enacted in its current form – means we couldn’t see cases brought against media organisations for serious invasions of privacy, such as we’ve seen in a number of UK cases mentioned by Judge Tran. And while public interests in the protection of privacy understandably need to be balanced against other public interests, including freedom of the media to investigate and report on matters of public interest, the exemption in the proposed statutory tort does not leave any room for this ‘balancing’ to take place; courts will not be able to consider if material published by media organisations (which in some cases may amount to entertainment or gossip) is in the public interest and outweighs a person’s interest in privacy.
While the issues considered by Judge Tran in this case do not touch on the conduct of the journalists and media organisations who published the plaintiff’s private information (they were not defendants in this case), under the proposed statutory tort their conduct could not be considered at all. And interestingly, while a plaintiff would not be able to bring an action against a journalist who invaded their privacy and published their private information (regardless of whether the journalist breached journalistic standards or codes of practice in doing so), a plaintiff may, however, be able to bring an action against the journalistic source who provided the private information (as the exemption only covers journalists, their employers, and those who assist the journalist in their professional capacity or as part of their employment or engagement with the journalist’s employer).
It seems lopsided to us that journalists and media organisations would be able to benefit from publishing information obtained through a serious invasion of someone’s privacy, while their sources could be left to answer the case against them alone (and, ultimately, to be liable for damages where a court finds that a serious invasion of privacy has occurred, and that the plaintiff has suffered harm as a result of the media publishing their information).
Given that a media organisation (the ABC) was the respondent in the two most significant judgements that were cited by Judge Tran as having advanced the common law with respect to a tort of invasion of privacy (the Lenah Game Meats and Doe v ABC cases), it seems incongruent that media organisations should be exempted from the operation of the statutory tort. And as independent MP Kylea Tink has pointed out in debate on the POLA Bill, the journalism exemption for the proposed tort would shield journalists from civil liability even for illegal conduct such as phone hacking.
In response, Attorney General Mark Dreyfus suggested that the broad-brush journalism exemption is needed, because subjecting journalists to a ‘public interest’ test (the test that other defendants to the statutory tort would be subject to), would lead to court cases, which would litigate the question of whether or not their conduct was in the public interest.
But what is the point of introducing a statutory tort – i.e. a new pathway for victims of privacy invasions to seek a remedy in court if all other pathways such as complaints to the respondent, or the respondent’s industry body, or the privacy regulator, have failed them – if not to debate the merits of a matter, and ventilate the issue of ‘what is in the public interest’?
In her carefully reasoned decision, Judge Tran found that “there is an increasingly urgent need to protect privacy in the world of telephoto lenses, deepfakes, social media and clickbait” ([312]), in particular because “the defendant who makes inaccurate public statements about intensely private matters is in a better legal position (and probably has more ‘clicks’) than the defendant who properly fact checks and makes only accurate statements” ([324]).
Suddenly the slow-moving common law looks more up to date with modern digital harms, and more in tune with public expectations, than the statutory model.
This decision is only one more step towards a common law tort; until we see this case, or another decision recognising a tort of invasion of privacy, affirmed by an appellate court, some may feel they can underplay the impact. However Judge Tran’s judgment does represent real progress. The litigation floodgates might not have been fully opened, but consider them at least wedged.
Considering the notable gaps in the proposed statutory tort, and indeed the weaknesses in current informational privacy legislation like the Privacy Act, we may prefer to cheer on the common law tortoise to keep plodding towards the finish line, while the Parliamentary hare continues to delay.