16.08.2010
A right to privacy?
7.51 In DP 72, the ALRC expressed the preliminary view that the Privacy Act should not be extended to provide direct protection to corporations and other commercial entities. This view was based primarily on the following factors: such an extension would be inconsistent with the concept of privacy as a human right; it would conflict with fundamental principles of corporations law; and there is no demonstrable need for such an extension.[83] This section considers whether privacy rights should be extended to protect the privacy of corporations.
7.52 Some have suggested that the Privacy Act should be extended to protect the putative privacy rights of corporations. Proponents of this view maintain that a right to privacy traditionally has been inextricably, but erroneously, linked to autonomy and dignity.[84] Shorn of this link, they see no reason why the same privacy rights enjoyed by natural persons should not be extended to corporations.[85] Alternatively, it has been argued that protecting the privacy rights of a corporation ensures the protection of the autonomy of the individuals that constitute the corporation.[86]
7.53 In the United States, the purpose of privacy law has traditionally been seen as ‘protecting the individual and not social relationships’.[87] Professor William Prosser’s Restatement of the Law on Torts sees privacy as denoting ‘a personal right, peculiar to the individual whose privacy is invaded’.[88] Reasons for excluding corporations from the protection of US privacy law are that: corporations lack emotional traits; there is insufficient judicial precedent on the issue; and corporations have alternative remedies available to them.[89] It has been noted, however, that collective entities may have rights that resemble privacy rights, such as the right to the exclusive use of its name or identity in certain circumstances and rights under the law of unfair competition.
A corporation, partnership or unincorporated association has no personal right of privacy. It has therefore no cause of action for [breach of privacy]. It has, however, a limited right to the exclusive use of its own name or identity in so far as they are of use or benefit, and it receives protection from the law of unfair competition. To some limited extent this may afford it the same rights and remedies as those to which a private individual is entitled …[90]
7.54 The data protection laws of some jurisdictions, such as Austria, Italy, Argentina and Switzerland, expressly protect the privacy of collective entities.[91] The South African Law Reform Commission (SALRC) also has expressed a preliminary view that privacy law should provide some protection to both types of legal person (that is, natural persons and entities such as corporations). The SALRC acknowledged, however, that it would be inappropriate to provide the same levelof protection to collective entities as is afforded to natural persons.[92]
Submissions and consultations
7.55 A large number of stakeholders opposed extending the Privacy Act to protect corporations and other commercial entities.[93] Several stakeholders pointed out that corporate and commercial entities can use other laws, such as the action for breach of confidence and statutory protection of intellectual property, to protect their information.[94] Further, it was suggested that such an extension would lead to commercial entities operating less transparently.[95] One stakeholder stated that this would inhibit proper corporate governance.[96] The Australian Competition and Consumer Commission submitted that such an extension could allow some corporate entities to ‘delay or distract when subject to investigation or other enforcement action’.[97]
7.56 While generally opposed to the extension of privacy law beyond natural persons, the Australian Bankers’ Association submitted that, given incorporated entities are no longer able to protect their reputation through defamation, ‘arguably a limited right of privacy should be accorded to corporations in relation to the disclosure of defamatory material harmful to the reputation of corporations’.[98]
7.57 A small number of stakeholders suggested that it may be appropriate to extend privacy law to protect corporations and other commercial entities.[99] Although noting that a small, but significant, number of jurisdictions protect the privacy rights of collective entities such as corporations, Bygrave suggested that this is partly the result of the ‘pre-existing legal traditions’ in those jurisdictions. He noted that a ‘fundamental premise of the Austrian, Swiss and South African legal systems, for example, is that legal persons are to be treated as far as possible in the same way as natural persons’.[100]
ALRC’s view
7.58 It is not appropriate to extend privacy protection to corporations and other commercial entities. First, as already discussed, the Privacy Act is premised on the notion that privacy is a human right. Extending the protection of a human right to an entity that is not human is inconsistent with the fundamental approach of Australian privacy law.[101] There is no compelling reason to risk distorting the theoretical basis of the Privacy Act by making such a change, because there are more appropriate avenues for protecting the information rights of commercial entities. These include avenues provided by statutory protection of intellectual property and actions for breach of confidence.
7.59 Secondly, such an extension of the Act could undermine some of the fundamental principles of commercial law. This problem is particularly acute in relation to corporations, which are obliged to operate in a relatively transparent way. Moreover, part of the rationale for adopting the structure of a corporation is precisely to create a barrier between the identity of the corporation and the identity of the persons who establish, run and own it. To assign rights to the corporation would require a choice: either those rights must be assigned to the corporation itself, which would make it necessary to re-conceptualise some fundamental aspects of human rights law; or one must ‘pierce the corporate veil’, assigning those rights to the persons behind the corporation, which would make it necessary to re-conceptualise some aspects of corporations law.
7.60 As noted above, the vast majority of stakeholders opposed such a significant change to these fundamental tenets of the Act. This fact, coupled with the other points noted above, reinforce the ALRC’s conclusion that such an extension of the Privacy Act is neither necessary nor desirable.
[83] See Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [1.108]–[1.112].
[84] See, eg, C Doyle and M Bagaric, ‘The Right to Privacy and Corporations’ (2003) 31 Australian Business Law Review 237, 246–250; L Bygrave, ‘A Right to Privacy for Corporations? Lenah in an International Context’ (2001) Privacy Law and Policy Reporter 58.
[85] C Doyle and M Bagaric, ‘The Right to Privacy and Corporations’ (2003) 31 Australian Business Law Review 237, 250.
[86] N Witzleb, ‘The Protection of Corporations from Intrusive Media: A German Perspective’ (2006) 13(1) E-Law—Murdoch University Electronic Journal of Law 77, 104.
[87] N Richards and D Solove, ‘Privacy’s Other Path: Recovering the Law of Confidentiality’ (2007) 96 Georgetown Law Journal 123, 173.
[88]Restatement of the Law, 2nd, Torts 1977 (US), § 652I(a).
[89] L Bygrave, Data Protection Law: Approaching its Rationale, Logic and Limits (2002), 193.
[90]Restatement of the Law, 2nd, Torts 1977 (US), § 652I(c).
[91] L Bygrave, Data Protection Law: Approaching its Rationale, Logic and Limits (2002), 179–180.
[92] South African Law Reform Commission, Privacy and Data Protection, Discussion Paper 109 (2005), [3.4.8].
[93] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; Australian Competition and Consumer Commission, Submission PR 178, 31 January 2007; Australian Privacy Foundation, Submission PR 167, 2 February 2007; Confidential, Submission PR 165, 1 February 2007; Law Society of New South Wales, Submission PR 146, 29 January 2007; Confidential, Submission PR 143, 24 January 2007; Centre for Law and Genetics, Submission PR 127, 16 January 2007; AXA, Submission PR 119, 15 January 2007; Office of the Information Commissioner (Northern Territory), Submission PR 103, 15 January 2007; I Turnbull, Submission PR 82, 12 January 2007; Electronic Frontiers Australia Inc, Submission PR 76, 8 January 2007.
[94] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; Australian Competition and Consumer Commission, Submission PR 178, 31 January 2007; Australian Privacy Foundation, Submission PR 167, 2 February 2007; Confidential, Submission PR 165, 1 February 2007; Law Society of New South Wales, Submission PR 146, 29 January 2007; Electronic Frontiers Australia Inc, Submission PR 76, 8 January 2007.
[95] Office of the Privacy Commissioner, Submission PR 215, 28 February 2007; Australian Privacy Foundation, Submission PR 167, 2 February 2007; Confidential, Submission PR 165, 1 February 2007; I Turnbull, Submission PR 82, 12 January 2007; Electronic Frontiers Australia Inc, Submission PR 76, 8 January 2007.
[96] Confidential, Submission PR 165, 1 February 2007.
[97] Australian Competition and Consumer Commission, Submission PR 178, 31 January 2007.
[98] Australian Bankers’ Association Inc, Submission PR 259, 19 March 2007.
[99] W Caelli, Submission PR 99, 15 January 2007; L Bygrave, Submission PR 92, 15 January 2007.
[100] L Bygrave, Submission PR 92, 15 January 2007.
[101] See, R Piotrowicz and S Kaye, Human Rights: International and Australian Law (2000), 3; Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199, 226–227, 258, 279. Callinan J was more equivocal on this point: see 326–327.