Privacy Law and Policy Reporter
During recent months three events have demonstrated the directions that Australian privacy law is finally taking to throw of its moribund state of the last fifteen years since the Privacy Act 1988 came into force.:
• Seven v MEAA acknowledged the potential of injunctions under s98 of the Act to provide judicial interpretations of the Act, and shows how this is most likely to occur in the context of litigation between business organisations rather than individuals defending their privacy.
• The Tenants’ Unions v TICA determinations by the outgoing Privacy Commissioner demonstrated that it is likely to be through representative complaints under s36(2) that determined consumer organisations will force the Privacy Commissioner to interpret and apply the Act in a way that develops the law, something that has not happened for 15 years with individual complainants.
• The House of Lords decision in Campbell v MGN Ltd laid down the choice to be faced by the High Court the next time a question of privacy protection at common law comes before it: it can join the New Zealand Court of Appeal in developing a separate tort of invasion of privacy, or it can join the House of Lords rejecting such novelty but instead develop the law of breach of confidence into a new means of privacy protection.
Taken together, these three developments have the potential to change Australian privacy law beyond recognition over the coming years. We may look back and say that everything changed in mid-2004.
Seven v MEAA
It is the first development, the decision of Gyles J in the Federal Court in Seven Network v Media Entertainment and Arts Alliance  FCA 637 (see casenote by Patrick Gunning in this issue) that is likely to have the most immediate impact. His honour laid to rest the misleading impression given by previous Federal Court decisions that the Federal Court had little role to play in interpreting and enforcing the Privacy Act 1988 by confirming the clear words of s98 allows any person to seek an injunction to enforce any of the privacy principles set out in the Act (IPPs or NPPs). Section 98 is most likely to be used as a weapon in conflicts between business organisations, rather than by aggrieved individuals, partly because of the risk of significant costs being awarded against the losing party This was demonstrated by the parties to Seven v MEAA: a television network more intent on protecting its own commercial information than incidentally protecting the privacy of its employees found that it could use s98 as a weapon (along with copyright law) in an industrial dispute with a union and its call centre.
The reasoning of Gyles J in Seven v MEAA concerning the National Privacy Principles, brief though it is (and in some respects problematic), is arguably more useful for our understanding of the Privacy Act as a legal regime than everything that has emerged from the last 15 years of the Privacy Commissioner’s investigation of complaints. The reasons for why little law has emerged from the complaints function are complex, and include the lack of a right of appeal from the Commissioner’s determinations, the Commissioner’s preference for use of s41 dismissals of complaints rather than s52 determinations, (see X v Commonwealth Agency in Cases + Complaints this issue) and the practice of not publishing any details of ‘settled’ complaints (partly reversed only in the last 18 months). As a result, s98 cases are likely to be very important to the legal interpretation of the Act, perhaps disproportionately so.
Tenants Unions v TICA
The Tenants Unions v TICA s52 determinations by Privacy Commissioner Crompton (on his last day in office) demonstrate a different way by which Australian privacy law may progress. There, the respondent was a tenancy information bureau providing reports to real estate agents that could affect the ability of thousands of tenancy applicants to obtain housing. The complainant, however, was not an individual aggrieved tenant, but a class of persons (tenants) under the representative complaint (s36, ss38-39). This is the first representative complaint known to have been pursued under the Act, and was successful because of the determination and detailed representations made by the Tenants Unions pursuing the complaints on behalf of their members, and their access to expert advice.
The Commissioner found 14 breaches of four of the National Privacy Principles (NPPs) by TICA (see the summary in Cases + Complaints in this issue), but rejected an equal number of other breaches alleged by the Tenants’ Unions. Nevertheless, the changes required in TICA’s operations if it is to comply with the Determinations are probably the most substantial organisational change forced upon an Australian organisation by a privacy complaint. An article by Chris Connolly, one of the advisers to the Tenants Unions, in the next issue of PLPR will analyse these substantive findings..
Other representative complaints are likely, with one involving Electronic Frontiers Australia (EFA) against various telecommunication carriers and ISPs concerning disclosure of calling line identification already before the Commissioner and the Australian Communications Authority (see Irene Graham’s article in (2004) 10(9) PLPR 187). As consumer and privacy groups, and perhaps other organisations such as unions, become more familiar with the representative complaint process, it is likely that it will be seen as a means of achieving systemic changes in companies and Federal agencies perceived as invading privacy.
In the first 14 years of the Privacy Act, other than for two very odd determinations in 1993 (one by consent, the other reaching no conclusion), the Privacy Commissioner did not use his power to make determinations under s52. In the last year there have been two determinations against recalcitrant ACT agencies for disclosures. The TICA determinations constitute more use of the Commissioner’s powers than in the last 15 years. Successive Commissioners have had a misplaced pride in never using their s52 powers: perhaps that is changing.
The risk of costs against complainants is not present in complaints to the Commissioner, but other problems remain. Respondents such as TICA have a de facto right of appeal to the Federal Court by the expedient of refusing to comply with a determination, in which case the complainant has to have the matter heard de novo by the Federal Court in order to obtain enforcement (although assisted in evidentiary matters by ss55A-55B). Unless TICA fails to comply with the determination, a complainant such as the Tenants’ Unions can only seek the Federal Court’s intervention on the matters in which it was unsuccessful before the Commissioner by taking action under s98 (with the attendant risk of costs against).
Campbell v MGN Ltd
The protection of privacy by the common law was frozen in denial in Australia prior to ABC v Lenah Game Meats  HCA 63, and since then has just been indecipherable. However, other leading Courts have very recently provided the High Court with alternative roads to follow which it can hardly avoid considering once a suitable case arises. In Wainwright v Home Office  UKHL 22 the House of Lords turned its back on a separate tort of protection of privacy (see (2003) 10(6) PLPR 111). However, in Hosking v Runting  NZCA 34, a majority of New Zealand’s Court of Appeal in March 2004 took the opposite approach and endorsed a separate tort of public disclosure of private facts (see the article by Katrine Evans analyzing this in the next issue of PLPR). Most recently the House of Lords in Campbell v MGN Ltd  UKHL 22 has given a clear indication of its preferred approach to privacy protection by endorsing an expansion of the law of breach of confidence to better protect ‘private’ information. The implications of this approach, and its applicability to Australia, are discussed by David Lindsay in this issue. If the High Court adopts either of these approaches on its next opportunity, the general law’s protection of privacy in Australia will also have come of age.
Graham Greenleaf is General Editor of PLPR