Posted on February 6, 2025 by Dimitrious Havadjia and Stuart Simington

The New Tort of Serious Invasion of Privacy: What does it mean for authorities?

Until the passage of the Privacy and Other Legislation Amendment Act 2024 (Amending Act), there was no general right to privacy in Australia except as provided by the relevant privacy legislation (such as the Privacy and Personal Information Protection Act 1998 (NSW). This meant there was limited recourse for individuals who suffered privacy breaches, especially if another individual or a private company caused the breach.

However, the Amending Act creates a new Australia wide statutory tort for a serious invasion of privacy. Thus, by 10 June 2025, it will be possible to commence proceedings against another person (including a State or local government authority) if the other person invades the individual’s privacy by intruding upon their seclusion or misusing information relating to them to seek damages for the harm caused.

While these changes are likely to have wide-ranging impacts on the interactions between individuals, in this article we consider the impact of this new tort on State and local government authorities and the exceptions to liability the Amending Act provides for.

The New Serious Invasion of Privacy Tort

The Amending Act will insert a new Schedule 2 into the Privacy Act 1988 (Cth) (Privacy Act).

Under Clause 7 of Schedule 2, a plaintiff will be able to bring a claim for a serious invasion of privacy if the defendant invaded the plaintiff’s privacy by:

    1. intruding upon the plaintiff’s seclusion, and/or misusing information that relates to the plaintiff; and
    2. if a person in the position of the plaintiff would have had a
      reasonable expectation of privacy in all of the circumstances;
      and
    3. the invasion of privacy was intentional or reckless; and
    4. the invasion of privacy was serious; and
    5. the public interest in the plaintiff’s privacy outweighed any countervailing public interest.

Further details about each element are set out in the Schedule 2.

Unlike many other claims, a claim can be made without proof of damage (although the lack of damage would be relevant to the amount awarded by a court), with a maximum of $478,550 in damages able to be awarded. In most cases, such a claim would be commenced in the Federal Circuit and Family Court of Australia.

Exemptions and Defences for Government Authorities

The Amending Act includes a list of defences (Clause 8) and exemptions (Clauses 15 – 18).

Relevantly, clause 16 sets out that the new Schedule 2 does not apply to an invasion of privacy by State and territory authorities (which includes local councils and State government authorities) to the extent that:

  1. the invasion was done in good faith, and
  2. the invasion was in the performance or purported performance of a function of the authority or in the exercise or purported exercise of a power of the authority.

On application by a defendant, the Amending Act requires that the court determine whether an exemption applies before the final hearing.

Additionally, there are a number of defences on which a local council or State government entity could rely on if an exemption is not available in the circumstances, including relevantly that:

  1. the invasion was required or authorised under a law or court order,
  2. the plaintiff consented to the invasion, or
  3. the defendant reasonably believed that the invasion of privacy was necessary to prevent or lessen a serious threat to the life, health or safety of a person.

Implications

On its face, the exemptions in Clause 16 are quite broad. As long as an authority is acting in good faith, it seems that even a wrongful exercise of a function or power would not give rise to liability, e.g., if a good faith decision is made by an authority to release private information, even if that decision might be a breach of a State privacy Act, the authority could remain exempt from tortious liability. Similarly, if an investigating officer enters residential premises without consent considering consent was not required, there may not be liability for any resulting breach of privacy (even if there may be liability under other acts) if that belief was formed in good faith.

That said, as the exemption in clause 16 was quite different in the first reading version of the Amending Act, there is limited explanatory material on how clause 16 is intended to operate. In that earlier version, there was no requirement for good faith, only that the authority reasonably believed that the invasion was ‘reasonably necessary’, and the exemption was limited to an authority’s functions associated with enforcement and compliance. The exemption was therefore different to what will ultimately come into effect.

It will be a matter for the courts to determine how far the exemption extends, particularly in cases where there has been a wrongful exercise of a power or function.

If an exemption is not available, the defences relevant to local and State authorities may be much more limited. For example, the Explanatory Memorandum considers that the defence (1 above) conduct may be impliedly “authorised” if it is directly entailed by a law. However, conduct will not be so authorised simply because it is not prohibited, or by virtue of general authority to perform specific functions or activities.  For example, we would think that the exercise of a power to enter premises under law, which entry that causes an invasion of privacy, would likely be covered by the defence because the exercise of that function, at least impliedly, directly authorises the circumstances in which the invasion of privacy occurs.

In light of the Amending Act and our recent article on the expansive approach taken by tribunals in sanctioning breaches of privacy, local and State authorities should review their policies and procedures to ensure compliance.

The full text of the Amending Act can be read here: Federal Register of Legislation – Privacy and Other Legislation Amendment Act 2024.

If you would like to discuss any of the above, please contact Stuart Simington or Dimitrious Havadjia.

0 replies on “The New Tort of Serious Invasion of Privacy: What does it mean for authorities?”

COMMENTS ARE NOW CLOSED

Leave a comment

in focus comments policy

LTL welcomes your feedback and comments on our posts. all comments, however, will be moderated and we reserve the right not to publish any comment for any reason.

LTL in focus is primarily designed for public sector and development professionals dealing in the fields of planning, environment and government. you may, therefore, wish to consult your organisation’s social media policy before you post any comments. it should go without saying that we expect all comments to maintain a level of respect and professional courtesy.

Please note we are unable to provide specific legal advice via these comments. If you wish to engage us to provide legal advice on a matter, please contact our office directly.

In making a comment you are required to provide your email address, this will not be published on the site. if the moderator chooses to publish your comment, the name you provide will be published with your comment – it is your choice whether you provide your full name or just your first name. if you provide your full name, we may seek to verify your identity prior to publication of your first comment. If you wish your comment to be directed only to the author or moderator please make that clear – marking it NFP or Not For Publication is the easiest way. thank you for your support and happy reading – matthew mcnamara, ceo.