The tort of serious invasion of privacy in Australia
commentary by Nidhi Modi
Professor Alan Westin, a privacy law scholar, has defined Privacy as, “the claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” Thus, Mr. Westin has emphasized on the idea that - individuals should retain control over their personal data. This is particularly relevant in the digital age, where control over data is lost the moment, it is submitted online. However, privacy is not only about personal data, information or secrets, rather it is also about intrusion, human autonomy, dignity and the right to control one’s private life. Article 17 of the International Covenant on Civil and Political Rights (ICCPR), to which Australia is a signatory, affirms that “No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honor and reputation.”
Until recently, privacy in Australia was protected through the Privacy Act 1988 (Cth) (‘the Act’) and several common law and equitable causes of actions such as breach of confidence, breach of contract, negligence, misleading conduct, trespass, etc. However, certain gaps were identified in this framework by courts and the Australia Law Reform Commission (ALRC) in its 2008 and 2014 recommendations. A decade after these recommendations, the statutory tort for serious invasions of privacy (the Tort’) was introduced as Schedule 2 to the Act in 2024 and it came into force on 10th June 2025. This article examines the gaps that led to the introduction of this Tort, explains the required elements, defences, exemptions, remedies available, and highlights some elements which might be difficult to establish and hence potentially obstructing the path to an effective remedy.
Reasons for the introduction of the tort:
Some of the gaps identified by ALRC in the privacy law before the introduction of the Tort included: a) limitation of the tort of trespass as it only prevents direct physical intrusion and does not cover unauthorized intrusion such as surveillance; b) uncertainty with respect to damages for emotional distress; c) limited scope of the Act as it only grants protection with respect to informational privacy and does not cover private organizations with an annual turnover of less than $ 3 million; d) uncertainty with respect to protection of privacy after disclosure under the equitable cause of action for breach of confidence and e) non-uniformity in surveillance laws across Australia.
Reflecting on the above mentioned shortcomings, the explanatory memorandum to the Amendment Bill 2024 states that, “the tort aims to prevent doxxing, provide a flexible flexible framework to address current and emerging privacy risks and provide individuals with the ability to better protect themselves and seek compensation for a broader range of serious invasions of privacy, including physical privacy, as well as misuse of information.” Moreover, the tort also aims to bring uniformity in the current regime which is fragmented across jurisdictions. The High Court in the case of ABC v. Lenah Games Meat had also emphasized on the necessity of introducing this Tort.
Elements of the Tort:
The succeed in their claim, a plaintiff must establish either (a) physical or technological intrusion into seclusion, or (b) misuse of private information which includes collection, use or disclosure of the information. Hence, this cause of action goes further than trespass (which does not capture surveillance) and breach of confidence (which generally requires unauthorised disclosure and does not cover mere collection or use). Further, it also extends protection to any misuse of information even where the information is false; which could not have been done in case of breach of confidence. This tort is actionable per se, addressing prior remedial gaps by not requiring proof of consequential loss.
However, the plaintiff needs to prove that there was a reasonable expectation of privacy. For determining this, the court will consider factors such as the technology used for the invasion, purpose, plaintiff’s circumstances and conduct, place of intrusion, nature of the information etc. For Instance, children may have a greater expectation of privacy than an adult in certain situations or a person will generally have a greater expectation of privacy in their home when compared to a public place. If the information is in public domain, then the expectation of privacy may be reduced. Furthermore, the invasion should have been intentional or reckless. Here, the standard of fault in case of recklessness is higher than mere negligence and intention has its ordinary meaning. It is not sufficient to only establish intention to do an act which consequentially resulted in invasion of privacy. For example, a photographer who takes a photograph of a public event, without realizing that it captures a private activity, would not be committing an intentional or reckless invasion of privacy.
It should also be established that the invasion was serious. For determining seriousness, the court may consider factors such as the degree of offence, distress or harm that was caused or was likely to have been caused, the defendant’s knowledge about the damage that occurred or that was likely to have occurred. Hence, an invasion of privacy motivated by malice, or where the defendant knew the plaintiff was likely to be offended, distressed or harmed, is more likely to be serious. This is an objective test, required to deter individuals from bringing trivial claims. Lastly, the public interest in the plaintiff’s privacy should outweigh any countervailing public interest.
A defendant can plead defences such as authority by the law/court, plaintiff’s implied or express consent had been obtained, necessity, lawful self-defence or defence of property and related defences that are available in a scenario where it was a publication as per defamation law in Australia. Additionally, the tort is not applicable in cases where privacy is invaded by journalists for publication and distribution of journalistic material, intelligence agencies, law enforcement bodies and state authorities.
Critical Analysis
The tort has several positive aspects, such as it addresses longstanding uncertainty in common law where courts hinted at but did not fully recognize a general privacy tort. It widens the scope of the protection beyond confidential information and covers a situation in which information is misused even if it is publicly available. Further, the non-requirement of proving damage would enable an aggrieved plaintiff to get relief for emotional, reputational or any other intangible loss due to the invasion of privacy. Other than damages, the plaintiff also has recourse to several remedies such as injunctions, correction orders, an apology and even an account of profits.
Notwithstanding the positives, there might be certain aspects of the tort which may be difficult for a plaintiff to establish. While the requirement of establishing a serious invasion and proving that there was a reasonable expectation of privacy has been introduced to deter trivial claims, this may leave victims of moderate but still harmful invasions without recourse. The requirement of proving seriousness may require the plaintiff to indirectly prove damages. Further, no relief may be granted if the information is in public domain for the want of a reasonable expectation of privacy. The wide exemptions in favor of journalists, state agencies, and intelligence bodies may be misused, and the outcome will often be based on judicial discretion. While the law anticipates various forms of technological intrusion, proving fault (especially recklessness) in case of a data breach may be complex. The risk of non-uniformity or fragmented litigation remains as the plaintiff may proceed under this tort, breach of confidence, defamation, statutory privacy provisions and several other causes of actions.
Conclusion
The statutory tort represents a landmark in Australian privacy protection, moving the law closer to international counterparts in the United Kingdom and New Zealand. Its strength lies in codifying a cause of action grounded in human dignity, not just confidentiality. However, the law’s practical impact will depend heavily on judicial willingness to interpret “seriousness”, “reasonable expectation of privacy” and “public interest” in ways that genuinely protect individuals against modern privacy harms. The next few years of litigation will determine whether Schedule 2 fulfils its promise as a robust safeguard for Australians in the digital era.