4. General law protection of privacy (including constitutional protection)
= Required reading (Students are only required to read general materials and
those relating to their jurisdiction, not materials from all jurisdictions.
Obtain further advice from your teacher.)
material added since the date of the class concerning this topic
Graham Greenleaf, last revised 19 March 2003
Why are special privacy laws needed, and in particular the sets of
`information privacy principles' found in most privacy laws? This Part gives a
summary of how the general law (common law, equity and general principles of
administrative law) protects privacy. In part, this is for the purpose of
showing that the general law (at least in common law jurisdictions) does not
provide sufficient protection for privacy, but gives only sporadic and
incidental protection to privacy interests.
It is equally true that general law protections must not be ignored as they
often provide stronger protection than IPPs (including in relation to
remedies), and may sometimes be able to be relied in situations where the other
party is exempt from an obligation to comply with statutory IPPs.
Here, each type of general law remedy is summarised. When we deal with each of
the Information Privacy Principles, the analogous protections found in the
general law will be examined again, in comparison with the relevant IPP.
The special position of the USA is discussed at the end of this Reading Guide.
The various sources of privacy protection outside data protection laws
(usually non-statutory but not always) requiring consideration are:
- Constitutional rights of privacy, developed through court decisions;
- Statutory Bills of Rights (sometimes implementing international
- Implementation of international privacy obligations through the Courts;
- General privacy torts;
- Protections of privacy arising incidentally from other remedies (tortious,
equitable or administrative law).
has neither any developed implied constitutional right of privacy (contrast the
USA) nor a statutory 'Bill of Rights' privacy right as in NZ, HK or the UK
- M Berthold & R Wacks Data Privacy Law in Hong Kong (Sweet and
Maxwell, 1997) (hereinafter 'Berthold & Wacks') Chapter 1 'Data privacy and
the common law' - a very readable summary
- Hong Kong Law Reform Commission Consultation Paper
Civil Liability for Invasion of Privacy (1999);
unofficial HTML version - a recent and comprehensive study
- R Wacks Privacy and Press Freedom (Blackstone Press, 1995) Chapter
3 'Privacy and the Common Law'
The effect on Australian domestic law of international agreements protecting
privacy, particularly A17 of the International Covernant on Civil and Political
Rights (ICCPR), is dealt with in a following Reading Guide. However, it has
relatively little effect on domestic law.
The following comparisons with other jurisdictions show how unusual is
Australia's position in its lack of constitional / Bill of Rights privacy
Courts in all common law jurisdictions may protect privacy by restrictive
interpretation of statutes to protect 'fundamental' rights, which may be
thought of as (unwritten) constitutional rights - at least in Australia.
Coco v The Queen (1994) 179 CLR 427 involved privacy issues relating
to listening devices and the interpretation of the Invasion of Privacy Act
Coco v The Queen  PLPR 34; (1994) 1 PLPR 51 summarises that the
High Court held that 'the courts should not impute to the legislature an
intention to interfere with fundamental rights. Such an intention must be
clearly manifested by unmistakable and unambiguous language. General words will
rarely be sufficient for that purpose if they do not specifically deal with the
When will the Courts take a restrictive interpretation of statutory provisions
in order to protect privacy? Gunning observes:
'In order to determine whether the protection of privacy is
enhanced by this approach, it is necessary to identify those aspects of privacy
which the courts will regard as ''basic immunities which are the foundation of
our freedom'. As Coco (and Plenty v Dillon before it) made clear, the courts
have long recognised territorial privacy as an essential element of common law
ownership of land. Physical or bodily privacy is also jealously protected by
the common law (see P v P , Unreported, High Court of Australia, 20 April 1994,
per Brennan J (dissenting)). Information privacy is more problematic.'
'Reputation is an interest which the courts have recognised in a variety of
circumstances, such as in the granting of suppression orders or injunctions to
prevent the publication of defamatory or confidential information. In these
cases the courts must also place weight upon competing public interests, such
as freedom of expression and the principle of open justice. In the absence of
concrete factual circumstances, it is virtually impossible to speculate as to
the importance to be placed upon an individual's interest in controlling the
collection and dissemination of personal information.'
Difficult though it may be to know when it will apply, Coco indicates
that carelessly worded statutory interferences with privacy can easily face
difficulties before the Courts. Despite the absence of constitutional privacy
rights, the Courts are able to provide some protection for privacy against
<IMG ALIGN=MIDDLE SRC="http://www2.austlii.edu.au/itlaw/required.gif">
http://www.hklii.org/hk/legis/ord/hkboro282/s8.html Article 14 Hong Kong Bill
of Rights Ordinance - implementing ICCPR Art. 17, which provides 'No one shall
be subjected to arbitrary or unlawful interference with his privacy, family,
home or correspondence ...'
- Section 7 'provides that the Ordinance binds only (a) the Government and
all public authorities, and (b) any person acting on behalf of the Government
or a public authority. The Bill of Rights therefore has no direct effect on
inter-citizen relationship.' (HKLRC 1999) - BORO therefore has no 'horizontal
- 'Nonetheless, since section 6 of the Ordinance provides that a court in an
action for breach of the Ordinance "may grant such remedy or relief, or make
such order, in respect of such a breach, violation or threatened violation as
it has power to grant or make in those proceedings", it is arguable that an
individual has a cause of action for breach of the right to privacy' against
government authorities or public bodies.' (HKLRC 1999)
- This right seems to have been relied on infrequently as yet.
R. v. Yu Yem Kin HCCC000111/1993 -  HKCFI 41 - The right of privacy
under A14 was the basis of an unsuccessful argument that the exercise of a
power of search and seizure interfered with that right.
law includes both law arising under the European Convention on Human Rights
(ECHR) (A8 of which is almost the same as ICCPR A17(1) - see the topic on
International Laws Protecting Privacy), and the UK's own Human Rights Act 1988.
it does not contain a right of privacy as such, s21 of the New Zealand Bill
of Rights Act 1990 provides that everyone ''has the right to be secure
against unreasonable search or seizure, whether of the person, property, or
correspondence or otherwise'. Section 21 therefore has many similarities to A28
and A29 of the HK Basic Law.
Article 28 Basic Law of the Hong Kong SAR: 'The freedom of the person of
Hong Kong residents shall be inviolable. No Hong Kong resident shall be
subjected to arbitrary or unlawful arrest, detention or imprisonment. Arbitrary
or unlawful search of the body of any resident or deprivation or restriction of
the freedom of the person shall be prohibited. Torture of any resident or
arbitrary or unlawful deprivation of the life of any resident shall be
Article 29 Basic Law of the Hong Kong SAR: : ' The homes and other premises
of Hong Kong residents shall be inviolable. Arbitrary or unlawful search of, or
intrusion into, a resident's home or other premises shall be prohibited.'
- The HKLRC 1999 comments that A28 and A29 together are similar to the 4th
Amendment to the US Constitution. See later Reading Guide for further
discussion of the application of these provisions to electronic surveillance.
HKLRC 1999 [1.4]-[1.8] for discussion of these three provisions.
McBride comment that:
'Unlike the US Bill of Rights and the Canadian Charter of
Rights and Freedoms 1982, the New Zealand Bill of Rights Act 1990 is
not ''supreme law'. It operates as an ordinary statute.'T McBride
and R Tobin
in New Zealand case law (1994) 1 PLPR 48 expresses early optimism about the
role of the Bill of Rights Act to protect privacy, but T McBride in 'Recent New
Zealand case law on privacy: Part I -- the Privacy Act and the Bill of Rights
Act' (2000) 6 PLPR 106 -
New Zealand Bill Of Rights Act 1990 s 21 - reports on the retreat of the
Courts from using s21 to protect privacy, and in particular the failure of all
recent attempts to exclude evidence on the basis of s21.
Courts in common law countries (with the exception of the USA) have in most
jurisdictions not developed a general tort of privacy protection.
What do we mean by 'a general tort of privacy protection'? It means something
more than an extension of an existing remedy based on protection of an interest
other than privacy but incidentally giving more protection to privacy. At the
least it means the development toward one the four US privacy torts (below), or
toward a tort broader than one of the US torts.
Samuel Warren and Louis Brandeis by their article
"The Right to Privacy" Harvard Law Review Vol. IV December 15,
1890 No. 5 are credited with starting American jurisprudence concerning a
common law right of privacy, by arguing that the common law already implied a
right of privacy.
US law has since developed four 'privacy torts' (subsequently identified by
Prosser from the case law that emerged after the Warren and Brandeis
(a) Intrusion upon the plaintiff's solitude or seclusion;
(b) Public disclosure of private facts about the plaintiff;
(c) Appropriation of the plaintiff's name or likeness;
(d) Placing the plaintiff in a false light in the public eye.
These can conveniently be called the US 'intrusion', 'public disclosure of
private facts', 'appropriation' and 'false light' torts. This has generated a
very large body of case law, but it is (at least as yet) of limited relevance
to other common law countries.
law privacy rights - a summary of the four US torts
- R Wacks Chapter 2, Part I 'The American Law' in Personal Information:
Privacy and the Law, Oxford: Clarendon Press 1993, for a critical summary.
Wacks considers that the 3rd and 4th US torts have little to do with privacy,
or at least with personal information. In the other two torts ('intrusion' and
'public disclosure of private facts', the Courts have used the test of whether
'the intrusion or disclosure is offensive and objectionable to a reasonable man
of ordinary sensibilities'. Professor Wacks views seem to be shared by the Hong
Kong Law Reform Commission (see below), of whose Privacy Subcommittee he was a
member while living in Hong Kong.
Discussion question: What is the
relationship between the proposed HK statutory torts and the US privacy torts?
There have been a number of major UK decisions where questions of breach of
confidence did not arise, and consequently the question of a 'privacy tort' was
not merely a question of extending the law of breach of confidence.
- HKLRC 1999
Chapter 4 - Protection of privacy at common law commences with the comment
that 'The common law does not recognise a general right to privacy.' and
concludes 'Since the courts do not recognise a right of privacy, the interest
in privacy has been protected only if another interest of an individual which
is recognised by the courts has also been violated.'
- HKLRC Consultation Paper
Civil Liability for Invasion of Privacy (1999); The Law Reform Commission
made 28 recommendations, including the following key recommendations:
- Recommendation 1 - We recommend that any person who intentionally or
recklessly intrudes, physically or otherwise, upon the solitude or seclusion of
another or into his private affairs or concerns, should be liable for a
statutory tort of invasion of privacy, provided that the intrusion is seriously
offensive and objectionable to a reasonable person of ordinary sensibilities.
- Recommendation 3 We recommend that any person who gives publicity to a
matter concerning the private life of another should be liable for a statutory
tort of invasion of privacy provided that the disclosure in extent and content
is of a kind that would be seriously offensive and objectionable to a
reasonable person of ordinary sensibilities and he knows or ought to know that
such disclosure is seriously offensive and objectionable to such a person.
- Recommendation 4 - We recommend that for the purposes of the statutory
tort of invasion of privacy based on public disclosure of private facts
recommended above, matters concerning the private life of another should
include information about an individual's private communications, home life,
personal or family relationships, private behaviour, health or personal
financial affairs. (Chapter 8)
UK cases have dealt with the question of extending the law of breach of
confidence to cover protection of privacy, and in those cases the UK courts
have been far more willing to act. They are discussed later in relation to
breach of confidence.
In Australia there is no recognition as yet of a general tort of protection of
privacy, but the question has been re-opened by the recent Lenah v ABC
decision of the High Court.
- Kaye v Robertson  FSR 62 (see
HKLRC 1999 discussion) is generally cited as authority that in English law
there is no general tortious right to privacy; An actor suffered severe
injuries to his brain and was hospitalised in a private room which had a notice
asking visitors to see a member of the staff before visiting. The defendant
journalists ignored the notice and entered the room. Any consent by P to be
photographed or interviewed was held not to be informed consent. Glidewell LJ
held that in English law there was no right to privacy, other torts having
failed to provide the required relief.
Home Office v Mary Jane Wainwright & Anor  EWCA Civ 2081 - In
this case, decided in December 2001, the Court of Appeal followed Kaye v
Robertson and Khorasandjian v Bush to find that there is in English
law no tort of invasion of privacy. Buxton LJ pointed out that the importance
of the case lies in that recovery (in the lower Court) 'has been achieved
simply for a breach of the right to privacy' and the case did not involve any
possible breach of confidence. Leave to appeal to the House of Lords has now
been granted. Read at least the facts
as stated by Wolff LCJ at - and Buxton LJ at -; The decision is
important in a number of areas relating to privacy torts:
- The Human Rights Act 1998 had no effect in this case (Wolff LCJ)
(this aspect is on appeal to the House of Lords concerning the 'horizontal
- Trespass will not be extended to this type of case (Buxton LJ) - see later;
- Wilkinson v Downton will not be extended to emotional distress -
- An 'intrusion' privacy tort is rejected on the authority of Kaye v
Robertson and Khorasandjian.
A v B & C  EWCA Civ 337 - CA suggests 'Guidelines' for judges to
follow in cases concerning publication and privacy; attempts to limit
consideration of a privacy tort on the grounds that in most `if not all'
situations where privacy protection is justified, it will be protected by
breach of confidence (at least since the Human Rights Act 1998, which expands
UK confidence law); The `vexed question' of a separate privacy tort may then be
ignored. So, does not rule out a separate privacy tort, just attempts to stop
arguments about it being introduced into breach of confidence cases.
Wainwright, Lenah is a case where there was no breach of
confidence issue, in this case because Lenah conceded that information about
the nature of the processing was not confidential and not imparted in
- Victoria Park Racing and Recreation Grounds v Taylor (1937) 58 CLR
479 was very often regarded as confirming that there is no general `right of
privacy' recognised in Australian common law. Latham C.J., considering the law
of torts as it then stood, said that no "general right of privacy exists".
Broadcasting Corporation v Lenah Game Meats Pty Ltd  HCA 63 (15
November 2001) - Decided shortly before Wainwright, this case gave the
High Court an opportunity to reconsider Victoria Park.
However, the Court declined to consider whether their might be a tort of
invasion of privacy despite Victoria Park, in part because (even if
there was such a tort) it would not apply to a corporation (Callinan J
dissenting; Gleeson CJ not deciding). Discussing Victoria Park, Gummow
and Hayne JJ (with whom Gaudron J agreed) said:
108.In the course of his judgment, Latham CJ rejected the
proposition that under the head of nuisance the law recognised a right of
privacy. But the decision does not stand for any proposition respecting
the existence or otherwise of a tort identified as unjustified invasion of
Kirby J explicitly refrained from dealing with the question until
a more appropriate case arose (at ). Callinan J is of the opinion that
'the time is ripe for consideration whether a tort of invasion of privacy
should be recognised in this country, or whether the legislatures should be
left to determine whether provisions for a remedy for it should be made' (at
). Gleeson CJ referred to 'the lack of precision of the concept of privacy
is a reason for caution in declaring a new tort of the kind for which the
respondent contends' (at ) but did not consider the matter beyond
It is reasonable to conclude that in Lenah the Australian High Court has
left open the possibility (without endorsing it in any significant way) that
subsequent Courts, faced with a more appropriate case, might develop a general
tort of invasion of privacy. Victoria Park is no longer of any
significant authority in relation to privacy.
Commentary on Lenah:
"Taking these considerations into account,
it is suggested that the relatively ad hoc, somewhat chaotic, reasoning
of the High Court in the Lenah decision is an example of what can happen
in a legal system that refuses to take individual rights seriously and that, as
a result, has an inadequate legal framework for recognising and protecting
individual rights. While judicial recognition of an Australian tort of privacy
would improve the position of individuals under the general law, then, an
adequate legal regime must await the extra-judicial development of a bill of
rights. As this seems unlikely, it would seem that protection of rights and
freedoms under Australian law is destined to be influenced indirectly by
developments elsewhere. By this, I am referring mainly to European human
rights jurisprudence, via it effect on substantive principles of English law,
including confidentiality law. In this sense, the relatively unsatisfactory
reasoning evident in the judgments in Lenah is symptomatic of
fundamental weaknesses in the structure of Australian law, just as much as it
is a reflection of fundamental differences of opinion among the members of the
current High Court."
- Patrick Gunning
Casenote on ABC v Lenah (for publication in PLPR); summarises the complex
relationships between the individual judgments.
Discussion question: In what directions might the Australian common law
develop in relation to privacy?
There have been periodic attempts to introduce a general statutory tort of
invasion of privacy in Australia (see
1999 summary), but they have not proceeded and have usually been rejected
on the grounds that its scope and effect would be too uncertain, particularly
in relation to the press. The conclusion reached by bodies such as the
Australian Law Reform Commission in its Report Privacy (ALRC, 1983) is
that legislation embodying a specific set of information privacy principles
(and other legislation dealing with other specific aspects of privacy) is
preferable. The ALRC Report was a major factor leading to the Privacy Act
1988 (Cth) and its 11 Information Privacy Principles. (The ALRC in 1979
also recommended a statutory tort of disclosure of private facts , but this
would have covered only one corner of privacy issues. The proposed tort was not
proceeded with by government).
In contrast, the common law in New Zealand has gone some way toward the
development of a tort of invasion of privacy. See T McBride and R Tobin
in New Zealand case law (1994) 1 PLPR 48, and in particular note the
'Evolution of New Zealand privacy law' (in 'Recent New Zealand case law on
privacy: Part I -- the Privacy Act and the Bill of Rights Act' (2000) 6 PLPR
106 ), McBride summarises the current position of the privacy tort in New
Zealand as follows:
- Tucker v News Media Ownership Ltd  2 NZLR 716 - injunction to
restrain media publication of facts previously in public knowledge
- Bradley v Wingnut Films  1 NZLR 415
'The decisions are discussed in the specialist commentaries (see
The Law of Torts in New Zealand 2nd edition, 1997, (S Todd, General Editor), Ch
17, `Privacy' by Professor John Burrows, pp 964-968; Burrows and Cheer, Media
Law in New Zealand 4th edition, 1999 pp 173-178). After analysing the decision
of Gallen J in Bradley v Wingnut Films Ltd, Professor Burrows, the leading New
Zealand academic commentator in this area, identifies the elements of the tort
of privacy under New Zealand law as follows.
is a very large topic, and only a couple of main issues can be summarised
The High Court has held that common law privacy remedies may still be
available, despite the enactment of the Privacy Act: Hobson v Harding (1995) 1
HRNZ 342 (Thorp J).'
- There must be a `public disclosure' of private facts.
- The facts disclosed must be `private' facts.
- `The matter made public must be one which would be highly offensive and
objectionable to a reasonable person of ordinary sensibilities.'
- Sometimes the interests of individual privacy will be required to yield to
the wider public interest.
See the following sources for more detailed discussion:
Information is not regarded in law as capable of being property per se
(Oxford v Moss - stolen examination papers were not 'property' for the
purposes of the law of larceny). The law of breach of confidence, where it
applies, is one of the few situations where (arguably) the common law
recognises a propery right in informationl.
The main limitation on using the action for breach of confidence is that the
relationship under which the information was obtained must also be recognised
as one to which confidentiality attaches, and this is (surprisingly) still
uncertain for most modern commercial and professional relationships beyond a
few well known relationships such as banker/customer and doctor/patient.The
limitations of the action of breach of confidence to protect privacy were shown
in Fraser v Evans  1 QB 349, where it was held that the
plaintiff in a breach of confidence action must be the discloser of the
information. A duty of confidence is only owed to that person. This implies
that it is insufficient to be the subject of the information . This is
the same problem as in the negligent advice tort (prior to Spring)
except that in negligence it is only the recipient who can sue, but in
breach of confidence cases it is only the original discloser who can sue.
Fraser v Evans is not quite as limiting as it might seem, because the
subject of the information may have originally disclosed the information to A
in confidence, who has then disclosed it to B. B will owe obligations to the
subject of the information, as the original discloser.
One of the most controversial and important issues concerning breach of
confidence as a privacy protection is the extent to which various types of
'improperly obtained information' are subject to obligations of confidence.
Another way of putting this is whether 'non-consensual' disclosures (or moor e
accurately 'obtaining of information') may attract obligations of confidence.
Cases on this issue have been interpreted as suggesting 'that the action is not
predicated upon a prior relationship between the parties but is based on the
principle of unconscionability' (Berthold and Wacks (1977) p35).
See the discussion in these sources of:
- Franklin v Giddens  1 Qd R 72 - theft of budwood from orchard
- Francome v Mirror Group Newspapers Ltd  1 WLR 892 (contra
Malone v Commissioner of Police of the Metropolis (No 2)  2 All ER
- Kaye v Robertson  FSR 62 - Press took photographs in hospital
room despite signs they were not to enter without permission. Breach of
confidence not pleaded.
Koo and Chiu v Lam  HKCA 209 (Hong Kong Court of Appeal) - Rival
research team had copy of other team's questionnaire, but source of obtaining
it was uncertain. Penlington JA said there was 'surreptitious' obtaining of
the questionnaire but no theft. Held there was a duty of confidence here.
- Recent cases take this issue further:
- Hellewell v Chief Constable of Derbyshire  1 WLR 804: Laws J
said "I entertain no doubt that disclosure of a photograph may, in some
circumstances, be actionable as a breach of confidence... If someone with a
telephoto lens were to take from a distance and with no authority a picture of
another engaged in some private act, his subsequent disclosure of the
photograph would, in my judgment, as surely amount to a breach of confidence as
if he had found or stolen a letter or diary in which the act was recounted and
proceeded to publish it. In such a case the law would protect what might
reasonably be called a right of privacy, although the name accorded to the
cause of action would be breach of confidence." (See Douglas v Hello at
- Les Editions Vice-Versa Inc v Aubry  1 SCR 591 ( Supreme
Court of Canada ) Damages awarded for publication of photos of a person in a
public place taken and published without their consent. (Quebec law may be very
different, however, due to their Bill of Rights - see comments by Brooke LJ in
Douglas v Hello!)
Douglas v Hello!  EWCA Civ 353;  2 All ER 289; Wedding of
actors filmed in secret by persons unknown despite clear notice to all
attending wedding that filming was not allowed; An injunction against
publication was refused on the balance of convenience, particularly as they had
already surrendered most of their privacy for commercial gain..
- Brooke LJ found a strongly arguable case on confidentiality grounds, but
not (in the event of a photographer unaware of the warnings) on `breach of
privacy' grounds (like Kaye v Robertson)
- Sedley LJ said "126. What a concept of privacy does, however, is accord
recognition to the fact that the law has to protect not only those people whose
trust has been abused but those who simply find themselves subjected to an
unwanted intrusion into their personal lives. The law no longer needs to
construct an artificial relationship of confidentiality between intruder and
victim: it can recognise privacy itself as a legal principle drawn from the
fundamental value of personal autonomy. " Sedley LJ is therefore proposing to
ground an extended law of breach of confidence in interests of privacy and
Campbell v Mirror Group Newspapers  EWHC 499 (QB) (Morland J) The
'supermodel' Naomi Campbell won her privacy case against The Mirror newspaper
but she was awarded only [sterling]3,500 in damages. In relation to the law of
breach of confidence, the Court differentiates between the bare fact of whether
she was a drug addict or not (which does not seem to have any confidentiality
about it, given her earlier denials), and the fact that she was obtaining
treatment through Narcotics Anonymous (which was held to have the necessary
'quality of confidence'). Morland J followed Gleeson CJ in Lenah v ABC
in deciding this was 'easily idenfiable as private and disclosure of that
information would be highly offensive to a reasonable person of ordinary
sensitivities'. Also interesting from a breach of confidence perspective is
that the Court was willing to conclude that the Mirror had obtained the
information about Campbell's attendance at NA meetings as a result of a breach
of confidence by a person unknown (either another NA attendee, or a member of
Campbell's staff/entourage), with the result that the Mirror also held the
information in confidence. Nothing surprising in the principle, but interesting
in the Court's willingness to reach the right result without disclosure of
journalistic sources. Nothing on a common law right of privacy irrespective of
breach of confidence in this case. However, the influence of A 8 ECHR on
interpretation of other aspects of UK law is discussed (this has some possible
relevance in HK and Australia due to the ICCPR A 17). Campbell also succeed in
a claim for compensation under the UK Data Protection Act 1988, the first
judicial consideration of the new Act, on the question of whether the data was
'processed fairly and lawfully' under UK DPP 1 [to be considered later].
- Campbell v Mirror Group Newspapers  EWHC Civ 1373 (on appeal
from Morland J); The Court of Appeal (Phillips MR, Chadwick and Keane LJJ)
allowed MGN's appeal against Morland J's judgment. Court of Appeal considered
that the photographs here 'were of a street scene. They did not convey any
information that was confidential. That information was conveyed by the
captions.' . They concluded that the taking of covert photos of her (even
if it was offensive) was 'not relied upon as a ground for legal complaint' 
[- therefore, this is not a case of improperly obtained info at all]. The Court
concluded that the disclosure of the additional information about her attending
Narcotics Anonymous was not sufficiently offensive [on Gleeson CJ's test] to
justify intervention (no duty of confidence).
Campbell v Frisbee  EWHC 328 (Ch) - see also Campbell's successful
action against her employee who disclosed information to the media
information is disclosed by a person to a government, an obligation to hold
the information in confidence may easily arise.
A v B & C  EWCA Civ 337 - CA attempts to limit consideration of a
privacy tort: in most `if not all' situations where privacy protection is
justified, it will be protected by breach of confidence (at least since the
Human Rights Act 1998, which expands UK confidence law); The `vexed question'
of a separate privacy tort may then be ignored
Broadcasting Corporation v Lenah Game Meats Pty Ltd  HCA 63; Kirby J
considered Courts had the power to restrain the use of information obtained by
improper means (such as trespass here) where the use of the information would
be unconscionable (which it was not here); Gleeson CJ held that the fact that
the information was tortiously obtained is not sufficient to make it
unconscionable for a third party to use it, but if the nature of the
information was such as to make it 'private', the law of breach of confidence
would provide a remedy.
implications of Johns for IPPs dealing with Use and Disclosure will be
The Privacy Act 1988
VIII, ss92-93, attempts to remedy these problems, but only in relation to
personal information, and only in relation to obligations of confidence to
which an agency or a Commonwealth (federal) officer is subject , and to those
which arise under ACT law (irrespective of who is subject to them, such as a
business in the ACT) (s89). Where such obligations of confidence do exist,
s93(3) extends to the subject of the information disclosed on a
confidential basis the same rights to sue for breach as the confider has.
v Australian Securities Commission (1993) 178 CLR 408, summarised by Greenleaf
Johns v ASC (1994) 1 PLPR 10 and discussed in G Greenleaf
Court Confirms Privacy Right Against Governments (1994) 1 PLPR 1. The
High Court in Johns held that a statute giving a power to obtain information
(including personal information) defines the purpose for which it can be used,
expressly or impliedly, so that any other use is a breach of a statutory
duty of confidence. Even if there is authority to disclose, the rules
of natural justice may require a hearing before the decision to disclose is
made. It seems that the reasoning in Johns v ASC is applicable to
information compulsorily collected by State governments as much as by
the Commonwealth Government, so the decision is potentially very significant.
- In the UK, similar conclusions have been reached in Marcel v
Commissioner of Police  Ch 225 and Morris v Director of the
Serious Fraud Office  3 WLR 1 .
- contra Hall v Commissioner of ICAC  HKLR 210 (see Berthold
& Wacks pg 46)
- see Berthold & Wacks pgs 46-47 for further discussion
These provisions may have added significance in the light of decisions such as
Johns (discussed above). For example, if a Commonwealth agency
compulsorily acquires information about a company's customers from the
company, it will owe a duty of confidence to the company to only use the
information for the purpose for which it acquired it (Johns). If it uses
the information for some other purpose, the customers can sue for breach of the
obligation of confidence (s93).As in Fraser v Evans, s92 clarifies that
a third party recipient of information, who knew or ought to know that it was
held in confidence by the person disclosing it, is also bound by that
s93(1) confirms that damages may be recovered for breaches of confidence
concerning personal information.
There is no caselaw concerning Part VII - it does not seem to have ever been
Will disclosure of personal
information in breach of an IPP limiting disclosure constitute a breach of
confidence by virtue of the statutory breach?
- See Berthold & Wacks pgs 48-49 comparing breach of confidence with the
HK Ordinance DPPs; B & W (2nd) p133
Defamation has limitations as a form of privacy protection because:
- HKLRC 1999
- Berthold & Wacks pgs 57-62; note special 'innocence' defence in
Defamation has some similarities to the US privacy tort of
'publicity which places the defendant in a false light in the public eye' (but
see Berthold & Wacks p60).
A right of access may disclose defamatory material held in databases. However,
the information must have been disclosed to some other person to be defamatory.
See for background:
- It usually only gives protection against information. which is
false (NSW law goes somewhat beyond this);
- It has wide defences of qualified privilege , with no condition of
fair practices (in the absence of malice) before the defence is available;
- It gives no mechanism for people to find out that defamations have
occurred - most bureaucratic defamations are in secret (eg government
files, credit or insurance reports), only media defamations are usually known
to the victim.
- Is very expensive to pursue as a remedy, and is largely useless to most
negligent advice cases following Hedley Byrne until recently have only
give the recipient of negligent information a right to sue, not the
subject of information; so a person who failed to obtain a job, credit etc
because of a negligent reference or out-of-date information in a database had
no remedy. Privacy protection by negligence actions is only likely to be
significant if the subject of the information has an action.
- Berthold & Wacks pgs 62-66
However, the law could change to provide a remedy in this situation, if other
Courts take the same approach as the House of Lords in Spring v Guardian
Assurance PLC  3 WLR 354. More recent cases seem to make this
tort of trespass can be used to protect the privacy of those who have a
proprietary interest in land (only) against physical encroachment upon land or
premises. Surveillance carried out from a distance will not constitute
- Spring v Guardian Assurance PLC (1994) House of Lords (1994) 1
PLPR 150. - An insurance company gave another insurance Company a bad
references about Spring, a former employee. There was no malice, so a
defamation action was defeated by the defence of qualified privilege, but the
reference was given negligently. The House of Lords, by majority, held that
the employer owed a duty of care to the subject of a reference (as
opposed to the recipient), and that principles of negligence and defamation
were different. The House of Lords decisions was in contrast with a number of
New Zealand cases. Lord Keith, dissenting, thought the policy underlying
qualified privilege was the same in relation to both negligence and defamation.
- In Sattin v Nationwide News Pty Ltd (1996) 39 NSWLR 32 the
plaintiff sued in negligence for damage to her reputation caused by a newspaper
photo and caption, and then tried to amend her statement of claim to include a
claim in negligence. Levine J refused the application, and in doing so
declined to follow Spring v Guardian Assurance PLC . He said that the
law of negligence `has a limited role to play in the matter of communications,
it being fundamentally confined to the Hedley Byrne situation .... or
perhaps others in which freedom of speech is not a legitimate consideration'.
He implied that it had little role in `reference cases' (such as Spring)
either. However, Sattin is only a decision of limited scope by a single
judge, and the whole area awaits more authoritative consideration in Australia.
; the court in h
Gould v TCN Channel 9 & Ors  NSWSC 707 took a similar approach.
Sullivan v Moody; Thompson v Connon  HCA 59 - The Australian High
Court rejected a claim that investigators of an alleged sexual assault of a
child owed a duty of care to one parent of the child when reporting details to
the other parent, partly because of the effect this would have on the
relationship between negligence and defamation law (see [54.]). The information
communicated suggested the involvement of the first parent in the assault, and
contributed to the breakdown of the marriage.
- Lai Hing Tong v Attorney-General  1 HKLR 56 (see Berthold
& Wacks p65) - A Hong Kong decision pre-dating Spring where the plaintiff
recovered damages in negligence for the incorrect recording a communication of
a criminal record, as a consequence of which he lost three positions. R
Glofcheski in (1991) 20 HKLJ 393 argued he should have proceeded in
However, as Lenah shows, the development of the law is uncertain in the
extent to which Courts will restrain the use of information obtained as a
result of a trespass or other tortious or unlawful act.
Since the award of tortious damages in Wilkinson v Downton  2 QB
57 for the nervous shock suffered by a woman when told (falsely) that her
husband's legs were broken, the exact scope of the tort of intentional
infliction of (non-physical) harm has been uncertain, and there has been
speculation it might offer scope for protection of privacy interests.
- Berthold & Wacks p68
Trespass to land
- Lincoln Hunt Australia Pty Ltd v Willesee (1986) 4 NSWLR 457 -
- Bernstein v Skyviews and General Ltd ( QB 479
TCN Channel Nine Pty Limited v Henry Alfred Anning  NSWCA 82 -
Illustrates how significant trespass can be as a source of remedies for
invasion of privacy. NSW Environmental Protection Agency invited 'A Current
Affair' film crew to accompany it on a 'raid' of a rural propery where 70,000
tires were stored. CofA held that there was trespass, as there was no implied
or express licence to the film crew to enter the property for the purpose of
filming. Damages of A$50,000 ($25,000 general damages and $25,000 aggravated
damages) awarded for trespass to land. Held that personal injury (mental
trauma) was not recoverable as consequential damages as it was not the 'natural
and probable consequences' of the trespass in the circumstances of this
If Wainwright is followed in other jurisdictions,
Wilkinson v Downton will become largely irrelevant to privacy protection.
The interferences with privacy caused by various types of intrusive activities,
from strip searches to the taking of bodily samples, can potentially constitute
battery (and threats to do so may constitute assault).
- Berthold & Wacks pgs 50-57
- HKLRC 1999
Intentional infliction of emotional distress
- Bradley v Wingnut Films  1 NZLR 415; Gallen J refused
injunction but considered plaintiff being 'shocked and upset' at film depiction
of funeral plot was sufficient under Wilkinson v Downton.
Home Office v Mary Jane Wainwright & Anor  EWCA Civ 2081 ; Wolff
LCJ (at  - ) considered Wilkinson v Downton should be limited to
'actual recognised psychiatric illness or bodily injury', following
Minna Wong v Parkside Health NHS Trust  EWCA Civ 1721. Emotional
distress falling short of psychiatric illness or other form of physical harm
will not suffice. Here the prison officers were not intending to harm the
plaintiffs, so the plaintiffs failed. (Nor would the emotional distress have
been sufficient.) Buxton LJ took an equally restrictive approach. Mummery LJ
agreed with both.
Home Office v Mary Jane Wainwright & Anor  EWCA Civ 2081 Buxton
LJ (at -) stressed that battery is confined to direct physical contact
with the plaintiff, and cannot be extended, as the plaintiffs argued, to
situations of 'causing the claimants to do something to themselves that led to
humiliation and illness'.
In Wainwright there does not seem to have been a threat by the prison
officials to use force to search the plaintiffs - this could have constituted
assault. The consequence of their failing to agree to do what the officers
wanted was only refusal of entry to the prison.
Nuisance requires 'a condition or activity which unduly interferes with the use
or enjoyment of land' (Clerk and Lindsell on Torts).
a person owns copyright in the form of expression of information about them
(and, most likely, by them), then they can use copyright to prevent the
reproduction etc of that expression of the information. However, copyright does
not provide protection for the underlying information.
- Berthold & Wacks p68
- Khorasandjian v Bush  QB 727 - extension of nuisance to
harassment by telephone calls
- Bernstein v Skyviews  1 QB 479 - no trespass to land to view
from an aeroplane
For example, copyright can be used by a person to prevent republication of
letters or a diary written by them, but not a story based on the diary or
letters which makes only insubstantial use of any particular expressions in the
diary or letters, but merely uses facts obtained from them.
malicious publication of falsehoods that produce damage, even if not
defamatory, can result in an action for malicious falsehood. The importance of
this is obviously very limited because of the requirement of malice, and
because in most cases such falsehoods would be defamatory.
Perhaps an example might be a credit bureaux that maliciously deleted any
information about a person's good credit record, thereby limiting the amount of
credit available to the person.
law very rarely provides damages or other compensatory mechanisms (even in
statutory forms such as ADJR or FOI), only reversal of incorrect decisions, or
injunctions , so it is of limited use as privacy protection.
- Berthold & Wacks pgs 67-8
Many of the Information Privacy Principles (IPPs) have analogies in
administrative law remedies (eg natural justice may require access to your own
file; a decision may be ultra vires if it is based on irrelevant information).
Natural justice may require a person be afforded a hearing before a decision is
made to release information about him or her (Johns). But since no
damages are usually available, the importance of the IPPs is that they may
provide better remedies, particularly damages.
The significance of privacy Acts as a new aspect of administrative law has
received little attention.
4.10. The special position of the USA
Michael Froomkin's article below is essential reading in order to understand
the constitutional limitations on the USA ever developing either (i) a
comprehensive privacy tort or (ii) a data protection law on the European model.
summarises the limitations (footnotes omitted):
The Death of Privacy? [This HTML version is a draft which should not be
cited, but there is a link to a more final PDF version.] - Part II.
Responding to Privacy-Destroying Technologies - A. The Constraints
"Privacy-destroying technologies do not line up particularly well
with the legal rules that govern them. This explains why the United States
Constitution is unlikely to be the source of a great expansion in informational
privacy rights. The Constitution does not speak of privacy, much less
informational privacy. Even though the Supreme Court has acknowledged that
"there is a zone of privacy surrounding every individual," the data contours
of that "zone" are murky indeed. The Supreme Court's relatively few discussions
of informational privacy tend to be either in dicta or in the context of
finding other interests more important, (333) or both." "Whatever right to
informational privacy may exist today, it is only a right against
governmentally sponsored invasions of privacy only--it does not reach private
The common law protection of privacy in the USA has been mentioned earlier.
Froomkin summarises the effect of the First Amendment as follows (footnotes
"The First Amendment affects potential privacy-enhancing rules in
at least three ways:
(1) most prohibitions on private data-gathering in
public (i.e. surveillance) risk violating the First Amendment (conversely, most
government surveillance in public appears to be unconstrained by the Fourth
(2) the First Amendment may impose limits on the extent to
which legislatures may restrict the collection and sale of personal data in
connection with commercial transactions; and
(3) the First Amendment right
to freedom of association imposes some limits on the extent to which the
government may observe and profile citizens, if only by creating a right to
anonymity in some cases. "
In a nutshell, he says that the First Amendment almost seems to support the
adage that "information wants to be free," and in particular once it has been
collected, data cannot in practice be controlled by law in the USA.
In more detail, some of Froomkin's main conclusions are set out below, with
emphasis added. See Part IIA(2) of his article for supporting arguments and
In relation to public places and government-held information:
In relation to transactional
- "In peacetime, the First Amendment allows only the lightest restrictions
upon the ordinary gathering of information in public places (or upon
repeating of such information). Other than cases protecting bodily integrity,
the constitutional right to privacy is anaemic, especially when compared to the
First Amendment's protection of the rights to gather and disseminate
information." "However, both the Supreme Court and appellate courts have
interpreted the First Amendment to encompass a right to gather information. The
right is not unlimited. It does not, for example, create an affirmative duty on
the government to make information available."
- Again concerning data collection, "General regulation of new
technologies such as thermal imaging or passive wave imaging seems
unproblematic on First Amendment grounds so long as the regulation were to
apply to all uses."
- "...there are good reasons to believe that the First Amendment would
forbid most legislation criminalizing the dissemination or use of accurate
information. While good for free speech, it makes any ban on data
collection much more difficult to enforce." "But, other than in cases involving
intellectual property rights or persons with special duties of confidentiality,
(201) the modern Court has struck down all peacetime restrictions on publishing
true information that have come before it."
- "The Supreme Court's decisions leave open the possibility that the First
Amendment might apply more strongly when facts are legally acquired, as opposed
to originating in the illegal actions of another. Legally acquired facts have
the highest protection ... Thus, the Supreme Court's cases are unclear as to
whether a ban on the publication of illegally acquired information could
fall within the presumably small class of regulations of truthful speech that
satisfy constitutional standards."
- In relation to government-held information (public registers in
particular), there is a question "whether sharing information is always speech
protected by the First Amendment, or whether there are occasions in which
information is just a regulated commodity". "If the Court adopts what amounts
to a right/privilege distinction relating to government data, it is hard to see
why the government's ability to impose conditions upon the use of its
proprietary data should be any less than that of a private party, especially if
those conditions arguably restrict speech."
are a number of implications of the US situation described by Froomkin for the
protection of privacy in the rest of the world (ROW):
- " Transactional data--who bought what, when, where, and for how
much--might be considered ordinary speech, commercial speech, or just an
informational commodity. "
- "If transactional data is commercial speech, its regulation would be
reviewed under the test enunciated in Central Hudson Gas & Electric
Corp. v. Public Service Commission of New York: For commercial speech to
come within [the First Amendment], it at least must concern lawful activity and
not be misleading. Next, we ask whether the asserted governmental interest is
substantial. If both inquiries yield positive answers, we must determine
whether the regulation directly advances the governmental interest asserted,
and whether it is not more extensive than is necessary to serve that interest."
- "The government's ability to regulate privately generated speech relating
to commerce is surprisingly underlitigated. " ....."Current doctrine suggests
that speech relating to commerce is ordinary speech,..." "On the other hand,
the two most recent Supreme Court decisions relating to the regulation of
personal data seem to imply that some transactional data is just a commodity,
although the special circumstances of those decisions--the data was held by
state or local governments--make generalization hazardous"
- "A very small number of statutes impose limits upon the sharing of private
transactional data collected by persons not classed as professionals." Only one
has been challenged (a Maine law restricting who could obtain credit reports)
and it was held unconstitutional on First Amendment grounds.
Discussion Question: What
practices of US firms (particularly in relation to the Internet) would breach
data protection laws if they occurred in Australia, Hong Kong or Europe?
- There is very little likelihood of the US providing comprehensive
statutory protection for use and disclosure of personal information.
- If the largest multi-national corporate collections and storage of
personal information (particularly via the Internet) continue to be based in
the USA, then this poses problems for citizens of many other countries, whose
data may be misused by US firms.
- US firms will have little statutory incentive to develop technologies and
business practices that protect privacy,
- The question of restrictions of data exports to countries with
'inadequate' laws is likely to remain very difficult in relation to the USA.
- It may be that the USA continues to be a 'data haven' for companies with
practices that abuse people's privacy.