1.31 It has been suggested that privacy can be divided into a number of separate, but related, concepts:
Information privacy, which involves the establishment of rules governing the collection and handling of personal data such as credit information, and medical and government records. It is also known as ‘data protection’;
Bodily privacy, which concerns the protection of people’s physical selves against invasive procedures such as genetic tests, drug testing and cavity searches;
Privacy of communications, which covers the security and privacy of mail, telephones, e-mail and other forms of communication; and
Territorial privacy, which concerns the setting of limits on intrusion into the domestic and other environments such as the workplace or public space. This includes searches, video surveillance and ID checks.
1.32 As the preceding discussion illustrates, the issues to be covered in this Inquiry do not fall neatly into one concept. The primary focus of this Report, however, is on information privacy.
1.33 The recognition of a general right to privacy warranting legal protection is a relatively modern phenomenon. The genesis of modern legal academic discussion of the topic is generally acknowledged to be Samuel Warren and Louis Brandeis’s article, ‘The Right to Privacy’ published in the Harvard Law Review in 1890. Widespread debate, fuelled by the storage of personal information in computer data banks, commenced in the 1960s.
1.34 Writing in 1980, Professor Ruth Gavison argued that the modern concern for the protection of privacy can be attributed primarily to
a change in the nature and magnitude of threats to privacy, due at least in part to technological change … Advances in the technology of surveillance and the recording, storage, and retrieval of information have made it either impossible or extremely costly for individuals to protect the same level of privacy that was once enjoyed.
1.35 Other factors, according to Gavison, include the advent of tabloid journalism, and the ‘tendency to put old claims in new terms’.
1.36 A new surge of academic comment on privacy, caused mainly by the growth of the internet, occurred in the 1990s. Today, unprecedented advances in technology continue to fuel privacy-related fears—and are discussed in detail in Part B.
1.37 In ALRC 22, the ALRC indicated that the chief threats to privacy in Australia included:
Growing Official Powers. The powers of increasing numbers of public officials to intrude into the lives and property of Australians are growing.
New Business Practices. New intrusive practices have developed in recent years, such as electronic surveillance, credit reporting and direct marketing.
New Information Technology. The computerisation of personal information has enormous advantages, but it also presents Australian society with new dangers, now well documented and understood.
1.38 As evidenced by the Terms of Reference for this Inquiry, the ALRC’s analysis was prescient and all of these factors resonate with equal, if not greater, force today.
Scope of privacy
1.39 Why is privacy considered important? What is the nature of the legal ‘right’ requiring protection? Professor Roger Clarke suggests that the importance of privacy has psychological, sociological, economic and political dimensions.
Psychologically, people need private space. This applies in public as well as behind closed doors and drawn curtains …
Sociologically, people need to be free to behave, and to associate with others, subject to broad social mores, but without the continual threat of being observed …
Economically, people need to be free to innovate …
[P]olitically, people need to be free to think, and argue, and act. Surveillance chills behaviour and speech, and threatens democracy.
1.40 In the Canadian Supreme Court case of Vickery v Nova Scotia Supreme Court (Prothonotary), Cory J expressed a similar view, describing privacy as a right which
inheres in the basic dignity of the individual. This right is of intrinsic importance to the fulfilment of each person, both individually and as a member of society. Without privacy it is difficult for an individual to possess and retain a sense of self-worth or to maintain an independence of spirit and thought.
1.41 Ascertaining the scope of the legal ‘right’ is a more difficult task. Despite the best efforts of legal scholars, the term ‘privacy’ confounds attempts at delivering a universal definition. In ALRC 22, it was noted that ‘the very term “privacy” is one fraught with difficulty. The concept is an elusive one’. Professor J Thomas McCarthy has noted:
It is apparent that the word ‘privacy’ has proven to be a powerful rhetorical battle cry in a plethora of unrelated contexts … Like the emotive word ‘freedom’, ‘privacy’ means so many different things to so many different people that it has lost any precise legal connotation that it might once have had.
1.42 In ALRC 22, the ALRC adopted a definition of the term ‘privacy’ that ‘stayed as close as possible … to the ordinary language concept’. This approach was criticised by Senator Brett Mason, who argues in this regard that ALRC 22 ‘is stronger on the practical application of legal rules and remedies to certain privacy issues than it is on theoretical analysis’. He concludes that ‘the ordinary language concept of “privacy” … does not necessarily inform a sensible legal right’.
1.43 Comparing American, French and German approaches to privacy, Professor James Whitman suggests that ‘there is no such thing as privacy as such’, and maintains that:
Americans and Europeans certainly do sometimes arrive at the same conclusions. Nevertheless, they have different starting points and different ultimate understandings of what counts as a just society … American privacy law is a body caught in the gravitational orbit of liberty values, while European law is caught in the orbit of dignity. There are certainly times when the two bodies of law approach each other more or less nearly. Yet they are constantly pulled in different directions, and the consequence is that these two legal orders really do meaningfully differ: continental Europeans are consistently more drawn to problems touching on human dignity, while Americans are consistently more drawn to problems touching on the depredations of the state.
1.44 Whitman argues that at the core of the European approach to privacy law is ‘the right to control your public image—rights to guarantee that people see you the way you want to be seen’. By contrast, the conceptual core of the American right to privacy is, according to Whitman, the ‘right to freedom from intrusions by the state, especially in one’s own home’.
1.45 Whitman emphasises that the differences between American and European privacy law are comparative, not absolute. It is possible to argue that ‘protecting privacy means both safeguarding the presentation of self and inhibiting the investigative and regulatory excesses of the state’. In practice, however, the differences are real.
1.46 Privacy expert Martin Abrams similarly observes that:
Privacy law is culturally based. Privacy is considered a fundamental human right in Europe, highly regarded with pragmatic interest in the United States, and is only beginning to emerge as a topic in Asia. What works in one country or region doesn’t always work in the other.
1.47 This Inquiry has been directed by its Terms of Reference to focus specifically on ‘matters relating to the extent to which the Privacy Act 1988 and related laws continue to provide an effective framework for the protection of privacy in Australia’. Despite the general title, as noted above, the Privacy Act is concerned almost exclusively with information privacy. In this context, Professor Margaret Jackson notes that ‘one may query whether it is possible to advance a discussion of the adequacy of the law as a regulator of information privacy if one does not define the privacy interests at risk’.
1.48 Consequently, there is some utility in attempting to identify, if not a ‘core’ or precise definition of universal application, at least an understanding of the way the term ‘privacy’ is being used in the context of this Inquiry. To achieve this objective, the ALRC convened a workshop with many of the leading Australian experts in the field. This discussion was useful in articulating the approach the ALRC should adopt when tackling the elusive concept of privacy.
Towards a working definition
1.49 Professor Gavison suggests that ‘privacy’ is ‘a term used with many meanings’, giving rise to two important questions.
The first relates to the status of the term: is privacy a situation, a right, a claim, a form of control, a value? The second relates to the characteristics of privacy: is it related to information, to autonomy, to personal identity, to physical access? Support for all of these possible answers can be found in the literature.
1.50 As a first step in coming to terms with the concept of ‘privacy’, it is important to recognise that the international community accords privacy the status of a human right through such key documents as the Universal Declaration of Human Rights, and the ICCPR. Australia signed the ICCPR on 18 December 1972 and ratified it on 13 August 1980. While ‘the rights and obligations contained in the ICCPR are not incorporated into Australian law unless and until specific legislation is passed implementing the provisions’, the ICCPR’s recognition of privacy as a human right lends support to the argument that such recognition is warranted in domestic law.
1.51 Recently enacted domestic human rights legislation also recognises privacy as a basic human right. For example, s 13 of the Charter of Human Rights and Responsibilities Act 2006 (Vic) provides:
Privacy and reputation
A person has the right—
(a) not to have his or her privacy, family, home or correspondence unlawfully or arbitrarily interfered with;
1.52 The Human Rights Act 2004 (ACT) contains an almost identical provision. While such instruments include privacy in the list of rights accorded the status of a ‘human right’, they do not define the term, nor do they delineate the extent to which its scope intertwines with other freedoms, rights and interests.
Status of privacy
1.53 The VLRC’s Workplace Privacy: Issues Paper proposed that ‘privacy can be expressed as a right, and that this right to privacy can then form the basis for determining what are legitimate interests in privacy’. The VLRC formulated a working definition of privacy in terms of what the right to privacy encompasses, namely the right:
- ‘not to be turned into an object or thing’; and
- ‘not to be deprived of the capacity to form and develop relationships’.
1.54 The NZLC adopted a blended ‘core values’ and ‘harms to privacy’ approach. The ‘core values’ approach recognises ‘privacy as a sub-category of two interconnected core values’—namely, the autonomy of humans to live a life of their choosing; and the equal entitlement of humans to respect. The ‘harms to privacy’ approach draws primarily on the work of Professor Daniel Solove, which is discussed in greater detail below.
1.55 In R v Broadcasting Standards Commission ex parte BBC, Lord Mustill attempted to define the essence of privacy as follows:
To my mind the privacy of a human being denotes at the same time the personal ‘space’ in which the individual is free to be itself, and also the carapace, or shell, or umbrella, or whatever other metaphor is preferred, which protects that space from intrusion. An infringement of privacy is an affront to the personality, which is damaged both by the violation and by the demonstration that the personal space is not inviolate.
1.56 Put another way, privacy may be viewed as the bundle of interests that individuals have in their personal sphere free from interference from others. In this formulation, the use of the term ‘interest’ rather than ‘right’ is intentional and important. While privacy is a ‘right’ in a legal sense, for definitional purposes, the word ‘interest’ may be more accurate. A right is always an interest, even if not all interests are accorded the status of legal rights.
1.57 It is important to bear in mind that privacy interests unavoidably will compete, collide and coexist with other interests. For example, privacy often competes with freedom of expression, a child’s right to protection from abuse, national security and so on. No single interest—not even one elevated to the status of a human right—is absolute.
1.58 The Community Services Ministers’ Advisory Council’s submission to the Inquiry highlights the practical importance of the recognition of competing interests.
Privacy is an important individual right. However, this does not stand alone: people also have other rights (to shelter, safety and care) and sometimes the exercise of rights on behalf of one person can have negative consequences for another person. Community services departments and agencies, with duty of care and statutory obligations to protect the vulnerable, are constantly seeking to mediate between competing rights and obligations.
1.59 In a different context, Eady J considered the tension between freedom of expression and the privacy rights of an individual in McKennitt v Ash:
It is clear that [in the United Kingdom] there is a significant shift taking place as between, on the one hand, freedom of expression for the media and the corresponding interest of the public to receive information, and, on the other hand, the legitimate expectation of citizens to have their private lives protected … Even where there is a genuine public interest, alongside a commercial interest in the media in publishing articles or photographs, sometimes such interests would have to yield to the individual citizen’s right to the effective protection of private life.
1.60 Ascertaining the appropriate policy to deal with the tension between competing interests is the challenge facing judges, legislators and law reformers. It follows from the above discussion that the status accorded to privacy—and in particular the status accorded to privacy in international and domestic human rights instruments—means that privacy interests will usually take precedence over less fundamental interests, such as economic choice and opportunity.
1.61 For example, an argument for greater access to personal information based on reduced cost to custodians of personal information, or customer convenience, generally will not tilt the balance in favour of reduced privacy protection—at least in the absence of other compelling factors. Conversely, an argument that the use of personal information will lead to an increase in an individual’s standard of living may warrant a reduced level of privacy protection, given that standard of living is directly related to the health and wellbeing of an individual or the individual’s family—a recognised human right.
Characteristics of privacy
1.62 Identifying the characteristics of privacy is conceptually more difficult than ascertaining its status. Professor Solove suggests that attempts to identify the essential characteristics of privacy—that is, the common denominators that make things private—are misguided. Solove argues that:
the top-down approach of beginning with an over-arching conception of privacy designed to apply in all contexts often results in a conception that does not fit well when applied to a multitude of situations and problems involving privacy.
1.63 Instead, Solove advocates a more pragmatic, bottom-up, approach.
We should conceptualize privacy by focusing on the specific types of disruption and the specific practices disrupted rather than looking for the common denominator that links all of them. If privacy is conceptualized as a web of interconnected types of disruption of specific practices, then the act of conceptualizing privacy should consist of mapping the topography of the web. We can focus on particular points of the web. These ‘focal points’ are not categories, and they do not have fixed boundaries.
1.64 Some critics, however, reject the pragmatic approach. For example, Professor Richard Bruyer argues that:
Unless a common denominator is articulated, combining conceptions simply perpetuates the piecemeal, haphazard approach to privacy that has marked the privacy landscape so far. Nor will it provide a satisfactory answer for the hard privacy cases as they occur.
1.65 The NZLC suggests that ‘the main shortcoming of Solove’s approach is that it provides no basis for establishing why some harms are privacy violations and others are not’.
1.66 The characteristics of privacy also may have a changing demographic dimension. For example, what ‘Builders’ and ‘Baby Boomers’ see as necessarily falling within the ‘topography of the web’ may not resonate with ‘Generations X, Y and Z’. Young people appear much more willing to share personal details, post images and interact with others on internet chat sites. Whether this indicates a fundamental shift in attitudes to privacy—or simply the cavalier attitude and excesses of youth displayed in a new form—is an open question.
1.67 The pragmatic approach advocated by theorists such as Solove provides a useful template for law reform. Rather than focusing on an overarching definition of privacy, it makes more sense, using Solove’s terminology, to focus on particular points in the web and formulate a workable approach to deal with the disruption.
1.68 In this Inquiry, the ALRC has been asked to review an existing piece of legislation, the Privacy Act—which deals with information privacy—and to consider emerging areas that may require privacy protection. The ‘focal points’ of inquiry largely have been delineated by the legislation, and the reform needed to address any disruptions to specific practices can be articulated with reference to the legislation. In the case of emerging areas that require privacy protection—and in particular those areas falling within the scope of the statutory cause of action for a serious invasion of privacy discussed in detail in Part K——the disruption to specific practices can be identified with reference to case law, academic comment and legislation. In addition, the ‘blended core values approach’ articulated by the NZLC, discussed above, helps to determine whether a specific disruption falls within the penumbra of privacy.
 D Banisar, Privacy and Human Rights 2000: An International Survey of Privacy Law and Developments Privacy International <www.privacyinternational.org/survey/phr2000/overview.html> at 5 May 2008.
 R Gavison, ‘Privacy and the Limits of Law’ (1980) 89 Yale Law Journal 421, 465.
 S Warren and L Brandeis, ‘The Right to Privacy’ (1890) 4 Harvard Law Review 193.
 See, eg, R Prosser, ‘Privacy’ (1960) 48 California Law Review 383; E Bloustein, ‘Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser’ (1964) 39 New York University Law Review 962; C Fried, ‘Privacy’ (1967) 77 Yale Law Journal 475. This is not to suggest an absence of legal discourse between the late 19th century and the 1960s. For example, see the articles cited in E Bloustein, ‘Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser’ (1964) 39 New York University Law Review 962, n 4. See also J Stephen, Liberty, Equality, Fraternity (1967 ed, 1873), 160.
 R Gavison, ‘Privacy and the Limits of Law’ (1980) 89 Yale Law Journal 421, 465. See also, D Lindsay, ‘An Exploration of the Conceptual Basis of Privacy and the Implications for the Future of Australian Privacy Law’ (2005) 29 Melbourne University Law Review 131, 135–136; M Jackson, Hughes on Data Protection in Australia (2nd ed, 2001), 10.
 R Gavison, ‘Privacy and the Limits of Law’ (1980) 89 Yale Law Journal 421, 466.
 See, eg, A Samuels, ‘Privacy: Statutorily Definable?’ (1996) 17 Statute Law Review 115; L Introna, ‘Privacy and the Computer: Why We Need Privacy in the Information Society’ (1997) 28 Metaphilosophy 259; D Solove, ‘Conceptualizing Privacy’ (2002) 90 California Law Review 1087.
 Australian Law Reform Commission, Privacy, ALRC 22 (1983), xli.
 R Clarke, What’s ‘Privacy’? (2004) Australian National University <www.anu.edu.au/people/Roger.Clarke/DV/Privacy.html> at 5 May 2008. See also, E Barendt, ‘Privacy and Freedom of Speech’ in A Kenyon and M Richardson (eds), New Dimensions in Privacy Law: International and Comparative Perspectives (2006) 11, 30–31.
Vickery v Nova Scotia Supreme Court (Prothonotary)  1 SCR 671, 687.
 L Introna, ‘Privacy and the Computer: Why We Need Privacy in the Information Society’ (1997) 28 Metaphilosophy 259. One commentator suggests that a reason the legal definition of privacy is so elusive is due to the fact that ‘privacy has generally much more to do with politics than with law’: B Mason, Privacy Without Principle (2006), xii.
 Australian Law Reform Commission, Privacy, ALRC 22 (1983), .
 J McCarthy, The Rights of Publicity and Privacy (2nd ed, 2005), [5.59]. See also, D Solove, ‘A Taxonomy of Privacy’ (2006) 154(3) University of Pennsylvania Law Review 477, 479.
 Australian Law Reform Commission, Privacy, ALRC 22 (1983), .
 B Mason, Privacy Without Principle (2006), 40.
 Ibid, 41.
 J Whitman, ‘The Two Western Cultures of Privacy: Dignity v Liberty’ (2004) 113 Yale Law Journal 1151, 1221.
 Ibid, 1163. See also, R Bruyer, ‘Privacy: A Review and Critique of the Literature’ (2006) 43 Alberta Law Review 553, 569.
 J Whitman, ‘The Two Western Cultures of Privacy: Dignity v Liberty’ (2004) 113 Yale Law Journal 1151, 1161.
 Ibid, 1161. The origins of the ‘conceptual core’, according to Professor Whitman, are the Fourth Amendment—the right against unlawful search and seizures: Ibid, 1212.
 Ibid, 1203.
 Ibid, 1219.
 M Abrams, ‘Privacy, Security and Economic Growth in an Emerging Digital Economy’ (Paper presented at Privacy Symposium, Institute of Law China Academy of Social Science, 7 June 2006), 18.
 M Jackson, Hughes on Data Protection in Australia (2nd ed, 2001), 6.
 The workshop participants included Professor Des Butler; Professor Roger Clarke; Professor David Kinley; Mr David Lindsay; Associate Professor Megan Richardson; and Dr Greg Taylor.
 R Gavison, ‘Privacy and the Limits of Law’ (1980) 89 Yale Law Journal 421, 424.
 Ibid, 424.
 Article 12 provides: ‘No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks’: United Nations Universal Declaration of Human Rights, GA Res 217A(III), UN Doc A/Res/810 (1948).
International Covenant on Civil and Political Rights, 16 December 1966,  ATS 23, (entered into force generally on 23 March 1976), art 17.
Dietrich v The Queen (1992) 177 CLR 292, 305.
Human Rights Act 2004 (ACT) s 12.
 R Clarke, What’s ‘Privacy’? (2004) Australian National University <www.anu.edu.au/people/Roger.
Clarke/DV/Privacy.html> at 5 May 2008.
 Victorian Law Reform Commission, Workplace Privacy: Issues Paper (2002), xii (emphasis in original).
 Ibid, [2.38]. Based on this working definition, the VLRC suggested that ‘a test of invasion of privacy would be an assessment of the extent to which any particular law or practice has the effect of depriving people generally of [the right not to be reduced to an object and the right to relationships]’: Ibid, [2.49].
New Zealand Law Commission, Privacy Concepts and Issues: Review of the Law of Privacy Stage 1, Study Paper 19 (2008), [3.10].
R v Broadcasting Standards Commission ex parte BBC  QB 885, .
 See eg R Clarke, What’s ‘Privacy’? (2004) Australian National University <www.anu.edu.au/people/
Roger.Clarke/DV/Privacy.html> at 5 May 2008.
 C Fried, ‘Privacy’ (1967) 77 Yale Law Journal 475, 478. See also Privacy Act 1988 (Cth) s 29(a).
 Community Services Ministers’ Advisory Council, Submission PR 47, 28 July 2006.
McKennitt v Ash  EMLR 10, . The balancing of privacy and freedom of expression is discussed in greater detail in Part K.
 M Abrams, ‘Privacy, Security and Economic Growth in an Emerging Digital Economy’ (Paper presented at Privacy Symposium, Institute of Law China Academy of Social Science, 7 June 2006), 9.
United Nations Universal Declaration of Human Rights, GA Res 217A(III), UN Doc A/Res/810 (1948), art 25.
 D Solove, ‘Conceptualizing Privacy’ (2002) 90 California Law Review 1087, 1099.
 Ibid, 1130.
 R Bruyer, ‘Privacy: A Review and Critique of the Literature’ (2006) 43 Alberta Law Review 553, 576.
 New Zealand Law Commission, Privacy Concepts and Issues: Review of the Law of Privacy Stage 1, Study Paper 19 (2008), [2.37].
 For a discussion of the age limits of the generational categories, see Part I.
 L Weeks, ‘See Me, Click Me: The Publizen’s Life? It’s an Open Blog. The Idea He May be Overexposed? LOL’, Washington Post (online), 23 July 2006, <www.washingtonpost.com>.
 This is discussed in more detail in Ch 69.
 D Solove, ‘A Taxonomy of Privacy’ (2006) 154(3) University of Pennsylvania Law Review 477, 485–486.