Privacy is of interest in the health arena because of digital health records. The Australian Law Reform Commission has now released an issues paper on its reference Serious Invasions of Privacy in the Digital Era. See below for the 28 questions requiring consideration.

The ALRC website explains:

This Issues Paper was released on 8 October 2013, signalling the first stage of public consultation for the Serious Invasions of Privacy Inquiry. IP 43 provides background information and highlights issues identified by the ALRC as relevant to the Terms of Reference. The Issues Paper asks questions not just on issues relating to a stand-alone cause of action—to allow people to sue for a serious invasion of privacy—but also about alternative ways that existing laws could be supplemented or amended to provide appropriate protection for privacy in the digital era.

The ALRC invites individuals and organisations to make submissions in response to specific questions, or to any of the background material and analysis provided.

The closing date for submissions is 11 November 2013.

The ALRC is also hosting an online discussion forum which provides a less formal way for people to share opinions and ideas about some of the issues we are considering.

 

Principles guiding reform
Question 1. What guiding principles would best inform the ALRC’s approach to the Inquiry and, in particular, the design of a statutory cause of action for serious invasion of privacy? What values and interests should be balanced with the protection of privacy?
The impact of a statutory cause of action
Question 2. What specific types of activities should a statutory cause of action for serious invasion of privacy prevent or redress? The ALRC is particularly interested in examples of activities that the law may not already adequately prevent or redress.
Question 3. What specific types of activities should the ALRC ensure are not unduly restricted by a statutory cause of action for serious invasion of privacy?
Invasion of privacy
Question 4. Should an Act that provides for a cause of action for serious invasion of privacy (the Act) include a list of examples of invasions of privacy that may fall within the cause of action? If so, what should the list include?
Question 5. What, if any, benefit would there be in enacting separate causes of action for:
•misuse of private information; and
•intrusion upon seclusion?

Privacy and the threshold of seriousness
Question 6. What should be the test for actionability of a serious invasion of privacy? For example, should an invasion be actionable only where there exists a ‘reasonable expectation of privacy’? What, if any, additional test should there be to establish a serious invasion of privacy?

Privacy and public interest
Question 7. How should competing public interests be taken into account in a statutory cause of action? For example, should the Act provide that:
•competing public interests must be considered when determining whether there has been a serious invasion of privacy; or
•public interest is a defence to the statutory cause of action?
Question 8. What guidance, if any, should the Act provide on the meaning of ‘public interest’?

Fault
Question 9. Should the cause of action be confined to intentional or reckless invasions of privacy, or should it also be available for negligent invasions of privacy?

Damage
Question 10. Should a statutory cause of action for serious invasion of privacy require proof of damage or be actionable per se?
Question 11. How should damage be defined for the purpose of a statutory cause of action for serious invasion of privacy? Should the definition of damage include emotional distress (not amounting to a recognised psychiatric illness)?

Defences and exemptions
Question 12. In any defence to a statutory cause of action that the conduct was authorised or required by law or incidental to the exercise of a lawful right of defence of persons or property, should there be a requirement that the act or conduct was proportionate, or necessary and reasonable?
Question 13. What, if any, defences similar to those to defamation should be available for a statutory cause of action for serious invasion of privacy?
Question 14. What, if any, other defences should there be to a statutory cause of action for serious invasion of privacy?
Question 15. What, if any, activities or types of activities should be exempt from a statutory cause of action for serious invasion of privacy?

Monetary remedies
Question 16. Should the Act provide for any or all of the following for a serious invasion of privacy:
•a maximum award of damages;
•a maximum award of damages for non-economic loss;
•exemplary damages;
•assessment of damages based on a calculation of a notional licence fee;
•an account of profits?

Injunctions
Question 17. What, if any, specific provisions should the Act include as to matters a court must consider when determining whether to grant an injunction to protect an individual from a serious invasion of privacy? For example, should there be a provision requiring particular regard to be given to freedom of expression, as in s 12 of the Human Rights Act 1998 (UK)?

Other remedies
Question 18. Other than monetary remedies and injunctions, what remedies should be available for serious invasion of privacy under a statutory cause of action?

Who may bring a cause of action
Question 19. Should a statutory cause of action for a serious invasion of privacy of a living person survive for the benefit of the estate? If so, should damages be limited to pecuniary losses suffered by the deceased person?
Question 20. Should the Privacy Commissioner, or some other independent body, be able to bring an action in respect of the serious invasion of privacy of an individual or individuals?

Limitation period
Question 21. What limitation period should apply to a statutory cause of action for a serious invasion of privacy? When should the limitation period start?

Location and forum
Question 22. Should a statutory cause of action for serious invasion of privacy be located in Commonwealth legislation? If so, should it be located in the Privacy Act 1988 (Cth) or in separate legislation?
Question 23. Which forums would be appropriate to hear a statutory cause of action for serious invasion of privacy?
Question 24. What provision, if any, should be made for voluntary or mandatory alternative dispute resolution of complaints about serious invasion of privacy?

Interaction with existing complaints processes
Question 25. Should a person who has received a determination in response to a complaint relating to an invasion of privacy under existing legislation be permitted to bring or continue a claim based on the statutory cause of action?
Other legal remedies to prevent and redress serious invasions of privacy
Question 26. If a stand-alone statutory cause of action for serious invasion of privacy is not enacted, should existing law be supplemented by legislation:
•providing for a cause of action for harassment;
•enabling courts to award compensation for mental or emotional distress in actions for breach of confidence;
•providing for a cause of action for intrusion into the personal activities or private affairs of an individual?
Question 27. In what other ways might current laws and regulatory frameworks be amended or strengthened to better prevent or redress serious invasions of privacy?
Question 28. In what other innovative ways may the law prevent serious invasions of privacy in the digital era?