AustLII Home | Databases | WorldLII | Search | Feedback

Sydney Law Review

Faculty of Law, University of Sydney
You are here:  AustLII >> Databases >> Sydney Law Review >> 2021 >> [2021] SydLawRw 6

Database Search | Name Search | Recent Articles | Noteup | LawCite | Author Info | Download | Help

Lerch, Aiden --- "The Judicial Law-Making Function and a Tort of Invasion of Personal Privacy" [2021] SydLawRw 6; (2021) 43(2) Sydney Law Review 133

The Judicial Law-Making Function and a Tort of Invasion of Personal Privacy

Aiden Lerch[1]


There has long been debate about whether there should be a tort of invasion of personal privacy. While the debate has traditionally focused on the precise formulation of the tort, consideration of whether the tort’s advancement would be within the bounds of the judicial law-making function has been largely overlooked. Extant literature validly points out that invasions of privacy are now commonplace in our technological society. However, societal change alone is unlikely to be sufficient to justify the establishment of a new tort. This article explores whether there is a more principled justification for the common law development of a tort of invasion of personal privacy by critically assessing whether it can be integrated into the underlying foundations of contemporary Australian tort law. It is argued that upon an acceptance that the rights-based theory provides a leading account of Australian tort law, it can be determined that the judicial advancement of a tort of invasion of personal privacy would be justified and legitimate.

Please cite as:

Aiden Lerch, ‘The Judicial Law-Making Function and a Tort of Invasion of Personal Privacy’ [2021] SydLawRw 6; (2021) 43(2) Sydney Law Review 133.

This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International Licence (CC BY-ND 4.0).

As an open access journal, unmodified content is free to use with proper attribution.

Please email for permission and/or queries.

© 2021 Sydney Law Review and authors. ISSN: 1444–9528

I Introduction

Advances in technology and information exchanges are ubiquitous in the world we live in. In creating a digitally connected world, technology has undeniable benefits. However, as governments and businesses increasingly rely on online repositories of personal information to provide goods and services, and individuals are seemingly compelled to hand over their personal data to access these basic services, personal privacy concerns linger. Indeed, data breaches are everywhere,[1] causing identity theft,[2] economic loss,[3] and, in light of the Cambridge Analytica scandal and the recent cyber-attacks on the Australian Government, interference with the democratic process and the free thinking of the individual.[4] Moreover, bodily privacy is often infringed by individuals taking unlawful photographs and videos in public and private spaces and posting them on online social networks.[5] Even household conversations are being recorded by digital platforms.[6] All the while, and perhaps to make matters worse, the Australian Government has passed legislation effectively giving its agencies (and those of the states and territories) the power to hack into any online account to obtain access to stored personal data.[7] It cannot be doubted that the abundance of technology in our society has culminated in a serious degradation of personal privacy.

In response to these privacy concerns, a number of legislative reforms have been enacted at federal and state levels. Each state and territory has passed a Surveillance Devices Act or equivalent statute that regulates the use of surveillance and listening devices, and imposes criminal sanctions on any person (including a private entity) who breaches the relevant provisions of the legislation.[8] Furthermore, more ‘traditional’ criminal offences that protect against the unlawful invasion of individual privacy have been introduced.[9] For example, in Victoria a person commits an offence if they intentionally distribute an intimate image of another to a third party, and the distribution of that image is contrary to community standards of acceptable conduct.[10]

The Australian Parliament has also passed three major legislative reforms. First was the introduction of the Australian Privacy Principles, which are 13 principles that place requirements on entities to standardise the handling, use, and management of personal information.[11] They apply to public agencies, private entities which have an annual turnover of $3 million or more, and private sector health service providers.[12] Second, in 2018 the Notifiable Data Breaches (‘NDB’) scheme was established.[13] The scheme imposes a mandatory obligation on entities regulated by the Privacy Act 1988 (Cth) (‘Privacy Act’) to notify affected individuals and the Australian Information Commissioner when an eligible data breach occurs.[14] Third, an individual complaint scheme was introduced. Pursuant to s 36 of the Privacy Act, individuals have the power to lodge a complaint with the Information Commissioner where an act or practice of an entity amounts to an alleged interference with their privacy.[15] The Commissioner then has the power to investigate the complaint(s) and can make various determinations under s 52(1), including a declaration that the complainant is entitled to monetary compensation.[16] Notably, however, these determinations are neither binding nor conclusive;[17] meaning a complainant who receives a favourable outcome is required to commence proceedings in the Federal Court of Australia or the Federal Circuit Court of Australia to enforce the determination.[18]

Despite these necessary legislative reforms and the increased privacy protection they provide, extant literature has uniformly labelled them as deficient and inadequate.[19] Specifically, there has been an increased focus on the shortcomings of the individual complaint scheme.[20] From the outset, the scheme is limited to infringements of the Privacy Act, and therefore cannot be used by victims of ‘privacy crimes’ under state and territory legislation.[21] Of those who can access the scheme, it seems that complainants have little chance of obtaining a sufficient remedy. Indeed, of the 2,673 privacy complaints that were made in 2019–20, the Commissioner made only four determinations.[22] It has been observed that this extremely low number suggests that the scheme is unable to account for the rapid and extreme influx of privacy invasions, such that complainants are being left without adequate remedies.[23] Moreover, the fact that successful complainants are then required to enforce their determination in the courts undermines the time and expense required to bring the complaint to the Commissioner in the first place.

It is with these shortcomings in mind that one might expect the common law to provide plaintiffs with adequate redress. In Australian Broadcasting Corporation v Lenah Game Meats, the High Court of Australia acknowledged that the debate over whether a privacy tort should exist is not foreclosed, and expressed an inclination to develop a common law ‘principle protecting the interests of the individual in leading, to some reasonable extent, a secluded and private life’.[24] Although this suggestion was followed in the Queensland District Court and the Victorian County Court, where it was held that a tort of invasion of personal privacy had been committed,[25] other courts have since doubted whether such a tort exists.[26] Courts have instead ‘been content to grope forward cautiously along the grooves of established legal concepts’.[27] For example, the tort of trespass to land has been held to protect against the taking of photos or video footage when a defendant gains unpermitted or conditional entry onto an occupier’s land,[28] and in Raciti v Hughes an interlocutory injunction was granted on the basis that the defendants’ actions in setting up a light system with cameras to surveil the activity in the plaintiff’s backyard was likely an actionable private nuisance.[29] Courts have also held that the equitable wrong of breach of confidence will have been committed, and equitable compensation for mental distress is available, where a defendant shares sexually explicit photos and videos of his or her previous partner.[30]

The consequence of such a piecemeal approach, however, is that the protection of privacy is limited by the elements of causes of action that were not originally intended to protect against invasions of privacy. Thus, it has been widely argued that the common law is currently unable to sufficiently protect against the innumerable ways in which personal privacy can be compromised.[31]

In light of the limitations of Australia’s statutory and common law responses, there seems to be ample reason for the advancement by the courts of a tort specifically designed to impose liability for an intentional invasion of personal privacy. This view is strengthened by the fact that four law reform commissions, and a report by the Australian Competition and Consumer Commission, have recommended a statutory action for serious invasions of privacy:[32] recommendations that the legislature has continually failed to enact. Courts have a duty to develop the common law where ‘legislative law reform languishes’.[33] In its compelling 2014 report, the Australian Law Reform Commission (‘ALRC’) advised that the tort should comprise of six elements:

1. The invasion of privacy must occur by: (a) intrusion into the plaintiff’s seclusion or private affairs; or (b) misuse or disclosure of private information about the plaintiff;

2. The invasion of privacy must be either intentional or reckless;

3. A person in the position of the plaintiff would have had a reasonable expectation of privacy in all of the circumstances;

4. The court must consider that the invasion of privacy was ‘serious’ in all of the circumstances, having regard to, among other things, whether the invasion was likely to be highly offensive, distressing or harmful to a person of ordinary sensibilities;

5. The invasion need not cause actual damage, and damages for emotional distress may be awarded; and

6. The court must be satisfied that the plaintiff’s interest in privacy outweighs the defendant’s interest in freedom of expression and any broader public interest in the defendant’s conduct.[34]

Additionally, it has long been argued in Australian tort law scholarship that the judiciary should develop a common law tort of invasion of personal privacy.[35] Other than requiring an intentional invasion (rather than a reckless one), the precise formulation of the tort suggested by the scholarship is virtually identical to the first five elements recommended by the ALRC.[36] The sixth element is not included, presumably because in the context of a common law development courts are unlikely to engage in such policy reasoning without express legislative authority. It is the general view of the literature that such a tort would provide dynamic and appropriate redress to the developments in our technological society. Indeed, it has been argued that a tort of invasion of personal privacy would properly respond to privacy concerns caused by the accumulation of data,[37] as well as the rampant use of drones.[38]

While the scholarly contributions should be commended, there is an increasing tendency in the literature to overlook the limits of the judicial law-making function. Scholars have simply observed that because society is more reliant on technology, such social change justifies the courts creating a new privacy tort.[39] This is certainly a reason for such development, as the courts have a duty to develop the law when the values of our society change and the conditions in which we live become fundamentally different.[40] However, it must be remembered that ‘[c]ourts are not law reform commissions’.[41] Judges cannot simply point to what they believe is ‘social change’ and invent new legal doctrine.[42] They do not have the resources, nor the constitutional validity, to survey a wide range of community values.[43] For judicial advancement of the law to be legitimate, it must be incremental and seen as ‘a step in an evolutionary process or continuum’.[44] In this sense, judges are ‘heavily influenced by the accumulated wisdom of the past’[45] and any development of the law will only be valid where it can be ‘integrated into the mass of principles, rules and standards which constitute the common law and equity’.[46]

It follows that for the judiciary to have greater legitimacy in implementing a common law tort of invasion of personal privacy, a court must be satisfied that such a tort would align with the existing principles of Australian tort law and its underlying philosophical foundations. The theoretical and philosophical examination of ‘tort law’ has long been the subject of judicial and scholarly discourse.[47] Although Australian tort law scholars have, for the most part, remained relatively silent on this issue, there is some acceptance that Australia’s law of torts is bifurcated, with one category of torts imposing liability for harm caused by fault, and the other category of torts imposing liability for infringements of particular rights.[48] The rights-based theory of tort law, the modern thesis of which is principally propounded by Stevens,[49] therefore provides a persuasive account of, at a minimum, the category of torts that are designed to protect particular rights.[50] Given that a tort of invasion of privacy would be predicated upon the protection of an individual’s right to personal privacy, the rights-based theory is pertinent to any consideration of whether there is a justifiable basis for the common law development of such a tort.

In order to contribute to the debate over whether a common law tort of invasion of personal privacy should be advanced by the judiciary, this article seeks to examine whether there is a more principled justification for the judicial implementation of a privacy tort. It does not intend to examine the substantive merits of the tort; instead, this article is simply concerned with whether the judiciary, rather than the legislature, would be justified in developing the cause of action. To this end, this article employs the rights-based theory of tort law, representative of a theoretical foundation of Australia’s law of torts, to assess whether a common law privacy tort should be developed.

To position the analysis, Part II outlines the rights-based theory and explores its underpinnings in Australian tort law. Part III then uses the normative implications of the theory to critically assess whether judges would be justified in developing a tort of invasion of personal privacy at common law. According to the rights-based theory, the last criterion for any tort law development is that it coheres with existing law. Part IV therefore draws upon the doctrine of legal coherence and its explication within Australian jurisprudence to place the analysis in the context of Australian law specifically. To conclude, this article comments on the validity of the judiciary exercising its law-making function to establish a common law tort of invasion of personal privacy.

II The Rights-Based Theory of Tort Law in Australian Jurisprudence

Although a rights-based account of the law of torts recently gained ascendency in modern private law scholarship, it is not new. Similar accounts can be found in the works of significant jurists of the 18th and 19th centuries. Blackstone,[51] Cooley,[52] Pollock[53] and Winfield[54] all propounded theories of tort law that centred upon the protection of individual rights.[55] However, as tort law developed in the 20th century, there was an increasingly common misconception in academia that tort law was incomprehensible due to the fact that it consists of seemingly disparate causes of action such as, for example, deceit, conversion, negligence and collateral abuse of process.[56] As a result, it was thought that tort law could only be properly understood as a societal mechanism that existed to achieve community welfare goals.[57] McBride described this as a ‘MacIntyrean catastrophe’, in which tort academics were ‘huddled together under the banner “Tort Law = Compensation for Loss”’, creating the impression that judges could use tort law to give themselves ‘powers to redistribute losses as they [saw] fit, according to their own private notions of what is “fair, just and reasonable”’.[58]

In an attempt to move contemporary tort law thinking away from ideals of policy, rights theorists have put forward a more principled theoretical explanation for the law of torts by contending that it is founded upon the infringement of rights. Put simply, rights theorists such as Stevens, McBride, Beever, Goldberg and Zipursky contend that tort law is ‘concerned with the secondary obligations generated by the infringement of primary rights’.[59] The meaning of a ‘primary right’ is drawn from Hohfeld’s definition of a ‘claim right’,[60] which is a legal right held by a particular plaintiff that correlates with a legal duty owed by a particular defendant.[61] Such rights are ‘legal’ in the sense that they are created by the legislature or the judiciary, and are recognised as enforceable in the legal system at hand. Importantly, however, primary rights are not general or broad rights such as a ‘right to privacy’; rather, they are ‘fully specified, absolute and conclusive’ and when created by the judiciary, always expressed as a negative kind.[62] For example, a person has a primary right not to have others interfere with their property, and a right not to have their property converted. But this does not mean that a person has an all-encompassing general ‘right to property’.[63]

Rights scholars contend that tort law only comes into operation when a primary right of the plaintiff is violated by the defendant.[64] It is when a primary right is infringed that a secondary obligation in tort law is generated, and imposed on the tortfeasor to provide the victim with a remedy.[65] The role of a judge when deciding a case in tort law is therefore to determine whether the plaintiff’s primary rights have been violated, and if they have, to provide the plaintiff with an appropriate remedy.[66] Thus, the rights scholars reason that the fundamental purpose of the law of torts, in its entirety, is to protect individual rights.[67]

In coming to this conclusion, rights theorists have posited a theoretical account of tort law that is principled and distinguishable from policy reasoning alone. Interestingly, however, there are two strands of scholarly thinking in relation to the role of policy considerations in tort law generally. Stevens and Beever argue that if a plaintiff’s right has been infringed, courts are not permitted to deny the existence of that right by later deciding as a matter of policy that the enforcement of that right would not be in the public interest.[68] This, it is said, is beyond the scope of the judicial function as it requires judges to weigh and assess incommensurable policy considerations, something which should only be done by the legislature.[69] As stated by Stevens, ‘our rights should not be decided, or altered, according to a judge’s personal assessment of the balance of a basket of policy concerns’.[70] Thus, in the opinion of Stevens and Beever, courts should enforce all primary rights unless, or until, the legislature provides otherwise.

Other scholars have adopted a more pluralistic approach, rejecting the assertion that questions of policy are never relevant to claims in tort. Bagshaw contends that the function of tort law is to ‘make the world a better place’,[71] with McBride adding that this is done ‘by granting people rights that they can assert against other people, and by providing them with remedies designed to uphold those rights’.[72] Considerations of policy therefore have a place in tort law, as it would be irresponsible for the courts to grant rights to individuals that would be obviously contrary to the public interest and ‘make the world a worse place’.[73] Thus, the ‘pluralists’ differ from Stevens and Beever in that they accept that considerations of policy are relevant to determining the extent to which primary rights can be enforced.

Irrespective of which approach is adopted, the rights-based theory should be commended as it extrapolates a principled approach to deciding tort cases. The rights theorists unanimously agree that, from the outset, the task of a judge who determines a case in tort is to decide whether a primary right of the plaintiff has been infringed by the defendant.

This account of tort law nevertheless has its limitations and has, unsurprisingly, been the subject of significant scrutiny. Cane has persuasively argued that the rights-based theory oversimplifies and misrepresents the complexity of private law more generally.[74] Goudkamp and Murphy reiterate this in the context of tort law specifically, by demonstrating how the rights-based theory fails to satisfactorily explain certain elements of the tort of negligence, the availability of exemplary damages, the defence of illegality and the rule in Rylands v Fletcher.[75] Additionally, Edelman and Degeling have observed how torts like misfeasance in public office, negligence, deceit and conspiracy are clearly focused upon the fault of the defendant.[76] In resolving cases concerning these torts, Edelman explains that the courts are required to make ‘difficult value judgements ... to determine the boundaries of such liability for fault’ and therefore the rights-based theory, at least in respect of the fault-based torts, is unhelpful.[77]

Despite these criticisms, a rights-based account of the torts of trespass and other torts that relate to particular ‘rights’, such as conversion, detinue, defamation, false imprisonment, private nuisance, and interference with contractual relations (the ‘right-specific torts’), has generally been accepted in Australian and English literature.[78] This is because, as shown below, these torts are clearly actionable upon the infringement of a nominate right. Furthermore, it would be unsound for courts to decide not to uphold most of the rights protected by these torts by relying on general policy reasoning. For example, if X is punched in the nose (in the absence of any applicable defences), a court can objectively and precisely determine that X’s right not to be battered was infringed, thus resulting in the tort of battery having been committed. However, the courts would make a mockery of themselves if they went on to decide that the tort of battery was not made out because, taking into account numerous and incommensurable policy considerations, on balance it was in the public interest not to uphold X’s right.[79] It is for these reasons that even Cane, an opponent of the rights-based account, has accepted that at least the torts of trespass ‘are most obviously explained as protecting (primary) rights’.[80]

The rights-based theory of right-specific torts also finds significant support in Australian jurisprudence, particularly in decisions of the High Court of Australia. In Hill v Van Erp, Gaudron J observed that, ‘[t]here is nothing novel in the imposition of liability in tort for the loss or impairment of a legal right’.[81] Consequently, it has been held that:

• ‘[the] torts of trespass, conversion, detinue and slander of title are intimately concerned with the protection of legal rights’;[82]

• the tort of private nuisance is underpinned by ‘the invasion of the common law rights of an owner or occupier of land’;[83] and

• the tort of conversion ‘is confined to acts inconsistent with the right to possession’.[84]

Even in developing the tort of negligence, the High Court has been hesitant to employ policy-based reasoning. As was aptly put by Kitto J in Rootes v Shelton:

I think it is a mistake to suppose that the case is concerned with ‘changing social needs’ or with ‘a proposed new field of liability in negligence’, or that it is to be decided by ‘designing’ a rule. And, if I may be pardoned for saying so, to discuss the case in terms of ‘judicial policy’ and ‘social expediency’ is to introduce deleterious foreign matter into the waters of the common law — in which, after all, we have no more than riparian rights.[85]

However, it is in the foundational case of Plenty v Dillon that the rights-based account of tort law in Australia is clearly expressed.[86] In that case, police constables attempted to serve a summons on the daughter of Mr Plenty by entering his property. Mr Plenty expressly revoked any implied consent given to the police constables to enter upon his land. Despite this, the constables deliberately went onto his land to serve the summons. Mr Plenty subsequently sued for trespass.[87] The defendants alleged, among other things, that s 27 of the Justices Act 1921 (SA), which gave police the power to serve a summons personally or on some other relevant person, also gave them the power to enter the plaintiff’s premises without consent to effect service.[88] Mason CJ, Brennan and Toohey JJ found that s 27 did nothing to imply that a process-server acquired a power to enter upon private land without the leave or licence of the person in possession.[89] Their Honours therefore held that a trespass had been committed and that Mr Plenty was ‘entitled to some damages in vindication of his right to exclude the defendants from his farm’.[90]

Gaudron and McHugh JJ also reasoned that the Justices Act 1921 (SA) did not provide such a power and observed that while the inability to enter private property for the purpose of serving a summons may be inconvenient, it ‘is not a ground for eroding fundamental common law rights’.[91] Their Honours held that Mr Plenty was entitled to damages and stated:

True it is that the entry itself caused no damage to the appellant’s land. But the purpose of an action for trespass to land is not merely to compensate the plaintiff for damage to the land. That action also serves the purpose of vindicating the plaintiff's right to the exclusive use and occupation of his or her land.[92]

All five justices in Plenty v Dillon identified that the tort of trespass to land is concerned with protecting the right to exclusive possession of land and that it was actionable upon that right being infringed, irrespective of the level of fault of the defendants. Indeed, although it may have been in the public interest for the summons to be served in order to promote the efficiency of the justice system, the High Court refused to override the plaintiff’s right not to have others interfere with his land simply because of this policy consideration. Plenty v Dillon was followed in Coco v The Queen, where Mason CJ, Brennan, Gaudron and McHugh JJ held that every unauthorised entry upon private property is a trespass as ‘the right of a person in possession or entitled to possession of premises to exclude others from those premises [is] a fundamental common law right’.[93] This subsequently led Gleeson CJ, Gummow, Kirby, Heydon and Crennan JJ to conclude in New South Wales v Ibbett that it is ‘well established that the tort protects the interest of the plaintiff in maintaining the right to exclusive possession’.[94]

Although the High Court’s reasoning in Plenty v Dillon was specific to the tort of trespass to land, it is similarly applicable to the torts of trespass to the person and trespass to goods, as these torts are also predicated on upholding personal and proprietary rights. The High Court has held on numerous occasions that the tort of false imprisonment exists to protect individual liberty, which has been described as ‘the most elementary and important of all common law rights’.[95] Similarly, in Marion’s Case, the Court emphasised that the torts of battery and assault protected against invasions of an individual’s right to bodily integrity.[96] By relying on these torts, the Court held that no impairment of Marion’s fundamental common law rights could be justified in the absence of lawful consent, even if the opinion of medical professionals was that it was in Marion’s best interests to be sterilised.[97] The view that the tort of battery protects the right to bodily integrity was again affirmed by the High Court in Binsaris v Northern Territory, in which the Court held that the use of tear gas by prison officers on detainees in a youth detention centre without express legislative authority was unlawful.[98] As was explained by Gageler J:

Like other members of this Court, I cannot read the provisions of the Youth Justice Act conferring powers on the Superintendent to maintain order and ensure safe custody and protection of persons within the Detention Centre as authorising an interference with the common law right of a detainee to bodily integrity protected by the tort of battery.[99]

In light of the above analysis, although there is some doubt that the rights-based theory can explain the entirety of the law of torts, it is strongly arguable that, at least in relation to right-specific torts, Australian tort law has its theoretical foundations in the rights-based theory. Indeed, in the view of Edelman and Degeling, the common law of torts is ‘bifocal’[100] in the sense that it is divided into two categories: ‘one category focused upon liability for harm caused by fault and another focused upon infringements of particular rights’.[101] It follows that the rights-based theory has a significant role to play in any development of an Australian tort that is founded on the protection of a particular right. For this reason, there is fundamental weight in employing the normative implications of such theory to critically assess whether a common law tort that protects against invasions of a right to privacy should be developed in Australia’s general law.

III The Rights-Based Theory and a Tort of Invasion of Personal Privacy

If a privacy tort were to be developed in Australia, it can be presumed that it would be framed around the protection of a right not to have one’s personal privacy invaded. It logically follows that the rights-based theory of tort law, as a principled theory that explains and justifies the imposition of tortious liability for right-specific torts, has significant influence in the determination of whether a privacy tort should be developed.[102] The rights-based theory will therefore be employed in this Part to assess whether there is a more principled justification for the development of a privacy tort in Australia’s general law.

A Common Law Rights as Determined by Reference to Moral Rights

One of the primary objections to the rights-based theory is that on its account, tort law ‘is essentially empty’.[103] As was explained in Part II, according to the rights theorists, tort law exists only to protect primary rights, which are rights that have been recognised by the judiciary as being enforceable. However, given that tort law was originally forged by the decisions of common law judges, from its very beginnings it must never have protected primary rights. For example, before the tort of battery existed, tort law could not be said to protect an individual’s right not to have his or her bodily integrity invaded. It was only when the judiciary recognised that there was a tort of battery that tort law protected that right. Thus, under the rights-based theory, tort law is ‘empty’ until the judiciary decides to protect certain rights by creating corresponding torts. This begs the question, posed by Stevens: ‘How can, and did, the judges of the common law, largely unfettered by legislation, determine what our rights are without resorting to policy choices?’[104]

Rights theorists contend that from the outset, common law rights are determined solely by reference to interpersonal moral rights.[105] Stevens argues that we have moral rights that are deduced by reason, human reflection and ‘from the nature and experience of ourselves, and the world and society in which we live’.[106] He goes on to explain that the legislature:

[H]as the power to create legal rights for any reason at all, unconnected with the moral rights we have one against another. ... By contrast, the judiciary, in creating and changing over time our common law, sourced our legal rights one against another in our moral rights.[107]

According to the rights-based theory, moral rights therefore provide the only legitimate justification for common law judges to establish new common law rights.[108] It is when judges make a decision to recognise the minimum content of our moral rights, that they become legal.[109] Thus, in order for a right to be given the force of law, it must firstly be accepted as a moral right.

This initial requirement poses little difficulty for the enforcement of a right to privacy. Irrespective of how a moral right is determined, a wealth of scholarship has accepted that individuals have a moral right to personal privacy.[110] For this reason it is morally reprehensible to watch someone enter their personal identification number (‘PIN’) when they withdraw cash from an automated teller machine (‘ATM’), or for a clothes store to operate without enclosed change-rooms. Indeed, these basic examples show that it is untenable to suggest individuals do not have a moral right to personal privacy. Courts therefore have the capacity to derive legal rights from this moral right. The more contentious question that remains, however, is what is the minimum content of that right, such that it could be legally enforced?

B Limitations on the Types of Common Law Rights

In order to address the above-mentioned question, rights theorists have argued that only specific types of rights should be recognised by the common law.[111] As was explained in Part II, it is generally accepted by rights theorists that tort law will not protect open-ended, general rights such as ‘a right to property’. It follows that tort law would never recognise an all-encompassing general right to privacy; rather, the right protected would be framed as an individual’s right not to have his or her personal privacy invaded. However, beyond this basic identification that common law rights must always be expressed in a negative form, rights theorists have established two further limitations on the types of rights that courts should enforce.

1 Common Law Rights Must Accord with the Rule of Law

Stevens posits that the rule of law requires that courts can only enforce rights that are definable and limited, and therefore capable of being determined in advance.[112] A corollary of this limitation is that courts cannot determine the scope of individual rights and duties by weighing a disparate range of open-ended policy concerns.[113] Stevens gives the example of a general offence of ‘misbehaviour’ that is ‘subject to a number of policy exceptions’ that are used by the court to assess whether the relevant conduct of the defendant was criminal.[114] Such an offence is clearly unacceptable because it cannot readily be determined what sort of conduct is criminal: it is entirely dependent on policy reasoning. On Stevens’ approach, rights should only be enforced where courts can determine their scope without relying on considerations of policy.

The tort of invasion of personal privacy, as endorsed by the ALRC and extant literature, requires an intentional or reckless invasion.[115] Therefore, from the outset, the tort’s protection is limited in scope as only those who are proven to intentionally or recklessly invade someone’s privacy can be held liable. Moreover, the scope of the protection is further refined by the requirements that the plaintiff had a reasonable expectation of privacy in all of the circumstances and that the invasion was objectively ‘serious’. Thus, if these fault and conduct elements are adopted by the courts, it is readily arguable that the scope of the right protected by the common law tort is defined and limited, such that it can be determined in advance.

However, Stevens’ requirement may still pose a complication for the common law recognition of a right not to have one’s personal privacy invaded. Numerous authors,[116] and Gleeson CJ and Gummow and Hayne JJ in ABC v Lenah,[117] have recognised the inherent difficulty of defining the concept of privacy. While in some situations it is very clear that an individual’s personal privacy has been invaded, such as when their medical records are released to the public at large,[118] there is a ‘large area in between what is necessarily public and what is necessarily private’.[119] It could therefore be argued that if a right to privacy was protected by tort law, courts would have to engage in general policy reasoning to determine whether what has been invaded was personally private. On Stevens’ approach, this may be unacceptable as individuals would be unable to determine in advance whether their actions will invade the personal privacy of another.

There is no doubt that it is difficult to identify precisely an overarching definition of what will be sufficiently personally private to warrant protection. However, it is arguable that over time, in the context of incremental development, the concept of personal privacy, and the exact circumstances in which it should be protected, can be delineated.[120] As the ALRC has observed, there are three arms to the concept of personal privacy: informational, bodily and territorial privacy.[121] Informational privacy is concerned with the information (or data) of the individual that is inherently personal.[122] Given that courts are able to determine when information is ‘confidential’ for the purposes of assessing whether the equitable wrong for breach of confidence has been made out, it can be said that courts are capable of defining the limits of the somewhat different concept of informational privacy.[123] As to bodily privacy, it is self-evident that this is concerned with the physical body, and it would therefore be of little difficulty for a court to delineate such a concept.

Lastly, territorial privacy refers to privacy that is inherent in the right to exclusive possession,[124] described as the ‘fundamental right of privacy in one’s home’.[125] Prima facie, the limits of this concept may be difficult to define: if X stands on a public road and films a family having Sunday morning bacon and eggs on their front veranda, is this a breach of their right not to have their personal privacy invaded? However, courts have readily identified where the boundaries of territorial privacy lie in the context of assessing claims for private nuisance. In Bernstein v Skyviews General Ltd, Griffiths J in the English High Court held that while aerial photography of another’s land for commercial purposes is not an interference with the right to privacy inherent in the use and enjoyment of land, constant aerial surveillance certainly would be.[126] Young J in the New South Wales Supreme Court in Raciti v Hughes reiterated this view when he awarded an interlocutory injunction restraining the defendants from using flood lights and cameras to record the plaintiffs’ neighbouring backyard.[127]

Hence, although it must be acknowledged that personal privacy is a difficult concept to define, the above analysis demonstrates that courts are capable of rationally confining its meaning. Moreover, it must be borne in mind that in any advancement of a new common law right, there will be a degree of indeterminacy. This is inevitable and tolerable, particularly in the context of common law development where a level of ‘vagueness’ is required to enable the law to function effectively.[128] To take a modern example, despite being established well over two centuries ago, the scope of protection that the tort of private nuisance provides is still uncertain. However, it would be odd to suggest that because of this uncertainty, private nuisance should never have been developed. Additionally, even the statutory creation of a tort does not necessarily guarantee absolute certainty: the statute will still need to be interpreted by the courts.

Thus, in the context of the judicial development of a tort of invasion of personal privacy, simply pointing out that there will be a level of uncertainty surrounding the definition of ‘personal privacy’ does not justify, in itself, a refusal to recognise any common law protection of it. The better view is that because the concept of personal privacy can be delineated over time, the development of a tort predicated on the concept, but rationally confined by precise fault and conduct elements, is in accordance with the rule of law and therefore justified.

2 Common Law Rights Must Be in the Public Interest

McBride contends that Stevens’ rights-based theory is reductionist, since by requiring courts to make absolutely no reference to the public interest, tort law is prevented from enforcing any rights whatsoever.[129] McBride gives the example of courts upholding a right not to be killed or injured. Clearly, enforcing this general right would be unacceptable because all deaths and injuries on the road would be actionable irrespective of how they were caused, and this would hugely increase drivers’ insurance premiums. However, McBride suggests that, on Stevens’ view, it would also not be legitimate for courts to recognise a right that individuals take care not to kill or injure others, as courts are prevented from employing policy reasoning to decide whether this more limited right is compatible with the public interest.[130] This is clearly an irrational conclusion, as it would result in drivers on public roads not being liable for committing the tort of negligence. Stevens’ theory is therefore said to be unduly limiting because it prevents a court from taking into account that, in some circumstances, it is ‘very clear’ that it would be in the public interest to enforce a particular right.[131]

In light of these limitations, McBride posits that rights should be enforced where they are measured and limited such that their enforcement would ‘clearly’ be in the public interest.[132] While Stevens has not wholly endorsed this approach, more recently he has suggested that courts are justified in creating ‘basic, minimal rights that all systems pursuing justice must have’.[133]

It is this author’s contention that the enforcement of a limited and defined right not to have one’s personal privacy invaded is plainly in the public interest in a democratic society such as Australia that values and protects individual autonomy through the operation of the common law.[134] As observed in the introduction, the abundance of technology in our society has culminated in a serious degradation of personal privacy. Governments, the media and social networks have the power to collect vast amounts of information about their citizens and users. Additionally, individuals, through the use of technologies such as cameras and drones, have the capacity to instantly invade the privacy of others. Basic limits protecting when an individual has a right to privacy are therefore essential to upholding individual freedoms.[135] For example, surely we should be able to use bathrooms without being filmed.[136] Surely we should be able to save private photos, information and materials on our devices that cannot generally be accessed by the public at large.[137] And surely, we should have the freedom to come to our own political views and general beliefs without being unconsciously manipulated by third parties.[138] If it were otherwise, it would seem that the modern society in which we live has returned to the age where we could ‘rape, steal... [and] deceive others with impunity’:[139] only this time, we can do it electronically.

It follows that limited and defined protection of an individual’s right not to have his or her privacy invaded is so basic to democracy and its commitment to the value of the individual that it must be reflected in the common law. Indeed, as Lord Nicholls observed in Campbell v MGN Ltd, ‘[Privacy] lies at the heart of liberty in a modern state. A proper degree of privacy is essential for the well-being and development of an individual.’[140] Thus, on both McBride’s and Stevens’ analyses, courts would be justified in giving effect to a right not to have one’s personal privacy invaded.[141]

According to the rights theorists, however, one final consideration must be satisfied before it can be said that the judiciary would be justified in protecting such a right in tort law. Even where a moral right can be expressed in a limited form that can be determined in advance and its enforcement is clearly in the public interest, private law rights must fit within, and promote, the broader coherent legal system.[142]

IV Common Law Rights Must Cohere with Existing Law

Rights theorists argue that courts should refuse to uphold particular rights if their enforcement would lead to incoherence in the law.[143] However, they do not properly expand on what is meant by legal coherence and refer to its meaning as developed by the English courts. In order to bolster the above analysis and ensure that it is practically applicable to Australian law, this final Part draws upon the principles of legal coherence as developed by the High Court of Australia to assess whether a tort of invasion of personal privacy would cohere with existing law.

A Legal Coherence: What is it?

There is an abundance of scholarship on the doctrine of legal coherence being deployed as a justificatory tool for judges to choose an appropriate position on the law in hard cases.[144] MacCormick describes the concept as ‘the multitudinous rules of a developed legal system ... “mak[ing] sense” when taken together’.[145] However, he contends that this does not mean that all legal principles must be consistent and explained as emanating from a single principle: a set of consistent principles can still pursue something of unintelligible value.[146] As Balkin has properly observed, values and judgments are normatively coherent if ‘they employ distinctions and similarities that are principled and reasonable as opposed to those which are arbitrary and unreasonable’.[147] Thus, in the context of the common law, ‘each branch of law must be founded upon a unique set of principles and policies that shape, orient and inform the body of law within it’.[148]

The High Court of Australia is no stranger to the doctrine of legal coherence. Indeed, the Court has repeatedly held that common law claims will be denied if their recognition does not cohere with existing law.[149] As Fell has identified, the Court has articulated two strands of the legal coherence doctrine: (1) coherence with the common law; and (2) coherence with statute.[150]

B Legal Coherence within the Common Law

In Sullivan v Moody, the High Court held that incoherence in the law will arise if the incremental development argued for subverts another area of the common law.[151] In that case, the Court assessed whether medical practitioners and police officers owed a duty of care to fathers of children to exercise reasonable care when reporting and investigating allegations of child sexual abuse. The plaintiffs alleged that they had suffered loss when the defendants wrongly accused them of molesting their own children, and false information about them was subsequently communicated to others. Cognisant of this characterisation of loss, the Court found that if a duty of care was upheld, it would undermine the tort of defamation. Had the plaintiffs brought their claim in defamation, the defendants would have had a complete defence by relying on the developed principles of qualified privilege. It was reasoned that ‘to apply the law of negligence ... would resolve that competition on an altogether different basis. It would allow recovery of damages for publishing statements to the discredit of a person where the law of defamation would not’.[152] The duty of care was therefore denied on the basis that its recognition would lead to incoherence within the law of torts. The High Court has since followed Sullivan v Moody to refuse to develop the tort of negligence where it would conflict with not only other torts, but also with other areas of the common law.[153]

On the principle extrapolated in Sullivan v Moody, a court would only be permitted to uphold a tort that protects an individual’s right not to have their personal privacy invaded if it did not subvert or conflict with another tort or cause of action. A strict interpretation of legal coherence may therefore pose a complication for the development of such a tort. As outlined in Part I, private nuisance, trespass to land and breach of confidence have been employed to hold a defendant liable for invading a plaintiff’s personal privacy in certain circumstances. It could therefore be deduced that the development of a privacy tort would impermissibly extend liability beyond the scope of these causes of action as it would allow personal privacy to be protected in circumstances where these actions would not ordinarily apply.[154] Thus, in extending liability beyond the established causes of action founded on longstanding common law principles, it could be said that a privacy tort would lead to incoherence.

There are two major flaws in this conclusion. The first is that it overlooks the fact that a single set of facts often generate concurrent liability in the common law, and this should not stifle incremental development. For example, a factual scenario may validly give rise to the possibility of a breach of contract, a breach of fiduciary duty and negligence being committed. However, as both Stapleton and Goudkamp have identified, simply because one of these causes of action cannot be made out does not mean that the imposition of liability for the commission of another should be prevented.[155] It could otherwise be said that the tort of negligence should never have been established, as it extended liability beyond the longstanding principles of contract. It would therefore be irrational to reason that a privacy tort should not be developed merely because it would impose liability in circumstances where private nuisance or breach of confidence would not. Indeed, in being implemented to give further common law protection to the right of privacy, this would be the very purpose of the tort.

Second, the above reasoning does not consider that the development of a privacy tort could in fact promote legal coherence.[156] Currently, the right to privacy is primarily protected by the piecemeal development of private nuisance, trespass to land and breach of confidence. The consequence is that invasions of territorial privacy are generally regulated by the principles of the common law, and invasions of informational privacy (and to an extent, bodily privacy)[157] are regulated by the principles of equity. It follows that the law which assesses the wrongdoing, and the kinds of remedies that plaintiffs are entitled to, is dependent on the type of privacy that has been invaded. However, there is no justifiable basis for why this is the case other than that these causes of action ‘best fit’ the facts that arise in particular cases.

Furthermore, the protection of privacy is limited by the elements of these causes of action, which were not developed to impose liability for invasions of privacy. For example, an essential element of breach of confidence is that the relevant confidential information is given to the defendant in circumstances of a duty or obligation of confidence.[158] Although English courts have broadened the meaning of this requirement to capture strangers who obtain confidential information in circumstances where they do not have a pre-existing personal, contractual or fiduciary relationship with the plaintiff,[159] Australian courts have not (yet) followed suit.[160] In Giller v Procopets, the plaintiff and the defendant were in a de facto relationship when the sexual encounters between them were filmed by the defendant.[161] The Court was therefore satisfied that when the plaintiff gave her consent to the filming, this was done in circumstances where the defendant clearly owed a duty of confidence to the plaintiff on the basis of their existing personal relationship.[162] However, the difficulty that this requirement presents is that personal privacy can be invaded in circumstances where there is no pre-existing relationship between the parties and a duty of confidence will therefore not arise. For example, it is unlikely that a breach of confidence will be committed where X, unknown to Z, films Z in a public bathroom without Z’s knowledge; or where a wrongdoer hacks into another person’s computer.[163] Thus, the scope of the action does not capture some of the most egregious invasions of privacy.

Bearing in mind the formulation of a privacy tort proposed in Part I,[164] it can be determined that if a tort was established with the sole aim of protecting a right not have one’s personal privacy invaded, courts would develop a set of reasoned principles that are sensitive to the precise conduct that the tort is designed to capture and to the limits that should be placed on the scope of liability. Moreover, the extent to which the three arms of personal privacy should be protected can be clarified, and the same types of remedies would be available to plaintiffs. This would generate certainty in judicial decisions and lead to a greater capacity for the tortious conduct to be determined in advance. While it may be that a privacy tort, private nuisance, trespass to land and breach of confidence would overlap, such concurrent liability is reflective of the rich pattern of the common law response.[165] For these reasons, it is this author’s contention that the development of a tort of invasion of personal privacy will generate greater coherence in the common law.

C Legal Coherence and Statute

In addition to cohering with the common law, the enforcement of a right to privacy must not undermine or stultify any relevant statute. Since the late 20th century, the High Court has been more inclined to develop the common law by reference to statute.[166] Although common law duties in negligence were said to conflict with statutory duties and generate legal incoherence in Sullivan v Moody[167] and CAL No 14 Pty Ltd v Motor Accidents Insurance Board,[168] incoherence with statute to deny a common law claim is widely recognised as finding its unanimous genesis in Miller v Miller.[169] In that case, the plaintiff and the defendant were cousins and had stolen a car with other family members and friends in order to return home from a nightclub. While driving, the defendant lost control of the car and the plaintiff was rendered tetraplegic. The plaintiff sued in negligence. The defendant pleaded the defence of illegality by alleging that the plaintiff had entered into a joint criminal enterprise to use a car without the consent of the owner contrary to s 371A of the Criminal Code Act Compilation Act 1913 (WA). The High Court (Heydon J dissenting) found that the plaintiff had withdrawn from the joint criminal enterprise and as such the illegality defence did not apply.[170] However, the majority (Heydon J agreeing) held in obiter dicta that the plaintiff’s claim in negligence would have failed had she been acting illegally.

The Court stated that the central consideration at stake was coherence in the law, as it is the primary rationale for the illegality defence in tort.[171] The plurality reasoned that, ‘[i]t will be by reference to the relevant statute, and identification of its purposes, that any incongruity, contrariety or lack of coherence denying the existence of a duty of care will be found’.[172] Applying this to the facts of the case, the Court stated that the purpose of s 371A was to use the criminal law to deter and punish individuals using a vehicle in circumstances that lead to reckless driving.[173] Despite that this purpose was expressed in the form of a basic criminal law offence and was silent as to civil liability, the Court held that it was the intention of the legislature to interpolate the statutory purpose into tort law to deny a duty of care because:

The statutory purpose of a law proscribing dangerous or reckless driving is not consistent with one offender owing a co-offender a duty to take reasonable care. ... The inconsistency or incongruity arises regardless of whether reckless or dangerous driving eventuates. It arises from the recognition that the purpose of the statute is to deter and punish using a vehicle in circumstances that often lead to reckless and dangerous driving.[174]

Miller v Miller has since been followed by the High Court to deny common law claims on the basis that their enforcement would be incongruous with statute.[175] Importantly, however, the pursuit of legal coherence should not be seen as a pursuit of legal consistency.[176] Indeed, Fleming has argued that if courts interpolate statutory purposes into the common law without any clear and express intention by the legislature to do so, this is an unauthorised act of judicial legislation.[177] It is for this reason that Miller v Miller has been widely criticised and any further application of it should be done cautiously.[178]

On the reasoning of Miller v Miller, a common law right not to have one’s personal privacy invaded would be denied if its recognition would be incongruous with the purposes of any relevant statute. Upon a review of the various schemes in the Privacy Act and the state and territory statutes as outlined in Part I, this is unlikely to pose significant difficulty.

From the outset, the fact that the individual complaint scheme exists does not prevent the common law from developing alongside it. Unless expressly stated otherwise, where both statutory and common law avenues exist, litigants are free to make a choice as to how they wish to bring their claim.[179] The more pertinent issue is how a tort of invasion of personal privacy would interact with the purposes of the Australian Privacy Principles and the NDB scheme. As outlined in Part I, the NDB scheme imposes an obligation on entities to notify their consumers when a data breach occurs. An imposition of tortious liability for an invasion of privacy would clearly not overlap with the purpose of such a notification: the NDB scheme would simply be helpful evidence of an invasion of privacy. The Australian Privacy Principles, however, specifically impose standards on how entities can collect, store, use and disclose data. Therefore, there is potential for a tort of invasion of personal privacy to conflict with these standards and their underlying purposes.

Before the Australian Privacy Principles were introduced by passing the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Cth), Attorney-General Nicola Roxon, in her second reading speech, stated that the purpose of the amending legislation was to ‘bring Australia’s privacy protection framework into the modern era’.[180] The Principles, in setting a minimum standard of rules that must be complied with for the collection, use, storage and disclosure of personal information, therefore clearly have the protection of personal privacy at their forefront. However, as Apolo has convincingly identified, the Australian Privacy Principles are consequentialist in nature as they allow for private and public entities to acquire personal information where certain standards are met.[181] Accordingly, the Principles balance the personal privacy of the individual with the social benefits of data processing.[182]

It is unlikely that the imposition of tortious liability for an invasion of personal privacy would be incongruous with this purpose. Bearing in mind the elements of the tort proposed by extant literature, tortious liability will only be imposed where the invasion of privacy was intentional.[183] Therefore, the tort can be classified as an intentional one, and the general defence of consent will prevent liability from being imposed where a plaintiff consents to their personal privacy being invaded.[184] This precisely reflects how the Australian Privacy Principles regulate the collection of sensitive personal information. Principle 3.3(a) states in clear terms that an entity must not collect sensitive information about an individual unless that individual consents to the collection of the information. If an entity collects such information without consent, they are in breach of Principle 3.3 and an individual can make a complaint about that entity, and potentially obtain a remedy by way of a determination. Thus, a privacy tort that imposes liability on a defendant who, in breach of Principle 3.3, takes personally private information from an individual without their consent, would enhance the statutory purpose of the Australian Privacy Principles, rather than undermine it.

However, it must be accepted that where the legislature, by way of the Australian Privacy Principles, has specifically designated a relevant standard to be imposed on entities in certain situations, then a privacy tort would likely conflict with the Principles if it imposed a higher standard in those specific situations. Any development of a tort of invasion of personal privacy must therefore be cognisant of this issue, as it would likely reduce the tort’s scope of application. Nevertheless, if the tort were to impose obligations beyond those of the Principles in circumstances where they were silent on particular issues, it does not necessarily follow that incongruity would arise. For example, although Principle 6.2 provides for how an individual’s personal information can be used by an entity, a contentious issue that it does not regulate is that of cumulative data use. This involves a situation where a person consents to a data platform collecting and using individual pieces of personal information (such as an email address, phone number, location, date of birth and credit card number), but the platform later uses that information in combination without any such consent. If P were to consensually give the abovementioned information to D on separate occasions and D used that information in combination without P’s consent, it is unclear whether D is in breach of the Principles. It follows that if P’s identity is stolen by a third-party hacker as a result of the combined use, and she suffers economic loss, P may not have a valid complaint under the Act against D.

If a tort of invasion of personal privacy were held to exist, there are good arguments that the tort would be committed in instances where non-consensual cumulative data use occurs.[185] If this were the case, tort law would certainly be imposing obligations on entities beyond those of the Australian Privacy Principles. However, this does not mean that the tort is in conflict with the statutory purpose of the Principles. It is, instead, fulfilling the function of the common law: to incrementally respond to new forms of infringements of individual rights. Thus, a tort of invasion of personal privacy that imposes additional liability to protect a right not to have one’s personal privacy invaded will not undermine the purpose of the Australian Privacy Principles.

As to the state and territory legislation, the establishment of a privacy tort would not be incongruous with these statutes. Rather, it would inject coherence into the legal response to invasions of privacy. As was outlined in Part I, a number of states and territories have enacted offences rendering it illegal for a person to film another person engaged in a private act.[186] Although it must be acknowledged that each offence has widely different elements, their general underlying purpose is to deter and punish an unreasonable invasion of a person’s privacy without their consent. The refusal of express common law protection of privacy does not align with this purpose. For example, if X were to film Y while getting changed in a clothes store, X could be charged with a criminal offence. However, if X were to upload that video on TikTok, and the video went viral such that Y’s employer saw the video and sacked Y, Y would have no civil claim against X to be compensated for his or her losses.[187] This is anomalous; the legislature is denouncing the conduct as criminal on the one hand, while the common law is refusing to acknowledge it as a civil wrong on the other.[188] Thus, the development of a privacy tort that gives the victims of crimes the ability to sue for invasions of their personal privacy would facilitate the unique purposes of criminal law and tort law to ensure that the overall legal response to invasions of privacy is principled and free from contradiction.

D Summary

The above analysis demonstrates that according to the rights-based theory of tort law, it would be justifiable for courts to develop the common law to protect an individual’s right not to have his or her personal privacy invaded. Three principled conclusions can be derived from the foregoing exploration.

First, although the concept of ‘personal privacy’ is difficult to define, it is a moral right that is capable of being subject to definable limits in circumstances where it is clearly in the public interest to warrant protection. In this sense, conduct that infringes a right not to have one’s personal privacy invaded can be determined in advance to a sufficient standard of certainty. Therefore, a tort of invasion of personal privacy that imposes liability for such conduct would be cognisant of the rule of law.

Secondly, in being predicated as a tort that protects a particular right from being intentionally infringed, the tort of invasion of personal privacy readily ‘fits’ within the law of torts. Not only does the tort not conflict with any other causes of action, but its implementation would imbue a more unified common law response to invasions of privacy.

Thirdly, a tort of invasion of personal privacy would actively promote and enhance the purposes of the territory, state and federal privacy legislation. The tort provides an alternative avenue of remedy to all individuals who have had their privacy infringed, irrespective of whether the defendant was subject to the Australian Privacy Principles. Additionally, the tort would act as an underlying safety net, in which legislative gaps could be filled with a purpose to protect against invasions of privacy as they grow in complexity in response to new and novel technological advances. Such a combined statutory and common law approach is an effective and proficient response that complements the intention of the legislature.

These findings, in themselves, provide compelling reasons for the development of a tort of invasion of personal privacy. However, taken together, they indicate that the imposition of tortious liability in such circumstances would align with the theoretical underpinnings of Australia’s bifocal law of torts.

V Conclusion

It cannot be denied that technology has fundamentally changed the way in which we live. Consequently, invasions of privacy are commonplace and will only become more prevalent in years to come. While these observations are paramount to the justification for the development of a tort of invasion of personal privacy, in isolation and without additional support from an explicitly legal foundation, they do not provide a sound basis for Australian courts to exercise their judicial law-making function.

This article has therefore sought to assess whether there is a more principled justification for a tort of invasion of personal privacy by considering whether its implementation would align with the theoretical underpinnings of Australian tort law. In doing so, this article has revealed that according to the rights-based theory of tort law, the establishment of a tort of invasion of personal privacy at common law would accord with incremental tort law development as a right not to have one’s personal privacy invaded can be derived from a moral right, its protection can be subject to definable limits, and its enforcement would promote coherence in Australian law.

The judicial advancement of a tort of invasion of personal privacy would be justified and legitimate. Not only is our technological society demanding further common law protection of personal privacy in circumstances in which the legislative response has remained relatively stagnant, but a corresponding tort that can be used to protect a defined right to personal privacy would also naturally integrate with the elemental principles and philosophical foundations that constitute contemporary Australian tort law. Indeed, as the rights-based theory exemplifies, a corollary of tort law’s existence is a longstanding recognition that there are very particular instances in which the courts must exercise their judicial law-making function to create new torts. The advancement of a tort of invasion of personal privacy is one such instance: it is the logical next step in tort law’s evolutionary process.

&#6[1] LLB (Hons I, University Medal) (UOW); BCL (Oxon) Candidate (William Asbrey BCL Scholar 2020–21). Email:; ORCID iD:

I would like to thank Emerson Hynard, Yvonne Apolo and Sophie Whittaker for their incisive comments and continuous support. I am also very grateful to the anonymous reviewers and editors of Sydney Law Review for their valuable input. All errors are my own.

[1] The Office of the Australian Information Commissioner received 1,176 data breach notifications in 2019–20 alone, affecting over 5 million Australians: Office of the Australian Information Commissioner, Annual Report 2019–20 (21 September 2020) 43 <


OAIC-Annual-Report-2019-20.pdf> (‘OAIC Report’); Office of the Australian Information Commissioner, Notifiable Data Breaches Scheme 12‑month Insights Report (13 May 2019) 14 <>.

[2] The Australian Bureau of Statistics reported that in 2014–15, 126,300 Australians were the victims of identity theft: Australian Bureau of Statistics, ‘Personal Fraud’ (Catalogue No 4528.0, 20 April 2016) <>.

[3] In 2017, the Ponemon Institute released a report on the cost of data breaches in Australia and found that the average cost per capita for each lost or stolen record is $139 and the total average cost paid by a company due to a data breach is $2.51 million: Ponemon Institute, 2017 Costs of Data Breach Study (June 2017) <>.

[4] According to whistleblower Christopher Wylie, the collection and aggregation of personal data by Cambridge Analytica was used to create a ‘full service-propaganda-machine’: Carole Cadwalladr, ‘“I Made Steve Bannon’s Psychological Warfare Tool”: Meet the Data War Whistleblower’, The Guardian (online, 18 March 2018) <>. For an example of cyber-attacks on the Australian government and other organisations, see Prime Minister, Minister for Home Affairs, Minister for Defence, ‘Statement on Malicious Cyber Activity against Australian Networks’ (Media Statement, 19 June 2020) <>.

[5] See, eg, ‘Man Secretly Filmed More Than 200 People in Sydney Public Toilets, Court Told’, The Sydney Morning Herald (online, 19 April 2017) <>.

[6] Geoffrey A Fowler, ‘Alexa Has Been Eavesdropping on You This Whole Time’, The Washington Post (6 May 2019) <>.

[7] Telecommunications Act 1997 (Cth) ss 317L317RA by virtue of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth). There are many circumstances in which an agency can compel an entity by way of a technical assistance notice to assist the agency in obtaining data on the entity’s platform: see Telecommunications Act 1997 (Cth) s 317L.

[8] See Surveillance Devices Act 2007 (NSW); Surveillance Devices Act 1999 (Vic); Surveillance Devices Act 1998 (WA); Surveillance Devices Act 2016 (SA); Invasion of Privacy Act 1971 (Qld); Listening Devices Act 1991 (Tas); Surveillance Devices Act 2007 (NT); Crimes (Surveillance Devices) Act 2010 (ACT).

[9] Criminal Code Act 1995 (Cth) s 474.17A; Crimes Act 1900 (NSW) ss 91K91L, 91P91Q; Summary Offences Act 1953 (SA) s 26C; Summary Offences Act 1966 (Vic) s 41DA.

[10] Summary Offences Act 1966 (Vic) s 41DA.

[11] Privacy Act 1988 (Cth) (‘Privacy Act’) sch 1 (‘Australian Privacy Principles’). The principles cover a variety of issues, such as the collection of personal information, the storage of that information, and how it can be used and disclosed.

[12] Ibid ss 6, 6C, 6D. State and territory governments have also passed legislation governing the collection, storage and use of personal information by state entities: see, eg, Privacy and Personal Information Protection Act 1998 (NSW).

[13] Privacy Act (n 11) pt IIIC.

[14] If an entity fails to provide such notification, it will be subject to the Act’s civil penalty provisions: ibid s 13(4A).

[15] Such interference will have occurred where an entity fails to comply with the Notifiable Data Breaches (‘NDB’) scheme, breaches any of the Australian Privacy Principles, or contravenes the Act by any other means: ibid s 13.

[16] Privacy Act (n 11) s 52(1)(b)(iii).

[17] Ibid s 52(1B).

[18] Ibid s 55A. The Information Commissioner may also commence proceedings: s 55A(1)(b).

[19] Yvonne Apolo, ‘Incongruent Selves in Social Media and Privacy Law: Proposing a Humanistic Psychological Intervention’ (2018) 22(4) Media and Arts Law Review 464, 477–8; Moira Paterson and Maeve McDonagh, ‘Data Protection in an Era of Big Data: The Challenges Posed by Big Personal Data’ [2018] MonashULawRw 1; (2018) 44(1) Monash University Law Review 1, 9–15; Michael Kirby, ‘Publication Privacy: Action At Last?’ (2012) 17(2) Media and Arts Law Review 202, 209.

[20] Aiden Lerch and Sophie Whittaker, ‘More Valuable Than Oil: The Application of Tort Law and Equity to Data Breach Cases’ (2019) 27(2) Tort Law Review 100, 104–5; Rose Dlougatch, ‘Cyber-Insecurity: Data Breaches, Remedies and the Enforcement of the Right to Privacy’ (2018) 25(4) Australian Journal of Administrative Law 219, 224–5.

[21] An ‘interference with the privacy of an individual’ is limited to acts done by entities or organisations that are subject to, and in breach of, the Australian Privacy Principles or another standard imposed by the Act: see Privacy Act (n 11) s 13.

[22] OAIC Report (n 1) 13, 36.

[23] Lerch and Whittaker (n 20) 104–5; Dlougatch (n 20) 224.

[24] Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199, 258 [132] (Gummow and Hayne JJ) (‘ABC v Lenah’). See also at 248–9 [106]–[108] (Gummow and Hayne JJ), 328–9 [335] (Callinan J); Smethurst v Commissioner for Police [2020] HCA 14; (2020) 94 ALJR 502, 520 [48] (Kiefel CJ, Bell and Keane JJ).

[25] Grosse v Purvis [2003] QDC 151; (2003) Aust Torts Reports 81-706; Doe v Australian Broadcasting Corporation [2007] VCC 281.

[26] Kalaba v Commonwealth [2004] FCA 763, [6] (Heerey J); Chan v Sellwood [2009] NSWSC 1335, [37] (Davies J); Giller v Procopets [2008] VSCA 236; (2008) 24 VR 1, 35–6 [167]–[168] (Ashley JA), 106–7 [447]–[450] (Neave JA) (‘Giller (VSCA)’); Sands v South Australia [2013] SASC 44, [613]–[614] (Kelly J).

[27] Barbara McDonald, ‘Privacy Rights’ in Carolyn Sappideen and Prue Vines (eds), Fleming’s The Law of Torts (Thomson Reuters, 10th ed, 2011) 683, 684.

[28] Lincoln Hunt Pty Ltd v Willesee (1986) 4 NSWLR 457, 463–4 (Young J). See generally, TCN Channel Nine Pty Ltd v Anning (2002) 54 NSWLR 333.

[29] Raciti v Hughes (1995) 7 BPR 14,837. Although note that recently the English Court of Appeal held that the tort of private nuisance does not protect privacy at all: see Fearn v Board of Trustees of the Tate Gallery [2020] Ch 621, 638–48.

[30] Giller v Procopets [2004] VSC 113 (‘Giller (VSC)’); Giller (VSCA) (n 26); Wilson v Ferguson [2015] WASC 15; Scala v Scala [2019] FCCA 3456; Kwok v Thang [1999] NSWSC 1034.

[31] Des Butler, ‘Protecting Personal Privacy in Australia: Quo Vadis?’ (2016) 42(1) Australian Bar Review 107, 109, 130–31; Barbara McDonald, ‘A Statutory Action for Breach of Privacy: Would it Make a (Beneficial) Difference?’ (2013) 36(3) Australian Bar Review 241, 250–3 (‘A Statutory Action for Breach of Privacy’); Barbara McDonald, ‘Tort’s Role in Protecting Privacy: Current and Future Directions’ in Simone Degeling, James Edelman and James Goudkamp (eds), Torts in Commercial Law (Thomson Reuters, 2011) 86; Mark Johnston, ‘Should Australia Force the Square Peg of Privacy into the Round Hold of Confidence or Look to a New Tort?’ (2007) 12(4) Media and Arts Law Review 441, 447–8; Jonathan Lewis, ‘Privacy: A Missed Opportunity’ (2005) 13(3) Tort Law Review 166, 173–5.

[32] Australian Law Reform Commission (‘ALRC’), Serious Invasions of Privacy in the Digital Era (Report No 123, June 2014) (‘ALRC 2014 Report’); Australian Law Reform Commission, For Your Information: Privacy Law and Practice (Report 108, May 2008) (‘ALRC 2008 Report’); New South Wales Law Reform Commission, Invasion of Privacy (Report No 120, April 2009) 9 [4.1]; Victorian Law Reform Commission, Surveillance in Public Places (Report No 18, June 2010); Australian Competition and Consumer Commission, Digital Platforms Inquiry (Final Report, 26 July 2019) 37 (Recommendation 19) <>.

[33] Gala v Preston [1991] HCA 18; (1991) 172 CLR 243, 262 (Brennan J).

[34] ALRC 2014 Report (n 32) 19 [1.11]. The author acknowledges that the fifth ‘element’ is better described as a ‘feature’ and is not strictly an element of the cause of action.

[35] See generally Des Butler, ‘A Tort of Invasion of Privacy in Australia?’ [2005] MelbULawRw 11; (2005) 29(2) Melbourne University Law Review 339, 373, 375; Butler (n 31) 122–9; Johnston (n 31) 457, 466; Lewis (n 31) 190. The elements are based on those outlined by Skoein SDCJ in Grosse v Purvis (n 25) 444.

[36] The scholarship has generally split the tort of invasion of privacy into two corresponding torts, ‘unreasonable intrusion’ and ‘disclosure of private facts’: Butler, ‘A Tort of Invasion of Privacy in Australia?’ (n 35) 373, 375. For the purposes of this article, the single ‘merged’ tort provided by the ALRC will be employed: ALRC 2014 Report (n 32). Given that the ARLC considered all of the competing arguments on this issue in great depth, it is this author’s view that the ALRC’s considered opinion that a unified tort best captured the issues at hand, should be adopted.

[37] Paul Roth, ‘Data Protection Meets Web 2.0: Two Ships Passing in the Night’ [2010] UNSWLawJl 23; (2010) 33(2) UNSW Law Journal 532, 560.

[38] Des Butler, ‘The Dawn of the Age of the Drones: An Australian Privacy Law Perspective’ [2014] UNSWLawJl 17; (2014) 37(2) UNSW Law Journal 434, 442–8.

[39] Butler ‘A Tort of Invasion of Privacy in Australia?’ (n 35) 363–4; Butler (n 31) 131; Johnston (n 31) 444–5; McDonald (n 27) 681, 688.

[40] Sir Anthony Mason, ‘The Role of the Courts at the Turn of the Century’ (1993) 3(3) Journal of Judicial Administration 156, 164–5; Justice MH McHugh, ‘The Judicial Method’ (1999) 73(1) Australian Law Journal 37, 42; Justice Michael Kirby, ‘Judicial Activism? A Riposte to the Counter-Reformation’ (2004) 24(3) Australian Bar Review 219, 226.

[41] McHugh (n 40) 48.

[42] Chief Justice Owen Dixon, ‘Concerning Judicial Method’ (1956) 29(9) Australian Law Journal 468, 472; McHugh (n 40) 47–8; Chief Justice Murray Gleeson, ‘Judicial Legitimacy’ (2000) 20(1) Australian Bar Review 4, 6; Justice JD Heydon, ‘Judicial Activism and the Death of the Rule of Law’ (2003) 14(2) Australian Intellectual Property Law Journal 78, 92–3.

[43] McHugh (n 40) 43, 48. See also State Government Insurance Commission (SA) v Trigwell [1979] HCA 40; (1979) 142 CLR 617, 633 (Mason J).

[44] Mason (n 40) 165.

[45] Ibid.

[46] Burnie Port Authority v General Jones Pty Ltd [1994] HCA 13; (1994) 179 CLR 520, 593 (McHugh J).

[47] See, eg, James Goudkamp and John Murphy, ‘The Failure of Universal Theories of Tort Law’ (2015) 21(2) Legal Theory 47.

[48] James Edelman and Simone Degeling, ‘The Future of the Common Law of Torts’ (2010) 33(1) Australian Bar Review 45, 47; James Edelman, James Goudkamp and Simone Degeling, ‘The Foundations of Torts in Commercial Law’ in Simone Degeling, James Edelman and James Goudkamp (eds), Torts in Commercial Law (Thomson Reuters, 2011) 1, 2–3; Justice James Edelman, ‘Fundamental Errors in Donoghue v Stevenson?’ (2014) 39(2) Australian Bar Review 160, 169.

[49] Robert Stevens, Torts and Rights (Oxford University Press, 2007).

[50] As explained in Part II, it is this author’s view that while the theory cannot explain the entirety of the law of torts, it can effectively explain particular torts centred on the protection of individual rights. It therefore has fundamental weight in any development of a tort designed to protect a nominate right.

[51] See William Blackstone, Commentaries on the Laws of England (Clarendon Press, 1765) Book III.

[52] See Thomas M Cooley, A Treatise on the Law of Torts or the Wrongs which Arise Independent of Contract (Callaghan, 1879) ch II.

[53] See Frederick Pollock, The Law of Torts: A Treatise on the Principles of Obligations Arising from Civil Wrongs in the Common Law (Stevens & Sons, 1887) 7–10.

[54] Percy H Winfield, The Province of the Law of Tort (Cambridge University Press, 1931) 32–9.

[55] This has been identified in modern scholarship: see Edelman (n 48) 167; Edelman, Goudkamp and Degeling (n 48) 1.

[56] McBride gives numerous examples of this: Nicholas J McBride, ‘Rights and the Basis of Tort Law’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 331, 331–3.

[57] Allan Beever, ‘Our Most Fundamental Rights’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 63, 84; Robert Stevens, ‘Rights and Other Things’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 115, 116; McBride (n 56) 332–3.

[58] McBride (n 56) 332.

[59] Stevens (n 49) 2. See also McBride (n 56) 335; Allan Beever, Rediscovering the Law of Negligence (Hart Publishing, 2007) 45, 218; John CP Goldberg and Benjamin C Zipursky, ‘Rights and Responsibility in the Law of Torts’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 251, 251. Although note that Beever’s approach is limited to the tort of negligence and is more of a hybrid between the rights-based theory and the theory of corrective justice.

[60] Wesley Hohfeld, ‘Some Fundamental Legal Conceptions as Applied in Judicial Reasoning’ (1913) 23(1) Yale Law Journal 16, 31-2.

[61] Donal Nolan and Andrew Robertson, ‘Rights and Private Law’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 1, 8; Goldberg and Zipursky (n 59) 251; Stevens (n 49) 4; Beever (n 59) 238.

[62] Nolan and Robertson (n 61) 8. See also Stevens (n 49) 9, 339.

[63] Stevens (n 49) 340.

[64] Ibid 3; Goldberg and Zipursky (n 59) 251, 262; McBride (n 56) 335; Stevens (n 57) 120; Beever (n 59) 218; Benjamin C Zipursky, ‘Rights, Wrongs and Recourse in the Law of Torts’ (1998) 51(1) Vanderbilt Law Review 1, 16.

[65] Stevens (n 49) 2; Goldberg and Zipursky (n 59) 251, 268; McBride (n 56) 335, 359. The theory is therefore heavily reliant on the bilateral structure of tort law, as only the right-holder, and the right-infringer, can sue, and be sued in tort, respectively: James Goudkamp and John Murphy, ‘Torts Statutes and Torts Theories’ (2015) 131(1) Law Quarterly Review 133, 138.

[66] McBride (n 56) 335; Stevens (n 49) 311, 330.

[67] Stevens (n 49) 4; Stevens (n 57) 122; McBride (n 56) 335, 338. Although Goldberg and Zipursky opine that tort law is explained by the ‘inherent relationality of tortious wrongdoing’ as well as the protection of rights: Goldberg and Zipursky (n 59) 262.

[68] Stevens (n 49) 306–17; Beever (n 59) 176–7.

[69] Stevens (n 49) 310.

[70] Ibid 309 (emphasis omitted). Interestingly, the High Court has approved of some of Stevens’ views about policy reasoning: see Brookfield Multiplex Ltd v Owners Corporation Strata Plan 61288 [2014] HCA 36; (2014) 254 CLR 185, 230 [134] (Crennan, Bell and Keane JJ).

[71] Roderick Bagshaw, ‘Tort Law, Concepts and What Really Matters’ in Andrew Robertson and Tang Hang Wu (eds), The Goals of Private Law (Hart Publishing, 2009) 239, 249.

[72] McBride (n 56) 340.

[73] Ibid 339–40. In the context of the tort of negligence, Robertson and Perry have similarly argued that policy reasoning is legitimate and necessary: Andrew Robertson, ‘Rights, Pluralism and the Duty of Care’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 435, 440–50; Stephen Perry, ‘The Role of Duty of Care in a Rights-Based Theory of Negligence Law’ in Andrew Robertson and Tang Hang Wu (eds), The Goals of Private Law (Hart Publishing, 2009) 79, 83. Hohfeld was also originally of the view that the determination of claim rights is ‘ultimately a question of justice and policy’: Hohfeld (n 60) 36.

[74] See Peter Cane, ‘Rights in Private Law’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 35.

[75] See Goudkamp and Murphy (n 47). See also John Murphy, ‘Rights, Reductionism and Tort Law’ (2008) 28(3) Oxford Journal of Legal Studies 393, 407.

[76] Edelman and Degeling (n 48) 47.

[77] Edelman (n 48) 169.

[78] Edelman and Degeling (n 48) 47; Edelman (n 48) 169; Edelman, Goudkamp and Degeling (n 48) 1–3; Cane (n 74) 37.

[79] To take a hyperbolic example: because the person being hit was a powerlifter and muscular people are stronger than non-muscular people, it is acceptable for them to be punched in the nose.

[80] Cane (n 74) 57.

[81] Hill v Van Erp (1997) 188 CLR 159, 197.

[82] Perre v Apand Pty Ltd [1999] HCA 36; (1999) 198 CLR 180, 200 [34] (Gaudron J) quoting Hawkins v Clayton (1988) 164 CLR 539, 594 (Gaudron J). See also Hill v Van Erp (n 81) 197 (Gaudron J).

[83] Hargrave v Goldman [1963] HCA 56; (1963) 110 CLR 40, 60 (Windeyer J). See also Brodie v Singleton Shire Council [2001] HCA 29; (2001) 206 CLR 512, 566–7 [121] (Gaudron, McHugh and Gummow JJ), 609 [257] (Hayne J).

[84] Penfolds Wines Pty Ltd v Elliot [1946] HCA 46; (1946) 74 CLR 204, 226 (Dixon J).

[85] Rootes v Shelton [1967] HCA 39; (1967) 116 CLR 383, 386–7.

[86] Plenty v Dillon (1991) 171 CLR 635.

[87] Ibid 636.

[88] Ibid 644.

[89] Ibid 645.

[90] Ibid.

[91] Ibid 654.

[92] Ibid 654–5.

[93] Coco v The Queen [1994] HCA 15; (1994) 179 CLR 427, 435.

[94] New South Wales v Ibbett [2006] HCA 57; (2006) 229 CLR 638, 646 [29].

[95] Trobridge v Hardy [1955] HCA 68; (1955) 94 CLR 147, 152 (Fullagar J). See also Ruddock v Taylor (2005) 222 CLR 612, 632 [70] (McHugh J), 649 [136]–[137] (Kirby J); Watson v Marshall [1971] HCA 33; (1971) 124 CLR 621, 630 (Walsh J).

[96] Secretary, Department of Health and Community Services v JWB [1992] HCA 15; (1992) 175 CLR 218, 232–3 (Mason CJ, Dawson, Toohey and Gaudron JJ), 265–6 (Brennan J), 309–11 (McHugh J) (‘Marion’s Case’). See also Fontin v Katapodis ([1962] HCA 63; 1962) 108 CLR 177, 183–4 (McTiernan J).

[97] Marion’s Case (n 96) 253–4 (Mason CJ, Dawson, Toohey and Gaudron JJ).

[98] Binsaris v Northern Territory [2020] HCA 22; (2020) 94 ALJR 664, 669 [20] (Kiefel CJ, Keane J), 670 [25] (Gageler J), 684 [109] (Gordon and Edelman JJ).

[99] Ibid 670 [25].

[100] Edelman and Degeling (n 48) 47.

[101] Ibid 47 citing FH Lawson, The Rational Strength of English Law (Stevens & Sons, 1951) 122–3. See also Edelman (n 48) 169; Edelman, Goudkamp and Degeling (n 48) 1–3.

[102] In particular, Nolan and Robertson have identified three normative implications of the theory: Nolan and Robertson (n 61) 10.

[103] Stevens (n 49) 329. See also Cane (n 74) 61; Jane Stapleton, ‘Evaluating Goldberg and Zipursky’s Civil Recourse Theory (2006) 75(3) Fordham Law Review 1529, 1538.

[104] Stevens (n 49) 330.

[105] Nolan and Robertson (n 61) 11–12; Stevens (n 49) 330–2; Ernest J Weinrib, The Idea of Private Law (Harvard University Press, 1995) 19, 49. Cf McBride (n 56) 352–5.

[106] Stevens (n 49) 330–1.

[107] Robert Stevens, ‘The Conflict of Rights’ in Andrew Robertson and Tang Hang Wu (eds), The Goals of Private Law (Hart Publishing, 2009) 139, 145.

[108] Stevens (n 49) 330–2; Nolan and Robertson (n 61) 11.

[109] Stevens (n 49) 331–2.

[110] See generally, Adam D Moore, Privacy Rights: Moral and Legal Foundations (Penn State University Press, 2010) chs 2–5; Carolyn Doyle and Mirko Bagaric, Privacy Law in Australia (Federation Press, 2005) ch 2; Diane P Michelfelder, ‘The Moral Value of Informational Privacy in Cyberspace’ (2001) 3(2) Ethics and Information Technology 129; J Angelo Corlett, ‘The Nature and Value of the Moral Right to Privacy’ (2002) 16(4) Public Affairs Quarterly 329; Charles Fried, ‘Privacy’ (1968) 77(3) Yale Law Journal 475. See also ABC v Lenah, where Gleeson CJ draws on ‘morals and behaviour’ to identify material that is private: ABC v Lenah (n 24) 226 [42].

[111] Nolan and Robertson (n 61) 12.

[112] Stevens (n 49) 339.

[113] Ibid 340.

[114] Ibid 339–40.

[115] See above n 34 and accompanying text.

[116] See, eg, Apolo (n 19) 475; McDonald, ‘A Statutory Action for Breach of Privacy’ (n 31) 269; Patrick O’Callaghan, ‘Privacy in Pursuit of a Purpose?’ (2009) 17(2) Tort Law Review 100, 103; Johnston (n 31) 443–4; Daniel Solove, ‘A Taxonomy of Privacy’ (2006) 154(3) University of Pennsylvania Law Review 477, 479–80; Raymond Wacks, ‘Why There Will Never Be an English Common Law Privacy Tort’ in Andrew T Kenyon and Megan Richardson (eds), New Dimensions in Privacy Law: International and Comparative Perspectives (Cambridge University Press, 2006) 154, 175–8.

[117] ABC v Lenah (n 24) 225–6 [41]–[42] (Gleeson CJ); 249–50 [108]–[110] (Gummow and Hayne JJ). See also Giller (VSCA) (n 26) 35 [167]–[168] (Ashley J).

[118] See, eg, LU and Department of Defence [2017] AICmr 61.

[119] ABC v Lenah (n 24) 226 [42] (Gleeson CJ).

[120] Since the landmark decision of the High Court of New Zealand in C v Holland [2012] NZHC 2155; [2012] 3 NZLR 672, which established the common law tort of invasion of personal privacy, the New Zealand courts have incrementally developed (and thereby limited) the scope of the tort: see NA Moreham, ‘A Conceptual Framework for the New Zealand Tort of Intrusion’ (2016) 47(2) Victoria University of Wellington Law Review 283.

[121] ALRC 2008 Report (n 32) vol 1 142 [1.31]. Note, however, that the Report also suggests that the concept of privacy also incorporates ‘Privacy of communications’: at vol 1 142 [1.31]. For the purposes of this article, this category will be subsumed into that of informational privacy, as it better reflects the modern definition of ‘informational privacy’ which includes communications: see generally Moira Paterson, Freedom of Information and Privacy in Australia: Information Access 2.0 (LexisNexis Butterworths, 2nd ed, 2015).

[122] ALRC 2008 Report (n 32) vol 142 [1.31], vol 1 150–3 [1.69]–[1.79].

[123] ‘Confidential information’ and ‘private information’ are distinct concepts. It is for this reason, among others, that New Zealand courts refused to extend breach of confidence to protect against invasions of personal privacy more generally: Hosking v Runting [2004] NZCA 34; [2005] 1 NZLR 1, 15–6 [45]–[50] (Gault J; Blanchard and Tipping JJ agreeing).

[124] ALRC 2008 Report (n 32) vol 1 142 [1.31].

[125] Morris v Beardmore [1981] 1 AC 446, 465 (Lord Scarman); Plenty v Dillon (n 86) 640.

[126] Bernstein v Skyviews General Ltd [1977] EWHC 1; [1978] 1 QB 479, 489.

[127] Raciti v Hughes (n 29).

[128] Timothy Endicott, ‘Law is Necessarily Vague’ (2001) 7(4) Legal Theory 379, 382–4.

[129] McBride (n 56) 336–41. See also Roderick Bagshaw, ‘The Edges of Tort Law’s Rights’ in Donal Nolan and Andrew Robertson (eds), Rights and Private Law (Hart Publishing, 2012) 407, 433.

[130] McBride (n 56) 340–1.

[131] Ibid.

[132] Ibid 341, 352–5.

[133] Robert Stevens, ‘The Proper Limits of Judicial Law-Making’, Judicial Power Project (Blog Post,

30 September 2016) <>; Robert Stevens, ‘Damages for Wrongdoing in the Absence of Loss’ in Jason NE Varuhas and NA Moreham (eds), Remedies for Breach of Privacy (Hart Publishing, 2018) 97, 105.

[134] See, e.g, Chief Justice RS French, ‘The Common Law and the Protection of Human Rights’ (Speech, Anglo Australasian Lawyers Society, 4 September 2009) 3–4 [7].

[135] Justice Patrick Keane, ‘Too Much Information: Civilisation and the Problems of Privacy’ (Speech, 2020 Griffith Law School Michael Whincop Memorial Lecture, 27 August 2020) 9.

[136] See above n 5.

[137] See above n 3.

[138] See above n 4.

[139] Stevens, ‘The Proper Limits of Judicial Law-Making’ (n 133).

[140] Campbell v MGN Ltd [2004] UKHL 22; [2004] 2 AC 457, 464 [12].

[141] This explains why courts in New Zealand, Canada and America have developed torts protecting against invasions of personal privacy despite varying levels of positive intervention by their respective legislatures: see, eg, Hosking v Runting (n 123); C v Holland (n 120); Jones v Tsige (2012) 108 OR (3d) 241; Time Inc v Hill, [1967] USSC 11; 385 US 374 (1967); Cox Broadcasting Corporation v Cohn, [1975] USSC 44; 420 US 469 (1975). It is arguable that because the common law plays such a significant role in protecting individual rights and freedoms in Australia, courts are even more justified in developing such a right.

[142] Nolan and Robertson (n 61) 10–11; Beever (n 59) 62.

[143] Nolan and Robertson (n 61) 11; Beever (n 59) 266. Stevens adds that where rights are coherent within the legal system, they must not be unduly limited: Stevens (n 49) 54–5.

[144] See generally Ronald Dworkin, Law’s Empire (Belknap Press, 1986); Neil MacCormick, Legal Right and Social Democracy: Essays in Legal and Political Philosophy (Clarendon Press, 1984);

JM Balkin, ‘Understanding Legal Understanding: The Legal Subject and the Problem of Legal Coherence’ (1993) 103(1) Yale Law Journal 105; Michael Gillooly, ‘Legal Coherence in the High Court: String Theory for Lawyers’ (2013) 87(1) Australian Law Journal 33; Elise Bant, ‘Statute and Common Law: Interaction and Influence in Light of the Principle of Coherence’ [2015] UNSWLawJl 13; (2015) 38(1) UNSW Law Journal 367; Ross Grantham and Darryn Jensen, ‘Coherence in the Age of Statues’ [2016] MonashULawRw 12; (2016) 42(2) Monash University Law Review 360; Andrew Fell, ‘The Concept of Coherence in Australian Private Law’ [2018] MelbULawRw 6; (2018) 41(3) Melbourne University Law Review 1160.

[145] Neil MacCormick, Legal Reasoning and Legal Theory (Clarendon Press, 1994) 152.

[146] MacCormick (n 144) 38–9. Cf Grantham and Jensen (n 144) 361.

[147] Balkin (n 144) 114.

[148] Aiden Lerch and Yvonne Apolo, ‘Re-Examining Miller v Miller: A Search for Rationality and Coherence in Australia’s Illegality Defence’ (2019) 25(3) Torts Law Journal 219, 228.

[149] Sullivan v Moody (2001) 207 CLR 562, 580–2 [54]–[60] (Gleeson CJ, Gaudron, McHugh, Hayne and Callinan JJ); Tame v New South Wales [2002] HCA 35; (2002) 211 CLR 317, 335 [28] (Gleeson CJ), 342 [57]–[58] (Gaudron J), 361–2 [122]–[126] (McHugh J), 418 [298]–[299] (Hayne J); CAL No 14 Pty Ltd v Motor Accidents Insurance Board (2009) 239 CLR 390, 406–8 [39]–[42] (Gummow, Heydon and Crennan JJ); Miller v Miller [2011] HCA 9; (2011) 242 CLR 446, 454 [15] (French CJ, Gummow, Hayne, Crennan, Kiefel and Bell JJ); Equuscorp Pty Ltd v Haxton (2012) 246 CLR 498, 513–4 [23]–[25], 518 [34] (French CJ, Crennan and Kiefel JJ); Westfield Management Ltd v AMP Capital Property Nominees Ltd [2012] HCA 54; (2012) 247 CLR 129, 143–4 [46] (French CJ, Crennan, Kiefel and Bell JJ); Legal Services Board v Gillespie-Jones [2013] HCA 35; (2013) 249 CLR 493, 525 (Bell, Gageler and Keane JJ); Brookfield Multiplex Ltd v Owners Corporation Strata Plan 61288 (n 70) 201–2 [25] (French CJ), 214 [69] (Crennan, Bell and Keane JJ).

[150] Fell (n 144) 1161. Gillooly instead divides the principles of legal coherence into categories of compatible duties and compatible bodies of law: Gillooly (n 144) 38–46.

[151] Sullivan v Moody (n 149) 580 [50].

[152] Ibid 581 [54].

[153] See, eg, Tame v New South Wales (n 149) 335 [28] (Gleeson CJ), 342 [57]–[58] (Gaudron J), 361–2 [122]–[126] (McHugh J), 418 [298]–[299] (Hayne J); CAL No 14 Pty Ltd v Motor Accidents Insurance Board (n 149) 407–8 [39]–[40] (Gummow, Heydon and Crennan JJ; French CJ and Hayne J agreeing). The doctrine of legal coherence has never been considered in the context of tort law generally, as distinct from an application to the tort of negligence when assessing whether there is a duty of care. This limited judicial consideration must be borne in mind in the remainder of the analysis.

[154] For example, consider a scenario similar to that of Smethurst v Commissioner for Police (n 24): a Commonwealth agency uses its new powers under the Telecommunications Act 1997 (Cth) to hack remotely into the computer of a journalist to take his or her personal data and that hacking is later found to be unlawful due to the relevant warrant being invalidly issued. In such a situation, trespass to land, trespass to goods, private nuisance or breach of confidence are highly unlikely to have been committed.

[155] Jane Stapleton, ‘Duty of Care Factors: A Selection from the Judicial Menus’ in Peter Cane and Jane Stapleton (eds), The Law of Obligations: Essays in Celebration of John Fleming (Clarendon Press, 1998) 71; James Goudkamp, Tort Law Defences (Hart Publishing, 2013) 201–2.

[156] Butler has suggested that the extension of breach of confidence to protect personal privacy may lead to ‘doctrinal distortions’ between common law and equity: Butler (n 31) 130.

[157] Given that the equitable wrong of breach of confidence has been held to have been committed where a person shares sexually explicit photos or videos of another person with whom they had previously been in a relationship, it can be said that equity protects bodily privacy: see Giller (VSCA) (n 26).

[158] Coco v AN Clark (Engineers) Ltd [1968] RPC 41, 48; Commonwealth v John Fairfax & Sons Ltd [1980] HCA 44; (1980) 147 CLR 39, 50–52 (Mason J); Moorgate Tobacco Co Ltd v Philip Morris Ltd (No 2) [1984] HCA 73; (1984) 156 CLR 414, 438 (Deane J).

[159] See Attorney-General v Guardian Newspaper Ltd (No 2) [1990] 1 AC 109, 268 (Lord Griffiths), 281–2 (Lord Goff); Campbell v MGN Ltd (n 140) 464–5 [14] (Lord Nicholls).

[160] Although Gleeson CJ approved of the English approach in ABC v Lenah (n 24) 222 [30], the other members of the Court did not. Since then, Australian courts have not followed Gleeson CJ’s viewpoint and require an obligation of confidence arising from a defined relationship to found the cause of action: see Del Casale v Artedomus (Aust) Pty Ltd [2007] NSWCA 172; (2007) 165 IR 148, 159 [36] (Hodgson JA); Optus Networks Pty Ltd v Telstra Corporation Ltd [2010] FCAFC 21; (2010) 265 ALR 281, 290 [39] (Finn, Sundberg and Jacobson JJ); Marshall v Prescott [2015] NSWCA 110, [6](3), [52]–[53] (Beazley P, Macfarlan and Emmett JJA agreeing).

[161] Giller (VSCA) (n 26).

[162] Giller (VSC) (n 30) [153]–[158] (Gillard J). The Victorian Court of Appeal agreed with the primary judge in this respect: see Giller (VSCA) (n 26) 1 [1] (Maxwell P), 28–9 [131] (Ashley JA), 51 [229], 90 [386] (Neave JA).

[163] Butler (n 31) 130–1.

[164] Excluding the sixth final element: see above n 34.

[165] Stapleton (n 155) 71.

[166] See Sir Anthony Mason, ‘The Interaction of Statute and Common Law’ (2016) 90(5) Australian Law Journal 324, 334–6.

[167] Sullivan v Moody (n 149) 581–2 [55]–[62].

[168] CAL No 14 Pty Ltd v Motor Accidents Insurance Board (n 149) 407–9 [41].

[169] See above n 149.

[170] Miller v Miller (n 149) 483 [106] (French CJ, Gummow, Hayne, Crennan, Kiefel and Bell JJ),

483 [108] (Heydon J).

[171] Ibid 454 [15].

[172] Ibid 473 [74].

[173] Ibid 481–2 [101].

[174] Ibid (emphasis added).

[175] Equuscorp Pty Ltd v Haxton (n 149) 513–4 [23]–[25], 518 [34], 520 [38], 544 [111] (French CJ, Crennan and Kiefel JJ). See also Legal Services Board v Gillespie-Jones (n 149) 525 [119] (Bell, Gageler and Keane JJ); Westfield Management Ltd v AMP Capital Property Nominees Ltd (n 149) 143–4 [46] (French CJ, Crennan, Kiefel and Bell JJ).

[176] Lerch and Apolo (n 148) 227–30. Cf Fell (n 144) 1167–79.

[177] John Fleming, The Law of Torts (Law Book Co, 1957) 278–80; John G Fleming, The Law of Torts (LBC Information Services, 9th ed, 1998) 139–42, 322. See also O’Connor v SP Bray Ltd [1937] HCA 18; (1937) 56 CLR 464, 477–8 (Dixon J).

[178] See Chief Justice Beverley McLachlin, ‘Weaving the Law’s Seamless Web: Reflections on the Illegality Defence in Tort Law’ in Andrew Dyson, James Goudkamp and Frederick Wilmot-Smith (eds), Defences in Tort (Hart Publishing, 2015) 207, 217; Sharon Erbacher, Negligence and Illegality (Hart Publishing, 2017) 128–9; Fell (n 144) 1190–1; Lerch and Apolo (n 148) 232–7.

[179] It could be argued here that because the legislature has positively intervened, courts should refrain from providing further common law protection. However, this argument is misconceived in the context where protection of a limited right to privacy is so clearly within the purview of the courts, given that it upholds basic individual freedoms necessary in any modern polity. This explains why courts in Canada and New Zealand advanced common law privacy torts although their Parliaments had positively intervened to varying extents: see above n 141.

[180] Commonwealth, Parliamentary Debates, House of Representatives, 23 May 2012, 5210 (Nicola Roxon, Attorney-General and Minister for Emergency Management).

[181] Apolo (n 19) 476–8. This is evident from Principle 3, which allows for personal information to be acquired by public and private entities provided that it ‘is reasonably necessary for one or more of its functions or activities’: Australian Privacy Principles (n 11).

[182] Apolo (n 19) 478.

[183] Although the ALRC recommended that recklessness should also suffice: see above n 34.

[184] ALRC 2014 Report (n 32) 195–7 Recommendation 11–4, [11.52]–[11.60]; Butler, ‘A Tort of Invasion of Privacy in Australia?’ (n 35) 379–80.

[185] In doing so, data platforms are creating individual profiles that could arguably tell a third party more about a person than that person’s own DNA. This is likely an intentional intrusion on the plaintiff’s informational privacy beyond the original consent that was given by a plaintiff and the non-consensual use of a profile created this way would likely be offensive to a reasonable person.

[186] See above n 8.

[187] On the current state of Australian law, breach of confidence would not be made out because the relevant personal ‘information’ was not given to X in circumstances of a duty or obligation of confidence: X and Y are strangers. See text accompanying above n 158–160.

[188] It must be acknowledged here that simply because conduct is deemed criminal does not, in itself, justify the imposition of tortious liability for identical conduct.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback