[Previous] [Next] [Title]

4. General law protection of privacy (including constitutional protection)

= Required reading (Students are only required to read general materials and those relating to their jurisdiction, not materials from all jurisdictions. Obtain further advice from your teacher.)

= material added since the date of the class concerning this topic

Graham Greenleaf, last revised 19 March 2003


Why are special privacy laws needed, and in particular the sets of `information privacy principles' found in most privacy laws? This Part gives a summary of how the general law (common law, equity and general principles of administrative law) protects privacy. In part, this is for the purpose of showing that the general law (at least in common law jurisdictions) does not provide sufficient protection for privacy, but gives only sporadic and incidental protection to privacy interests.

It is equally true that general law protections must not be ignored as they often provide stronger protection than IPPs (including in relation to remedies), and may sometimes be able to be relied in situations where the other party is exempt from an obligation to comply with statutory IPPs.

Here, each type of general law remedy is summarised. When we deal with each of the Information Privacy Principles, the analogous protections found in the general law will be examined again, in comparison with the relevant IPP.

The special position of the USA is discussed at the end of this Reading Guide.

4.1. Privacy protection outside data protection laws

The various sources of privacy protection outside data protection laws (usually non-statutory but not always) requiring consideration are:

4.1.1. General resources

4.2. Constitutional protections of privacy, including Bills of Rights

4.2.4. Australia - Lack of constitutional protection of privacy

Australia has neither any developed implied constitutional right of privacy (contrast the USA) nor a statutory 'Bill of Rights' privacy right as in NZ, HK or the UK

The effect on Australian domestic law of international agreements protecting privacy, particularly A17 of the International Covernant on Civil and Political Rights (ICCPR), is dealt with in a following Reading Guide. However, it has relatively little effect on domestic law.

The following comparisons with other jurisdictions show how unusual is Australia's position in its lack of constitional / Bill of Rights privacy protection.

4.2.5. Restrictive interpretation of statutes to protect fundamental rights

Courts in all common law jurisdictions may protect privacy by restrictive interpretation of statutes to protect 'fundamental' rights, which may be thought of as (unwritten) constitutional rights - at least in Australia.

Coco v The Queen (1994) 179 CLR 427 involved privacy issues relating to listening devices and the interpretation of the Invasion of Privacy Act 1971 (Qld).

P Gunning Casenote: Coco v The Queen [1994] PLPR 34; (1994) 1 PLPR 51 summarises that the High Court held that 'the courts should not impute to the legislature an intention to interfere with fundamental rights. Such an intention must be clearly manifested by unmistakable and unambiguous language. General words will rarely be sufficient for that purpose if they do not specifically deal with the question.'

When will the Courts take a restrictive interpretation of statutory provisions in order to protect privacy? Gunning observes:

'In order to determine whether the protection of privacy is enhanced by this approach, it is necessary to identify those aspects of privacy which the courts will regard as ''basic immunities which are the foundation of our freedom'. As Coco (and Plenty v Dillon before it) made clear, the courts have long recognised territorial privacy as an essential element of common law ownership of land. Physical or bodily privacy is also jealously protected by the common law (see P v P , Unreported, High Court of Australia, 20 April 1994, per Brennan J (dissenting)). Information privacy is more problematic.' 'Reputation is an interest which the courts have recognised in a variety of circumstances, such as in the granting of suppression orders or injunctions to prevent the publication of defamatory or confidential information. In these cases the courts must also place weight upon competing public interests, such as freedom of expression and the principle of open justice. In the absence of concrete factual circumstances, it is virtually impossible to speculate as to the importance to be placed upon an individual's interest in controlling the collection and dissemination of personal information.'

Difficult though it may be to know when it will apply, Coco indicates that carelessly worded statutory interferences with privacy can easily face difficulties before the Courts. Despite the absence of constitutional privacy rights, the Courts are able to provide some protection for privacy against government.

4.2.1. Hong Kong - Basic Law and Bill of Rights implement ICCPR

BORO - Bill of Rights A14 and ICCPR A17(1)

Other privacy protections in the Basic Law

4.2.2. United Kingdom - Human Rights Act 1988 implements ECHR

UK law includes both law arising under the European Convention on Human Rights (ECHR) (A8 of which is almost the same as ICCPR A17(1) - see the topic on International Laws Protecting Privacy), and the UK's own Human Rights Act 1988.

4.2.3. New Zealand - Bill of Rights

Although it does not contain a right of privacy as such, s21 of the New Zealand Bill of Rights Act 1990 provides that everyone ''has the right to be secure against unreasonable search or seizure, whether of the person, property, or correspondence or otherwise'. Section 21 therefore has many similarities to A28 and A29 of the HK Basic Law.

McBride comment that:

'Unlike the US Bill of Rights and the Canadian Charter of Rights and Freedoms 1982, the New Zealand Bill of Rights Act 1990 is not ''supreme law'. It operates as an ordinary statute.'
T McBride and R Tobin Privacy in New Zealand case law (1994) 1 PLPR 48 expresses early optimism about the role of the Bill of Rights Act to protect privacy, but T McBride in 'Recent New Zealand case law on privacy: Part I -- the Privacy Act and the Bill of Rights Act' (2000) 6 PLPR 106 - New Zealand Bill Of Rights Act 1990 s 21 - reports on the retreat of the Courts from using s21 to protect privacy, and in particular the failure of all recent attempts to exclude evidence on the basis of s21.

Canada - Charter of Rights and Freedoms 1982

4.3. A separate tort of invasion of privacy?

Courts in common law countries (with the exception of the USA) have in most jurisdictions not developed a general tort of privacy protection.

What do we mean by 'a general tort of privacy protection'? It means something more than an extension of an existing remedy based on protection of an interest other than privacy but incidentally giving more protection to privacy. At the least it means the development toward one the four US privacy torts (below), or toward a tort broader than one of the US torts.

4.3.1. United States

Samuel Warren and Louis Brandeis by their article "The Right to Privacy" Harvard Law Review Vol. IV December 15, 1890 No. 5 are credited with starting American jurisprudence concerning a common law right of privacy, by arguing that the common law already implied a right of privacy.

US law has since developed four 'privacy torts' (subsequently identified by Prosser from the case law that emerged after the Warren and Brandeis article):

(a) Intrusion upon the plaintiff's solitude or seclusion;

(b) Public disclosure of private facts about the plaintiff;

(c) Appropriation of the plaintiff's name or likeness;

(d) Placing the plaintiff in a false light in the public eye.

These can conveniently be called the US 'intrusion', 'public disclosure of private facts', 'appropriation' and 'false light' torts. This has generated a very large body of case law, but it is (at least as yet) of limited relevance to other common law countries.


4.3.2. Hong Kong

Discussion question: What is the relationship between the proposed HK statutory torts and the US privacy torts?

4.3.3. United Kingdom]

There have been a number of major UK decisions where questions of breach of confidence did not arise, and consequently the question of a 'privacy tort' was not merely a question of extending the law of breach of confidence. Other UK cases have dealt with the question of extending the law of breach of confidence to cover protection of privacy, and in those cases the UK courts have been far more willing to act. They are discussed later in relation to breach of confidence.

4.3.4. Australia

In Australia there is no recognition as yet of a general tort of protection of privacy, but the question has been re-opened by the recent Lenah v ABC decision of the High Court. Like Wainwright, Lenah is a case where there was no breach of confidence issue, in this case because Lenah conceded that information about the nature of the processing was not confidential and not imparted in confidence.

However, the Court declined to consider whether their might be a tort of invasion of privacy despite Victoria Park, in part because (even if there was such a tort) it would not apply to a corporation (Callinan J dissenting; Gleeson CJ not deciding). Discussing Victoria Park, Gummow and Hayne JJ (with whom Gaudron J agreed) said:

108.In the course of his judgment, Latham CJ rejected the proposition that under the head of nuisance the law recognised a right of privacy[111]. But the decision does not stand for any proposition respecting the existence or otherwise of a tort identified as unjustified invasion of privacy. ..
Kirby J explicitly refrained from dealing with the question until a more appropriate case arose (at [191]). Callinan J is of the opinion that 'the time is ripe for consideration whether a tort of invasion of privacy should be recognised in this country, or whether the legislatures should be left to determine whether provisions for a remedy for it should be made' (at [335]). Gleeson CJ referred to 'the lack of precision of the concept of privacy is a reason for caution in declaring a new tort of the kind for which the respondent contends' (at [41]) but did not consider the matter beyond argument.

It is reasonable to conclude that in Lenah the Australian High Court has left open the possibility (without endorsing it in any significant way) that subsequent Courts, faced with a more appropriate case, might develop a general tort of invasion of privacy. Victoria Park is no longer of any significant authority in relation to privacy.

Commentary on Lenah:

"Taking these considerations into account, it is suggested that the relatively ad hoc, somewhat chaotic, reasoning of the High Court in the Lenah decision is an example of what can happen in a legal system that refuses to take individual rights seriously and that, as a result, has an inadequate legal framework for recognising and protecting individual rights. While judicial recognition of an Australian tort of privacy would improve the position of individuals under the general law, then, an adequate legal regime must await the extra-judicial development of a bill of rights. As this seems unlikely, it would seem that protection of rights and freedoms under Australian law is destined to be influenced indirectly by developments elsewhere. By this, I am referring mainly to European human rights jurisprudence, via it effect on substantive principles of English law, including confidentiality law. In this sense, the relatively unsatisfactory reasoning evident in the judgments in Lenah is symptomatic of fundamental weaknesses in the structure of Australian law, just as much as it is a reflection of fundamental differences of opinion among the members of the current High Court."

Discussion question: In what directions might the Australian common law develop in relation to privacy?

Statutory torts

There have been periodic attempts to introduce a general statutory tort of invasion of privacy in Australia (see HKLRC 1999 summary), but they have not proceeded and have usually been rejected on the grounds that its scope and effect would be too uncertain, particularly in relation to the press. The conclusion reached by bodies such as the Australian Law Reform Commission in its Report Privacy (ALRC, 1983) is that legislation embodying a specific set of information privacy principles (and other legislation dealing with other specific aspects of privacy) is preferable. The ALRC Report was a major factor leading to the Privacy Act 1988 (Cth) and its 11 Information Privacy Principles. (The ALRC in 1979 also recommended a statutory tort of disclosure of private facts , but this would have covered only one corner of privacy issues. The proposed tort was not proceeded with by government).

4.3.5. New Zealand

In contrast, the common law in New Zealand has gone some way toward the development of a tort of invasion of privacy. See T McBride and R Tobin Privacy in New Zealand case law (1994) 1 PLPR 48, and in particular note the following cases: In 'Evolution of New Zealand privacy law' (in 'Recent New Zealand case law on privacy: Part I -- the Privacy Act and the Bill of Rights Act' (2000) 6 PLPR 106 ), McBride summarises the current position of the privacy tort in New Zealand as follows:
'The decisions are discussed in the specialist commentaries (see The Law of Torts in New Zealand 2nd edition, 1997, (S Todd, General Editor), Ch 17, `Privacy' by Professor John Burrows, pp 964-968; Burrows and Cheer, Media Law in New Zealand 4th edition, 1999 pp 173-178). After analysing the decision of Gallen J in Bradley v Wingnut Films Ltd, Professor Burrows, the leading New Zealand academic commentator in this area, identifies the elements of the tort of privacy under New Zealand law as follows. The High Court has held that common law privacy remedies may still be available, despite the enactment of the Privacy Act: Hobson v Harding (1995) 1 HRNZ 342 (Thorp J).'

4.4. Breach of confidence re personal information

This is a very large topic, and only a couple of main issues can be summarised here.

See the following sources for more detailed discussion:

Information is not regarded in law as capable of being property per se (Oxford v Moss - stolen examination papers were not 'property' for the purposes of the law of larceny). The law of breach of confidence, where it applies, is one of the few situations where (arguably) the common law recognises a propery right in informationl.

4.4.1. Relation ships involving obligations of confidence

The main limitation on using the action for breach of confidence is that the relationship under which the information was obtained must also be recognised as one to which confidentiality attaches, and this is (surprisingly) still uncertain for most modern commercial and professional relationships beyond a few well known relationships such as banker/customer and doctor/patient.The limitations of the action of breach of confidence to protect privacy were shown in Fraser v Evans [1969] 1 QB 349, where it was held that the plaintiff in a breach of confidence action must be the discloser of the information. A duty of confidence is only owed to that person. This implies that it is insufficient to be the subject of the information . This is the same problem as in the negligent advice tort (prior to Spring) except that in negligence it is only the recipient who can sue, but in breach of confidence cases it is only the original discloser who can sue. Fraser v Evans is not quite as limiting as it might seem, because the subject of the information may have originally disclosed the information to A in confidence, who has then disclosed it to B. B will owe obligations to the subject of the information, as the original discloser.

4.4.2. 'Improperly obtained information'

One of the most controversial and important issues concerning breach of confidence as a privacy protection is the extent to which various types of 'improperly obtained information' are subject to obligations of confidence. Another way of putting this is whether 'non-consensual' disclosures (or moor e accurately 'obtaining of information') may attract obligations of confidence. Cases on this issue have been interpreted as suggesting 'that the action is not predicated upon a prior relationship between the parties but is based on the principle of unconscionability' (Berthold and Wacks (1977) p35). See the discussion in these sources of:

4.4.3. Governments and obligations of confidence

Obligations of confidence on government agencies arising under administrative law

Where information is disclosed by a person to a government, an obligation to hold the information in confidence may easily arise. The implications of Johns for IPPs dealing with Use and Disclosure will be discussed later

Australian Privacy Act 1988 Pt VIII - Breaches of confidence by Federal government

The Privacy Act 1988 Part VIII, ss92-93, attempts to remedy these problems, but only in relation to personal information, and only in relation to obligations of confidence to which an agency or a Commonwealth (federal) officer is subject , and to those which arise under ACT law (irrespective of who is subject to them, such as a business in the ACT) (s89). Where such obligations of confidence do exist, s93(3) extends to the subject of the information disclosed on a confidential basis the same rights to sue for breach as the confider has.

These provisions may have added significance in the light of decisions such as Johns (discussed above). For example, if a Commonwealth agency compulsorily acquires information about a company's customers from the company, it will owe a duty of confidence to the company to only use the information for the purpose for which it acquired it (Johns). If it uses the information for some other purpose, the customers can sue for breach of the obligation of confidence (s93).As in Fraser v Evans, s92 clarifies that a third party recipient of information, who knew or ought to know that it was held in confidence by the person disclosing it, is also bound by that confidence.

s93(1) confirms that damages may be recovered for breaches of confidence concerning personal information.

There is no caselaw concerning Part VII - it does not seem to have ever been used.

Sexual relationships as relationships of confidence

4.4.5. Breach of confidence compared with IPPs

Will disclosure of personal information in breach of an IPP limiting disclosure constitute a breach of confidence by virtue of the statutory breach?

4.5. Defamatory disclosure of personal information

See: Defamation has limitations as a form of privacy protection because: Defamation has some similarities to the US privacy tort of 'publicity which places the defendant in a false light in the public eye' (but see Berthold & Wacks p60).

4.5.1. Defamation and IPPs

A right of access may disclose defamatory material held in databases. However, the information must have been disclosed to some other person to be defamatory.

4.6. Negligent disclosure of personal information

See for background:

4.6.1. Negligence and the subject of information

The negligent advice cases following Hedley Byrne until recently have only give the recipient of negligent information a right to sue, not the subject of information; so a person who failed to obtain a job, credit etc because of a negligent reference or out-of-date information in a database had no remedy. Privacy protection by negligence actions is only likely to be significant if the subject of the information has an action.

However, the law could change to provide a remedy in this situation, if other Courts take the same approach as the House of Lords in Spring v Guardian Assurance PLC [1994] 3 WLR 354. More recent cases seem to make this unlikely, however.


4.7. Other tortious protection of privacy interests

4.7.1. Trespass

The tort of trespass can be used to protect the privacy of those who have a proprietary interest in land (only) against physical encroachment upon land or premises. Surveillance carried out from a distance will not constitute trespass.

However, as Lenah shows, the development of the law is uncertain in the extent to which Courts will restrain the use of information obtained as a result of a trespass or other tortious or unlawful act.


4.7.2. Intentional infliction of emotional distress?

Since the award of tortious damages in Wilkinson v Downton [1897] 2 QB 57 for the nervous shock suffered by a woman when told (falsely) that her husband's legs were broken, the exact scope of the tort of intentional infliction of (non-physical) harm has been uncertain, and there has been speculation it might offer scope for protection of privacy interests.


If Wainwright is followed in other jurisdictions, Wilkinson v Downton will become largely irrelevant to privacy protection.

4.7.3. Trespass to the person (battery and assault)

The interferences with privacy caused by various types of intrusive activities, from strip searches to the taking of bodily samples, can potentially constitute battery (and threats to do so may constitute assault).

In Home Office v Mary Jane Wainwright & Anor [2001] EWCA Civ 2081 Buxton LJ (at [48]-[55]) stressed that battery is confined to direct physical contact with the plaintiff, and cannot be extended, as the plaintiffs argued, to situations of 'causing the claimants to do something to themselves that led to humiliation and illness'.

In Wainwright there does not seem to have been a threat by the prison officials to use force to search the plaintiffs - this could have constituted assault. The consequence of their failing to agree to do what the officers wanted was only refusal of entry to the prison.

4.7.4. Private nuisance

Nuisance requires 'a condition or activity which unduly interferes with the use or enjoyment of land' (Clerk and Lindsell on Torts).


4.7.5. Copyright

If a person owns copyright in the form of expression of information about them (and, most likely, by them), then they can use copyright to prevent the reproduction etc of that expression of the information. However, copyright does not provide protection for the underlying information.

For example, copyright can be used by a person to prevent republication of letters or a diary written by them, but not a story based on the diary or letters which makes only insubstantial use of any particular expressions in the diary or letters, but merely uses facts obtained from them.


4.7.6. Malicious falsehood

The malicious publication of falsehoods that produce damage, even if not defamatory, can result in an action for malicious falsehood. The importance of this is obviously very limited because of the requirement of malice, and because in most cases such falsehoods would be defamatory.

Perhaps an example might be a credit bureaux that maliciously deleted any information about a person's good credit record, thereby limiting the amount of credit available to the person.


4.8. Other forms of protection

4.8.1. Breach of contract, and inducement to breach of contract


4.8.2. Breach of statutory duty


4.9. Administrative law

Administrative law very rarely provides damages or other compensatory mechanisms (even in statutory forms such as ADJR or FOI), only reversal of incorrect decisions, or injunctions , so it is of limited use as privacy protection.

Many of the Information Privacy Principles (IPPs) have analogies in administrative law remedies (eg natural justice may require access to your own file; a decision may be ultra vires if it is based on irrelevant information). Natural justice may require a person be afforded a hearing before a decision is made to release information about him or her (Johns). But since no damages are usually available, the importance of the IPPs is that they may provide better remedies, particularly damages.

The significance of privacy Acts as a new aspect of administrative law has received little attention.

4.10. The special position of the USA

4.10. The special position of the USA

Michael Froomkin's article below is essential reading in order to understand the constitutional limitations on the USA ever developing either (i) a comprehensive privacy tort or (ii) a data protection law on the European model.

4.10.1. The limited privacy protection under US constitutional law

Froomkin summarises the limitations (footnotes omitted):
"Privacy-destroying technologies do not line up particularly well with the legal rules that govern them. This explains why the United States Constitution is unlikely to be the source of a great expansion in informational privacy rights. The Constitution does not speak of privacy, much less informational privacy. Even though the Supreme Court has acknowledged that "there is a zone of privacy surrounding every individual," the data contours of that "zone" are murky indeed. The Supreme Court's relatively few discussions of informational privacy tend to be either in dicta or in the context of finding other interests more important, (333) or both." "Whatever right to informational privacy may exist today, it is only a right against governmentally sponsored invasions of privacy only--it does not reach private conduct."

The common law protection of privacy in the USA has been mentioned earlier.

4.10.2. The First Amendment as a barrier to privacy protection

Froomkin summarises the effect of the First Amendment as follows (footnotes omitted):
"The First Amendment affects potential privacy-enhancing rules in at least three ways:
(1) most prohibitions on private data-gathering in public (i.e. surveillance) risk violating the First Amendment (conversely, most government surveillance in public appears to be unconstrained by the Fourth Amendment);
(2) the First Amendment may impose limits on the extent to which legislatures may restrict the collection and sale of personal data in connection with commercial transactions; and
(3) the First Amendment right to freedom of association imposes some limits on the extent to which the government may observe and profile citizens, if only by creating a right to anonymity in some cases. "

In a nutshell, he says that the First Amendment almost seems to support the adage that "information wants to be free," and in particular once it has been collected, data cannot in practice be controlled by law in the USA.

In more detail, some of Froomkin's main conclusions are set out below, with emphasis added. See Part IIA(2) of his article for supporting arguments and authorities.

In relation to public places and government-held information:

In relation to transactional data:

4.10.3. Consequences of the USA's weak privacy laws for the ROW

There are a number of implications of the US situation described by Froomkin for the protection of privacy in the rest of the world (ROW): Discussion Question: What practices of US firms (particularly in relation to the Internet) would breach data protection laws if they occurred in Australia, Hong Kong or Europe?

[Previous] [Next] [Title]