Principle 7: Privacy laws should be coherent and consistent

2.26 Any recommendation for a statutory cause of action for serious invasion of privacy (or other remedy) should promote coherence in the law and be consistent with other Australian laws or regulatory regimes. Recommendations should also promote uniformity or consistency in the law throughout Australian jurisdictions.

2.27 In its consultations and other occasions,[35] the ALRC has heard of widespread concern, uncertainty and confusion caused by notable differences in the law between the various states and territories. Two obvious examples relating to privacy are the inconsistency of legislation dealing with the use of surveillance devices and with harassment and cyber-bullying.

2.28 Inconsistent laws not only provide poor protection for privacy, but also inadequately protect countervailing interests—such as freedom of the media. Victims of unauthorised surveillance are poorly protected if they are unable to determine if a breach of a statute has occurred. The important activities of others, such as media entities, which operate nationally, may be overly restricted if it is unclear when and where they might be breaching a law.[36] The ALRC’s recommendations are directed at achieving legal uniformity across Australia in relation to many different types of invasions of privacy.

2.29 The need for coherence and consistency also underlies the desirability of avoiding unnecessary overlap between legal regimes. Many stakeholders[37] expressed the view that any proposed remedial regime should not overlap or be inconsistent with the various regulatory schemes[38] and statutory prohibitions that already constrain the activities of certain organisations and render them subject to substantial compliance requirements, enforceable obligations, civil penalties, and private law remedies. This was a particular concern in view of the new compliance requirements imposed on entities as a result of amendments to the Privacy Act 1988 (Cth) (Privacy Act)that came into force in March 2014.

2.30 However, regulation, the criminal law and the civil law can serve different purposes, even if they overlap in some ways. As discussed in Chapter 3, there are many different regulatory regimes, criminal laws and civil obligations and remedies protecting people from breaches or invasions of privacy either directly or indirectly. Any proposal for law reform should be considered in the context of the whole range of existing laws.

2.31 The consequence of a breach of a regulatory scheme or of the criminal law may not result in any personal remedy to a person affected by the breach. In some cases, this may be appropriate, as the person affected may be one of thousands of people affected and the individual may have not have suffered any material or serious harm. In this case, a more appropriate response may be a regulatory scheme that ensures that such a breach does not happen again. The breach may also lead to a criminal prosecution that may punish the perpetrator, and deter such conduct in the future.

2.32 Finally, legal reforms affecting civil liability for invasions of privacy should be consistent with legislative policy as it affects civil liability for wrongs to others generally,[39] and with other common law principles, unless there is an express and clear intent to override or distinguish them.