ALRC proposes privacy laws, drops safe harbour for internet intermediaries
The ALRC has proposed new legal protections against "invasions of privacy" in the digital era, holding companies such as Facebook and Google to account for their involvement in breaches.
- Webby Award Winner (Best Video Host, 2021), Webby Nominee (Podcasts, 2021), Gold Telly (Documentary Series, 2021), Silver Telly (Video Writing, 2021), W3 Award (Best Host, 2020), Australian IT Journalism Awards (Best Journalist, Best News Journalist 2017)
The Australian Law Reform Commission has proposed changes to Australian law [PDF] to protect individuals from serious invasions of digital privacy, saying that they are increasingly common in the modern era.
The ALRC has proposed a tort in a new Commonwealth Act to protect against invasions of privacy, in cases when a serious invasion is committed intentionally, has the ability to cause actual or emotional damage and when the individual would have had a reasonable expectation of privacy.
In its recommendations, the ALRC specifies invasions of privacy can take two forms:
Intrusion upon seclusion, such as by physically intruding into the plaintiff's private space or by watching, listening to or recording the plaintiff's private activities or private affairs; or
Misuse of private information, such as by collecting or disclosing private information about the plaintiff.
The ALRC recommends that courts may order compensation for affected individuals, provided action is brought within one year of the individual learning of the breach or within three years of the breach occurring (whichever occurs first). It also includes provisions for "responsible journalism relating to matters of public concern and importance".
On the matter of surveillance, the ALRC reiterated previous advice on drones with a formal recommendation that surveillance device laws should be standardised under Commonwealth legislation.
This includes the repeal of exceptions for 'participant monitoring' that allow "the use of a surveillance device without the consent of the individuals under surveillance, so long as the person conducting the surveillance is also a party to the activity or conversation under surveillance".
No more safe harbour
The ALRC's report also has significant implications for "internet intermediaries", including telecommunications providers, content hosts such as Google and Yahoo, and service providers such as Facebook and Youtube.
In its recommendations, the ALRC advises that these companies should not be excluded from liability if they have knowledge of a serious invasion of privacy:
Internet intermediaries should not be liable under the tort for invasions of privacy committed by third parties using their services, where they have no knowledge of the invasion of privacy.
Where they do have knowledge, there does not seem to be any justification to provide a complete exemption from liability. The ALRC therefore sees no need to recommend the enactment of a 'safe harbour' scheme, to protect internet intermediaries from liability under the tort.
In these cases, an intermediary could be culpable "if they know that their service has been used to invade someone's privacy, and they are reasonably able to stop the invasion of privacy, but they choose not to do so".
Commenting on the report, the ALRC said advances in technology necessitated the legal reform.
"A cause of action for serious invasion of privacy does not presently exist in Australian law," the ALRC said.
"Invasions may occur with increasing ease and frequency in the digital era, when the mobile phones in our pockets are all potential surveillance devices, drones are becoming cheaper and more advanced, and personal information once put online seems impossible to destroy or forget."