[Previous] [Next] [Title]

16. Surveillance - Approaches to regulation


Graham Greenleaf, with contributions by Nigel Waters, revised 14 May 2003

= required reading

= material added since the date of the class concerning this topic

Objectives

'Surveillance' (whether covert or overt) is perhaps the broadest organising concept in privacy law other than 'fair information practices' / 'information privacy principles' / 'data protection'. However, whereas many jurisdictions have embraced general non-sectoral legislation based around sets of IPPs, almost all legislation regulating surveillance is very narrow in its focus, concentrating on such specific technologies or locations of the surveillance. Examples of such focus are 'listening devices', 'CCTV', 'telecommunications interception', 'workplace surveillance', 'public places', and 'email monitoring'.

In contrast, the NSW Law Reform Commission has proposed (December 2001) a general Surveillance Act covering all forms of surveillance (except telecommunications interception for constitutional reasons). The Hong Kong LRC discussed a somewhat more limited, but still quite general surveillance law in 1996, and is due to report on this in 2002. Victoria has already enacted a quite general Surveillance Devices Act 1999.

The main objectives of this Reading Guide are to consider:

Other forms of surveillance such as telecommunications interception and workplace surveillance are also covered in other Reading Guides.

16.1. General resources

16.2. Australia - Commonwealth legislation

Commonwealth legislation covers telecommunications surveillance (interception), and through the Privacy Act's IPPs provides a limited coverage of surveillance by Commonwealth agencies ('unfair collection' etc), and surveillance of Commonwealth employees. The NPPs will also have some effect on surveillance generally ('unfair collection' etc) but not on employee surveillance.

16.2.1. Telecommunications interception

16.2.2. Workplace surveillance

Personal information contained in employee records within Commonwealth Government Departments and Agencies receives the same protection as other personal information under the Privacy Act 1988, and is subject to the IPPs.

However, the Federal private sector privacy legislation has numerous limitations and exemptions concerning employment privacy, and exempts most workplaces in any event due to its exemption for small businesses. This has made 'workplace surveillance' legislation at State level more important in Australia than it might otherwise have been.

A near-complete exemption for private sector employee records is contained in the Privacy Act 1988 s7(B)(3) which provides that an act done, or practice engaged in, by a private sector organisation that is or was an employer of an individual, is exempt from the Act if it is directly related to: (a) a current or former employment relationship between the employer and the individual; and (b) an employee record held by the organisation and relating to the individual.

It is important to note that this does not exempt all records arising in workplace and naming employees: it only exempts 'employee records'.

One of the Commonwealth's justifications for this exemption was that existing industrial laws provided sufficient protection for employee privacy. It promised during the Bill's passage that this would be the subject of a review and report which was due in mid-2002, but it has not occurred. It was a false assertion and no doubt any report would show that.

The Federal Privacy Commissioner's Guidelines on Workplace Email, Web Browsing and Privacy have no legal force, and it is questionable whether they consider enough areas of law (eg the T(I) Act) to be a reliable guide.

See also Reading Guide 15. Workplace privacy issues for a more general discussion about the application of privacy laws to the workplace, and examples of the application of the Commonwealth IPPs to workplace issues.

16.3. Australia - NSW

NSW has legislation covering listening devices (only where the Commonwealth T(I) Act does not apply) and covert workplace visual surveillance or employees, and information privacy laws covering State employees. The following types of surveillance are therefore not covered by NSW law (except incidentally by other laws in some cases): The NSW Law Reform Commission has proposed a more general surveillance law which would cover all of these forms of surveillance with more uniform rules. See the discussion below re the NSW LRC as to how 'surveillance' should be defined.

16.3.1. Workplace surveillance

NSW has legislated, but only in relation to covert video surveillance.
16.3.1.1. Workplace Video Surveillance Act 1998
The Workplace Video Surveillance Act 1998 regulates covert video surveillance in the workplace. An employer is not permitted to use covert surveillance unless it is used to detect unlawful activity, the employer obtains a covert surveillance authority from a magistrate and the surveillance is overseen by a nominated licenced security operator. See the Guide by Privacy NSW (below) for details.

"Video surveillance" is defined to mean 'surveillance by a closed-circuit television system or other electronic system for visual monitoring of activities on premises or in any other place. '

There is little case law on the Act as yet; See:

Resources
16.3.1.2. Other developments re employees in NSW

16.3.2. Listening devices

TheListening Devices Act 1984 (NSW) is of limited scope, and is limited further by the scope of the Telecommunications Interception Act 1979 (Cth).

A "listening device" is defined ( s3) to mean 'any instrument, apparatus, equipment or device capable of being used to record or listen to a private conversation simultaneously with its taking place'.

"Private conversation" is defined (s3) to mean 'any words spoken by one person to another person or to other persons in circumstances that may reasonably be taken to indicate that any of those persons desires the words to be listened to only: (a) by themselves, or (b) by themselves and by some other person who has the consent, express or implied, of all of those persons to do so'.

The general prohibition on the use of listening devices is found in s5(1) which provides that a person shall not use, or cause to be used, a listening device: (a) to record or listen to a private conversation to which the person is not a party, or (b) to record a private conversation to which the person is a party.

Exceptions to offences s5(1) are found in s5(2) for:

Prima facie s5(b) means that it is illegal to record a conversation to which you are a party. There is a further exception in s5(3) to the recording of a conversation where: There are further prohibitions on communication or publication of private conversations unlawfully listened to (s6), and on communication or publication of records of private conversations by parties thereto (s7), and even the possession of record of private conversations (s8).

The manufacture, supply etc of listening devices for unlawful use is also an offence (s9).

Evidence of a conversation (or evidence obtained as a direct result of it) is inadmissible if the person giving evidence has only become aware of the conversation as a result of a breach of the Act ( s13).

Part 4 provides for the issuing by a Judge of warrants authorising use of listening devices in relation to prescribed offences ( s16).

Breaches of the act are offences, but the Act does not provide for any civil liabilities.

There is a substantial body of case law concerning the Act.

16.3.2.1. Relationship to other laws
With recent developments of the law of breach of confidence, it is quite likely that any use of a listening device to listen to a private conversation would also constitute a breach of confidence.

Whether the use of a listening device would also constitute 'collection' (and possibly an unfair means of collection) of personal data that comes within an information privacy law will depend on factors such as (i) whether the law only applies to information which is recorded or 'held' in some way; (ii) whether the device is used to 'record'; and (iii) whether there is any exemption from the information privacy law which applies.

16.3.3. Proposed general surveillance legislation

NSW Law Reform Commission Report 98 Surveillance: an interim report in December 2001 Read at least the Executive Summary.

The NSW government is reported to be considering introducing legislation based on the Report, but has not yet made any official response to its recommendations.

The Report contains a mind-numbing121 separate recommendations which cover surveillance generally and involve a comprehensive Surveillance Act (excepting telecommunications interception as that is a federal matter and covered by the Telecommunications (Interception) Act 1979). For overt surveillance, the recommended Act would require adherence to 'eight legislative principles to be supplemented by codes of practice for those conducting a significant amount of overt surveillance'.

For covert surveillance, 'the approval of an independent arbiter should have to be obtained before any covert surveillance may occur' (or sometimes retrospectively). A vital element is that failure to observe the overt surveillance guidelines will constitute covert surveillance.

This legislation would be one of the most comprehensive surveillance codes existing.

The NSWLRC's proposals have a very significant overlap with the 'National Privacy Principles' in the Federal private sector legislation, particularly in relation to the collection principles, but touching on most other NPPs such as those dealing with use, disclosure and security.

NSWLRC's own summary of its recommendations
The NSW LRC recommendations are summarised by them as follows (See Executive Summary - footnotes omitted here):

"So far as overt surveillance is concerned, the Commission recommends that this should be regulated flexibly, requiring adherence to eight legislative principles to be supplemented by codes of practice for those conducting a significant amount of overt surveillance. The principles are as follows:

1. Overt surveillance should not be used in such a way that it breaches an individual's reasonable expectation of privacy.

2. Overt surveillance must only be undertaken for an acceptable purpose.

3. Overt surveillance must be conducted in a manner which is appropriate for purpose.

4. Notice provisions shall identify the surveillance user.

5. Surveillance users must be accountable for their surveillance devices and the consequences of their use.

6. Surveillance users must ensure all aspects of their surveillance system are secure.

7. Material obtained through surveillance to be used in a fair manner and only for the purpose obtained.

8. Material obtained through surveillance must be destroyed within a specified period.

Failure to comply with the principles would expose those conducting overt surveillance to the threat of a civil action under the proposed surveillance legislation.

Since covert surveillance is conducted without the knowledge of the subject, and is thereby more intrusive than surveillance conducted overtly, it should be regulated more stringently. The Commission recommends that the approval of an independent arbiter should have to be obtained before any covert surveillance may occur under the proposed Surveillance Act. In circumstances where such prior approval is not possible or practicable, it may, where appropriate, be obtained retrospectively. The Commission has isolated three main areas where covert surveillance may legitimately be conducted. Those are law enforcement, in the course of employment, and in the public interest.

Covert surveillance by, or on behalf of, law enforcement officers should be regulated by a warrants procedure similar to that currently operating in the Listening Devices Act 1984 (NSW), with applications made to and warrants issued by "eligible judges" in the courts system.

Covert surveillance by, or on behalf of, employers should be authorised by members of the Industrial Relations Commission.16 Covert surveillance conducted in the public interest by anyone other than law enforcement officers or employers (or people acting on their behalf), must be authorised by an appropriate issuing authority, being either members of a court or a tribunal.

The proposed Surveillance Act should also specify measures to promote accountability for the conduct of covert surveillance and the use of material obtained as a result.18 Breach of the provisions of the proposed Surveillance Act regarding covert surveillance would give rise to a criminal offence. In addition, liability for a civil action resulting in damages or other appropriate remedies may be incurred as a result of a breach of the Act."

Response by Privacy NSW
The NSW Privacy Commissioner has released a Position Paper on the recommendations for legislative reform set out in the NSW Law Reform Commission Report 98 Surveillance: An Interim Report (December 2001) . As yet, the NSW government has not announced its intentions in relation to the recommended legislation, or the comments by Privacy NSW (General Editor)

The text of the summary by Privacy NSW of its Position Paper follows.

"Privacy NSW strongly supports the over-arching recommendations of the Law Reform Commission Report 98 Surveillance: An Interim Report ("LRC Report") in relation to the development of a comprehensive Surveillance Act which is technology-neutral in its application. In developing the new Act, it is critical to ensure that:

Overt surveillance

In relation to overt surveillance, Privacy NSW has made the following key recommendations:

Covert Surveillance

The LRC Report suggests that authorisation for covert surveillance can only be given for the purposes of law enforcement, protecting the public interest and employment-related investigations. In relation to covert surveillance, Privacy NSW has made the following recommendations:

The very nature of covert surveillance raises serious questions about unauthorised surveillance material, secondary use, disclosure to subjects of covert surveillance, nature of such disclosure and destruction of material gathered during surveillance.

Privacy NSW therefore supports comprehensive legislation to regulate these issues."

(Summary provided by Privacy NSW)

16.4. Australia - Victoria

This material is for comparative purposes only.

16.4.1. Surveillance devices generally

Surveillance Devices Act 1999 (Vic) - regulates the installation, use and maintenance of surveillance devices. It also: In general the Act prohibits the use of listening devices and optical surveillance devices to record private conversation or activity without the consent of each party involved. The Act also restricts the use of tracking devices to record the location of a person/object without that person's knowledge, and the use of data surveillance devices (by law enforcement officers only) to monitor input and output from a computer without the person's knowledge.

The provision for monitoring input and output from a person's computer would presumably cover the flow of email traffic - though this is not made explicit. However, this provision only covers activities of law enforcement officers, and so would have minimal impact on the workplace (except in investigations, where law enforcement officers could monitor with authority of a warrant).

16.4.2. Workplace and public places

Victoria's Attorney-General gave a reference to its Law Reform Commission in July 2001 to examine generally which other areas of privacy protection which should be a priority (after the enactment of the Surveillance Devices Act 1999 and the Information Privacy Act 2000) .

In March 2002 this has been followed up by the announcement of a more specific inquiry into workplace privacy and surveillance in public places. The Commission will first consider whether current protection for all aspects workers' privacy are adequate.

16.5. Hong Kong

This material is for comparative purposes only.

16.5.1. General surveillance legislation

16.5.2. Telecommunications interception

16.5.3. Workplace

16.6. Other jurisdictions

16.6.1 China


  • [Previous] [Next] [Title]