Review of the Privacy Guidelines for broadcasters: Consultation paper

Submission to the Australian Communications and Media Authority - October 2011

Submission by Timothy Pilgrim, Australian Privacy Commissioner

Recommendations.

• Recommendation 1
• Recommendation 2
• Recommendation 3
• Recommendation 4
• Recommendation 5
• Recommendation 6
• Recommendation 7
• Recommendation 8
• Recommendation 9
• Recommendation 10
• Recommendation 11

Introduction

Comments on the draft guidelines

• The Privacy Act and the broadcasting codes of practice
• Investigation steps
• Identifiable person
• Seclusion
• Consent
• Children and vulnerable people
• Public interest
• Good Privacy Practices

Recommendations

The Office of the Australian Information Commissioner (OAIC) welcomes the opportunity to make a submission to the Australian Communications and Media Authority (the ACMA) on the draft revised guidelines in its Review of the Privacy Guidelines for broadcasters: Consultation paper.^[1]

In this submission, the OAIC makes the following recommendations:

Recommendation 1

The office suggests that consideration be given to expanding the stated purpose of the draft guidelines to include increasing awareness of privacy issues in the media, and encouraging broadcasters to adopt practices aimed at safeguarding a person's privacy in broadcasting (p. 5 of this submission).

Recommendation 2

The draft guidelines should clarify how the Privacy Act 1988 (Cth) (Privacy Act) applies to broadcasters and interacts with the various broadcasting codes of practice (p. 6 of this submission).

Recommendation 3

The ‘Investigation Steps' section of the draft guidelines should include the following underlined words:

The ACMA will then consider:

• Was the person's consent obtained - or that of a parent or guardian?
• Was the broadcast material readily available from the public domain?
• Was the invasion of privacy in the public interest?

If the answer to any of these was yes, then there will be no breach found.

‘If the answer to any of these was yes, then in most circumstances there will be no breach found' (p. 7 of this submission).

Recommendation 4

If guidance is issued on the new definition of ‘personal information' (including the phrase ‘identifiable individual') proposed to be included in the Privacy Act^[2], the ACMA should consider whether to include some further information about what is meant by ‘identifiable' in the ‘Identifiable Person' section of the guidelines (p. 7 of this submission).

Recommendation 5

The ‘Seclusion' section of the draft guidelines states that a person's seclusion may be intruded upon where, in part, ‘he or she would have a reasonable expectation that his or her activities would not be observed or overheard by others'. In the OAIC's opinion a person's expectation of seclusion should not necessarily be limited to an expectation that ‘his or her activities would not be observed or overheard by others'. Instead, broadcasters should be encouraged to consider a broad range of contextual factors in determining whether an individual has a reasonable expectation of seclusion (pp. 7-9 of this submission).

Recommendation 6

The ‘Consent' section of the draft guidelines should explain why it is important from a privacy perspective, for broadcasters to seek individuals' consent (preferably express rather than implied) before broadcasting information that may otherwise invade that person's privacy (pp. 9-10 of this submission)

Recommendation 7

The ‘Consent' section of the draft guidelines should explain the meaning of ‘informed consent' in more detail, including that such consent must involve voluntary agreement and knowledge of the matter agreed to (pp. 9-10 of this submission).

Recommendation 8

The ‘Children and Vulnerable People' section of the draft guidelines should encourage broadcasters to involve children in decisions about whether to broadcast material concerning them to the extent possible (pp. 10-11 of this submission).

Recommendation 9

The ‘Children and Vulnerable People' section of the draft guidelines should also encourage broadcasters to explain to vulnerable people who are not competent to give consent, the implications of disclosing personal information, wherever possible. This should be explained in a way that is meaningful to the person concerned and appropriate in the circumstances (pp. 10-11 of this submission).

Recommendation 10

The ‘Public Interest' section of the draft guidelines should encourage broadcasters to balance an identified public interest against any competing privacy interests before broadcasting material that may invade a person's privacy (pp. 11-12 of this submission).

Recommendation 11

As a matter of good privacy practice, the draft guidelines could encourage broadcasters to:

• provide notice to individuals about the collection and handling of their personal information, including for example, the media organisation's identity and the reason for collecting the information
• collect personal information only by lawful and fair means and not in an unreasonably intrusive way, and
• take reasonable steps to protect the security of their personal information holdings (pp. 13-14 of this submission).

Introduction

The Office of the Australian Information Commissioner (the OAIC) was established by the Australian Information Commissioner Act 2010 (Cth) and commenced operation on 1 November 2010.

The OAIC is an independent statutory agency headed by the Australian Information Commissioner. The Information Commissioner is supported by two other statutory officers: the Freedom of Information Commissioner and the Privacy Commissioner.

The former Office of the Privacy Commissioner was integrated into the OAIC on 1 November 2010.

The OAIC brings together the functions of information policy and independent oversight of privacy protection and freedom of information (FOI) in one agency, to advance the development of consistent workable information policy across all Australian government agencies.

The Commissioners of the OAIC share two broad functions:

• the FOI functions, set out in s8 of the AIC Act - providing access to information held by the Australian Government in accordance with the Freedom of Information Act 1982 (Cth), and
• the privacy functions, set out in s9 of the AIC Act - protecting the privacy of individuals in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and other legislation.

The Information Commissioner also has the information commissioner functions, set out in s 7 of the AIC Act. Those comprise strategic functions relating to information management by the Australian Government.

In terms of the OAIC's privacy functions, the Privacy Act protects the ‘personal information' of individuals handled by Australian Government agencies (as well as ACT and Norfolk Island agencies) and personal information held by all large private sector organisations, private health service providers and some small businesses. It does this through the application of binding privacy principles - the Information Privacy Principles (IPPs) generally apply to agencies, and the National Privacy Principles (NPPs) generally apply to organisations.

The OAIC appreciates the opportunity to make a submission to the Australian Communications and Media Authority (the ACMA) on the draft revised guidelines (the draft guidelines) in the Review of the Privacy Guidelines for broadcasters: Consultation paper.^[3] The OAIC understands that the main purpose of the draft guidelines is to assist broadcasters to better understand their privacy obligations under the various broadcasting codes.^[4] As such the draft guidelines describe steps that broadcasters should take to avoid breaching privacy obligations in these codes.

The OAIC strongly supports the ACMA in its publication of guidance to help broadcasters understand their privacy obligations under the broadcasting codes. It considers that the case studies appended to the draft guidelines are particularly helpful in explaining real life examples of the concepts outlined in the guidelines. It also agrees in principle to expanding the scope of privacy guidance given in the current Privacy Guidelines for Broadcasters (August 2005), by explaining that a person's privacy may not only be invaded by disclosing that person's personal information, but also by intruding upon his or her seclusion.^[5]

The OAIC suggests however, that the ACMA's review of its Privacy Guidelines for Broadcasters (August 2005) provides an opportunity to reconsider and expand the purpose of the draft guidelines more broadly. In particular, the OAIC suggests that the guidelines should aim to increase awareness about privacy issues in the media. The guidelines could also encourage broadcasters to adopt practices aimed at safeguarding a person's privacy in broadcasting. These recommended privacy practices may in some circumstance be above and beyond minimum compliance with the terms of a broadcasting code. Expanding the guidelines' purpose in this way would be consistent with community attitudes expressed in the ACMA's recent survey, in which participants strongly supported protecting individuals' privacy in broadcasting.^[6]

The OAIC‘s comments below draw in part on this suggestion to expand the draft guidelines' purpose. More generally, they are intended to assist the ACMA in clarifying and enhancing its guidance on privacy for broadcasters.

Comments on the draft guidelines

The Privacy Act and the broadcasting codes of practice

The draft guidelines do not refer to the Privacy Act or explain how it applies to broadcasters. Instead they state that ‘there is no general right to privacy under Australian law' and that privacy protections specific to broadcasting are set out in the various broadcasting codes of practice.^[7]  In the OAIC's view, this may give the impression that there are no Australian laws regulating privacy, or that media organisations do not need to comply with privacy laws in any circumstances.

The OAIC suggests that the draft guidelines clarify how the Privacy Act applies to broadcasters and interacts with the various broadcasting codes of practice. This could be explained in a similar way to the Privacy Guidelines for Broadcasters (August 2005). ^[8] For example, the draft guidelines could explain that acts done and practices engaged in by media organisations in the course of journalism are exempt from the operation of the Privacy Act, provided the organisation meets certain requirements, including being publicly committed to standards that deal with privacy.^[9] The draft guidelines could also state that media organisations will generally need to comply with the NPPs in respect of activities that are engaged in outside of the course of journalism. They could also explain how the Privacy Act applies to public broadcasters such as SBS and the ABC.^[10]

Investigation steps

The OAIC appreciates that this section of the draft guidelines is intended to provide a high level overview of the various factors that the ACMA will take into account in investigating an alleged breach of a broadcasting code privacy provision. However, the OAIC considers that the following information may not be consistent with later sections of the draft guidelines:

‘The ACMA will then consider:

• Was the person's consent obtained - or that of a parent or guardian?
• Was the broadcast material readily available from the public domain?
• Was the invasion of privacy in the public interest?

If the answer to any of these was yes, then there will be no breach found.'

In particular the section titled ‘Children and Vulnerable People' explains that in some circumstances where parental consent has been obtained, there may still be a breach of privacy.^[11]

The OAIC suggests adding the following underlined words to this section of the draft guidelines:

‘If the answer to any of these was yes, then in most circumstances there will be no breach found.'

Identifiable person

This section of the draft guidelines states that for codes to be breached, ‘a particular person must be identifiable from the broadcast'.^[12] The draft guidelines do not explain what is meant by ‘identifiable from the broadcast' or give any examples.

The OAIC notes that the term ‘identifiable' has recently been considered in the context of proposed reforms to the Privacy Act. In its review of privacy laws and practice, the ALRC recommended that the definition of ‘personal information' be amended to ‘information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified or reasonably identifiable individual'.^[13] The ALRC noted that this definition may give rise to uncertainty, and recommended that the then Office of the Privacy Commissioner issue guidance including on the meaning of ‘identified or reasonably identifiable'.^[14] This recommendation was recently reiterated by the Senate Finance and Public Administration Committee in its review of draft Australian Privacy Principles. The Senate Committee commented that there were divergent views about the proposed new definition of 'personal information' including the meaning of ‘identifiable', and recommended that guidance on this matter should be provided as a matter of priority.^[15]

Given potential uncertainty about the meaning of ‘identifiable', the OAIC suggests that if guidance is published, the ACMA could review its guidelines and include some further information about what is meant by ‘identifiable' (with examples). This may help broadcasters to understand the circumstances in which material may be ‘identifiable', where for example, it does not include a person's name or image. 

Seclusion

In principle, the OAIC supports extending the definition of an invasion of privacy to cover an intrusion of a person's seclusion.^[16] The office understands that this section of the draft guidelines draws on the ALRC's recommendation to introduce a statutory cause of action for serious invasion of privacy.^[17] The office has previously noted that a statutory cause of action could address some of the gaps in privacy protection that exist both in the legislation and common law.^[18]

The OAIC also supports recognition in the draft guidelines that it is possible for an invasion of a person's seclusion to take place in a public space.^[19] However, the office has some concerns that under the draft guidelines such invasion could only happen where a person has ‘a reasonable expectation that his or her activities would not be observed or overheard by others'.^[20]

In the OAIC's view, limiting invasions of privacy in a public space in this way may not be consistent with the ACMA's reasoning in case study 3 or with community attitudes expressed in the ACMA's recent survey. In case study 3, a man was grieving in a public space after he lost his parents in a boating accident. The ACMA considered that:

‘the continuing lengthy footage of the survivor's expressions of intense grief [in a public place], over his vehement objections to being filmed, invaded his capacity or opportunity to grieve privately... however, the ACMA made a ‘no finding' decision on whether the material breached the privacy clause of the Commercial Television Code largely because it considered that the 2005 Privacy Guidelines focused on material relating to a person's private affairs (information privacy) and did not provide adequate guidance on the code element dealing with material which invades an individual's privacy (seclusion)'.^[21]

In the ACMA's community attitudes survey, participants generally considered that the media's conduct invaded the grieving man's seclusion.^[22]

However, as the OAIC understands it, in case study 3 the man would have had a reasonable expectation that his activities would be overheard or observed by the media. So, applying the guidance for invasion of seclusion in the draft guidelines, the media's conduct would not amount to an invasion of the man's seclusion. Accordingly, the guidance may not address the perceived privacy wrong considered in case study 3.

The OAIC suggests that the ACMA consider amending this aspect of its guidance on an ‘invasion of seclusion'. Perhaps the guidance could encourage broadcasters to take account of a broad range of contextual factors in determining whether an individual has a reasonable expectation of seclusion. As a guide, the ACMA could refer to the statutory causes of action for invasion of privacy recommended by the Law Reform Commission of NSW and the ALRC. In each case, to establish an invasion of privacy an individual would need to have a ‘reasonable expectation of privacy', rather than a reasonable expectation that his or her activities would not be observed or overheard by others.^[23]

Consent

In the OAIC's view, an individual's ability to control the disclosure of their personal information is an important aspect of privacy protection. The office therefore supports broadcasters obtaining an individual's informed consent before disclosing their personal information.^[24] The OAIC suggests that the draft guidelines not only state that informed consent waives a person's claim to privacy protection, but encourage broadcasters wherever possible to actively seek an individual's consent before broadcasting their personal information or intruding upon that person's seclusion.

Given the importance of informed consent in protecting individuals' privacy, the draft guidelines could provide some more detail about its purpose and meaning. In particular:

• in addition to noting that informed consent may waive an individual's claim to privacy protection, the draft guidelines could explain the reasons why broadcasters should seek individuals' consent. For example, seeking an individual's consent facilitates that individual's choice and control over personal information handling, which are central components of privacy protection
• the draft guidelines could explain what is meant by ‘informed consent'. As the OAIC understands it, there are two main elements of informed consent - voluntary agreement and knowledge of a matter agreed to.^[25] The individual needs to be aware of the implications of providing or withholding consent, having received the information in a way that is meaningful to them and appropriate in the circumstances.^[26] As such, whether informed consent is given depends partly on the context, including how consent is sought, the characteristics of the individual from whom consent is sought, the thing/s to which the individual appears to be giving his or her consent, and any other relevant factors.^[27]
• the draft guidelines could make clear that only a ‘competent' individual can give consent, although an organisation can ordinarily assume capacity unless there is something to alert it otherwise. As the OAIC understands it, competence means that individuals are capable of understanding issues, forming views based on reasoned judgments and communicating their decisions.^[28] An individual's capacity to consent is discussed in more detail in the next section of this submission.

The draft guidelines state that consent can be express or implied.^[29] While this is consistent with the definition of consent in s 6(1) of the Privacy Act^[30], as a general rule, the OAIC would suggest that agencies and organisations seek an individual's express consent (by asking the person the information is about to take positive action to express their consent), rather than relying on a person's implied consent. This is because implied consent requires agencies and organisations to make a difficult judgment about what a person may think in particular circumstances or what a person may mean by a particular action. Wrong decisions can lead to serious breaches of privacy.^[31] The office would therefore suggest that the draft guidelines encourage broadcasters to seek express consent over implied consent, and outline the reasons for doing so.

The office also suggests adding the following underlined words in this section:

 ‘if informed consent is obtained prior to the broadcast of material, then in most circumstances the person waives his or her claim to privacy protection (see for example ‘children and  vulnerable people)' ^[32]

This amendment would recognise that in certain circumstances, an individual's claim to privacy may not be waived even if they consent to a particular broadcast of their personal information.

Children and vulnerable people

The OAIC agrees that broadcasters should take special care when using material concerning a child (defined as a person of 16 years or under) or vulnerable person.^[33] This recognises that children and vulnerable people (such as adults with a decision-making disability) may not understand the consequences for them of a broadcaster disclosing their personal information. It also recognises that children and vulnerable people are particularly susceptible to abuse or inadvertent invasions of their privacy.

In addition, the OAIC agrees in principle that a parent or guardian's consent should always be obtained expressly before using material that invades a child's privacy.^[34] The office would suggest however, that broadcasters also involve children in this decision-making process to the fullest extent possible. In particular, where a child has a sufficient level of maturity and understanding to make their own decisions about their personal information, it would be good privacy practice to let them decide whether or not their personal information should be disclosed.^[35] Moreover, even if a young person is not sufficiently mature to give informed consent, broadcasters should be encouraged wherever possible to take account of his or her views.^[36]  These measures would encourage broadcasters to recognise and consider the differing levels of maturity of children as well as their individual preferences before broadcasting material about a child.^[37]

In a similar way, the OAIC would support privacy guidance for broadcasters which facilitates the choice and control of vulnerable people over their personal information. Clearly, a vulnerable person's consent should be sought where they have such capacity. Conversely, where a vulnerable person is not competent to give consent it would be good privacy practice to explain where possible, the implications of disclosing personal information in a way that is meaningful to them and appropriate in the circumstances.

Public interest

According to the draft guidelines, ‘the use of material in a broadcast will not be an invasion of privacy if there is a clear and identifiable link between it and the public interest at the time of broadcast.'^[38] The draft guidelines list broad categories of public interest issues, including politics, government and public administration, elections and the conduct of corporations, businesses, trade unions and religious organisations. As the OAIC understands it, this effectively means that where there is any identifiable public interest in broadcasting material about an individual, it will override that person's claim to privacy.

The OAIC acknowledges that explaining a ‘public interest' defence in this way reflects the language of some of the broadcasting codes.^[39] However, it is open to broadcasters to aim for a higher level of respect for privacy, and for the ACMA to encourage this in its guidelines.

The office recognises that the right to privacy is not absolute and it is often necessary to balance privacy with other important social interests such as the right to free speech. The challenge is determining how to achieve an appropriate balance with the protection of important human rights and social interests that may sometimes compete with privacy. In the OAIC's opinion however, the public interest defence proposed in the draft guidelines may not achieve this balance. It is conceivable that in applying this proposed defence, the public interest in disclosing information about an individual may be slight, but the privacy impacts for an individual/s may be extreme. An example of this is in case study 3, where the ACMA found that ‘the public interest in the story as a whole did not justify the broadcast of extended footage showing a distressed survivor who clearly objected to being filmed'.^[40]

The OAIC suggests that in addition to identifying a public interest, broadcasters should be encouraged to balance that public interest against any competing privacy interests before deciding to broadcast this material. In the OAIC's opinion this would more closely reflect community perceptions of the importance of privacy safeguards in broadcasting.^[41]

As a guide, the OAIC suggests that further consideration be given to the formulation of the ‘public interest test' in the ALRC's recommended statutory cause of action for serious invasion of privacy. In particular, the ALRC recommended that:

‘Federal legislation should provide that, for the purpose of establishing liability under the statutory cause of action for invasion of privacy, a claimant must show that in the circumstances:

(a) there is a reasonable expectation of privacy; and

(b) the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities.

In determining whether an individual's privacy has been invaded for the purpose of establishing the cause of action, the court must take into account whether the public interest in maintaining the claimant's privacy outweighs other matters of public interest (including the interest of the public to be informed about matters of public concern and the public interest in allowing freedom of expression).'^[42]

Adopting a similar public interest test in the draft guidelines would encourage broadcasters to not only consider whether there is an identifiable public interest in broadcasting material, but to take account of potential competing privacy claims before broadcast.

Where a public interest issue is found to outweigh valid privacy concerns, perhaps the draft guidelines could encourage broadcasters to consider any reasonable steps to mitigate the privacy impacts of such broadcast, including for example whether the material could be de-identified. This approach would appear to be consistent with the ACMA's reasoning in case study 1, in which the ACMA found that ‘while there was an identifiable public interest reason for broadcasting the segment as a whole, there was no identifiable public interest reason to disclose the complainant's identity (by showing her face).'^[43]

It is also relevant that in September 2011, the Minister for Privacy and Freedom of Information, the Hon Brendan O'Connor MP, launched an issues paper seeking the views of the public on introducing a statutory cause of action for serious invasion of privacy.^[44] If in future the Government introduces this statutory cause of action, the OAIC suggests that at a minimum, the ACMA review the draft guidelines (especially the sections titled ‘seclusion' and ‘public interest'), to ensure that the concepts outlined in the draft guidelines are not inconsistent with similar concepts covered by the statutory cause of action.

Good Privacy Practices

The OAIC suggests that the draft guidelines encourage broadcasters to use good privacy practices when handling individuals' personal information.

Collection

In particular, the draft guidelines could encourage broadcasters to provide notice to individuals regarding the collection and handling of their personal information. For example, NPP 1.3 generally requires organisations to notify an individual of the organisation's identity, the purpose for which the information is collected and who this kind of information will usually be disclosed to. This helps to ensure that an individual is not surprised about personal information handling practices, especially where this involves ‘sensitive information' such as health information or criminal records information. The office acknowledges that there will be situations where this is not practical or reasonable, particularly in relation to investigative journalism. However there will be many occasions when simply letting an individual know their personal information is being collected and how it will be used would not seem overly onerous.^[45] 

The draft guidelines could also urge broadcasters to collect personal information only by lawful and fair means and not in an unreasonably intrusive way (as required by NPP 1.2). In the context of NPP 1.2, ‘lawful means' refers to methods that are not prohibited by law. ‘Fair' means without intimidation or deception, recognising that in some circumstances covert collection of personal information would be fair.^[46]

Data security

The Privacy Act requires agencies and organisations to take reasonable steps to maintain the security of their personal information holdings.^[47] This is intended to limit the risk of an individual's personal information being misused, lost, or subject to unauthorised access, modification or disclosure, which could have serious consequences for the individual/s concerned.^[48] In a similar way, the draft guidelines could encourage broadcasters to take reasonable steps to protect the security of their personal information holdings. This would give some assurance to individuals whose personal information is collected and held by broadcasters and, for privacy reasons, de-identified before broadcast.

[1] See http://www.acma.gov.au/WEB/STANDARD/pc=PC_410123

[2] See Senate Finance and Public Administration Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Report Part 1 Australian Privacy Principles, paragraph 3.72, see http://www.aph.gov.au/senate/committee/fapa_ctte/priv_exp_drafts/report_part1/index.htm

[3] See http://www.acma.gov.au/WEB/STANDARD/pc=PC_410123

[4] Draft guidelines, p. 4

[5] Draft guidelines, p. 4

[6] For example, 93% of media users surveyed by the ACMA said that they believed it is either ‘very important' (68%) or ‘somewhat important' (25%) for broadcasters to safeguard a person's privacy in news and current affairs. See ACMA, Australian's Views on Privacy in Broadcast News and Current Affairs- Complementary Survey Report to Community Research into Broadcasting and Media Privacy, August 2011, p. 5, http://www.acma.gov.au/WEB/STANDARD/pc=PC_410122

[7] Draft guidelines, p. 4

[8] See http://www.acma.gov.au/WEB/STANDARD/pc=PC_100133

[9] Section 7B(4) of the Privacy Act

[10] ACMA, Privacy Guidelines for Broadcasters (August 2005), p. 5

[11] ‘A parent or guardian's consent should always be obtained expressly before using material that invades a child's privacy. However, parental consent alone will not always be sufficient for a broadcaster to comply with its code privacy obligations', p. 7

[12] Draft guidelines, p. 5

[13] ALRC, Report 108, Australian Privacy and Practice: For Your Information, recommendation 6-1, see http://www.austlii.edu.au/au/other/alrc/publications/reports/108/

[14] ALRC, Report 108, Australian Privacy and Practice: For Your Information, paragraph 6.63 and recommendation 6-2

[15] Senate Finance and Public Administration Committee, Exposure Drafts of Australian Privacy Amendment Legislation, Report Part 1 Australian Privacy Principles, paragraph 3.72, see http://www.aph.gov.au/senate/committee/fapa_ctte/priv_exp_drafts/report_part1/index.htm  

[16] Draft guidelines, p. 4

[17] ALRC, Report 108, Australian Privacy and Practice: For Your Information, paragraph 74.83 and recommendation 74-2

[18] The Office of the Privacy Commission has previously stated ‘a dedicated cause of action could serve to complement the already existing legislative based protections afforded to individuals and address some gaps that exist both in the common law and legislation', see Submission to ALRC Review of Privacy Discussion Paper 72, p228, http://www.privacy.gov.au/law/reform

[19] Draft guidelines, p. 6

[20] Draft guidelines, p. 6

[21] Draft guidelines, p.11

[22] See for example ‘TV news clip: Boating Accident', ‘TV News Clip: Young Survivor of a Family Tragedy',  ACMA, Community Research into Broadcasting and Media Privacy, Research Report commissioned by the ACMA and prepared by GfK bluemoon (August 2011), pp. 45- 48

[23] The NSW Law Reform Commission recommended in Report 120, that to establish a cause of action for an invasion of privacy an individual would need to have a ‘reasonable expectation of privacy', see Appendix A: Civil Liability Amendment (Privacy) Bill see http://www.lawlink.nsw.gov.au/lawlink/lrc/ll_lrc.nsf/pages/LRC_r120report#H5. The ALRC recommended in Report 108 that a statutory cause of action for invasion of privacy, should require a claimant to show that in the circumstances there is a reasonable expectation of privacy (and that the act or conduct complained of is highly offensive to a reasonable person of ordinary sensibilities), recommendation 74-2 

[24] Draft guidelines, p. 6

[25] See Office of the Privacy Commissioner Guidelines to the National Privacy Principles produced by the Office of the Privacy Commissioner p. 22. These Guidelines are current and form part of the OAIC's operational information, see http://www.privacy.gov.au/materials/types/guidelines/view/6582

[26] Office of the Privacy Commissioner 2001, Guidelines on Privacy in the Private Health Sector, http://www.privacy.gov.au/materials/types/guidelines/view/6517

[27] ALRC, Discussion Paper 72 Review of Australian Privacy Law, paragraph 60.25, see http://www.austlii.edu.au/au/other/alrc/publications/dp/72/16.html

[28] See Office of the Privacy Commissioner, Guidelines to the National Privacy Principles, p. 22

[29] Draft guidelines, p. 6

[30] Section 6(1) of the Privacy Act states that ‘consent means express consent or implied consent'

[31] See Office of the Privacy Commissioner, Plain English Guidelines to IPPS 8 - 11, see p. 26 (these guidelines are current and form part of the OAIC's operational information)

[32] Draft guidelines, p. 6

[33] Draft guidelines, p. 7

[34] Draft guidelines, p. 7

[35] Under the Privacy Act, a young person can give their consent when they have sufficient understanding and maturity to understand what they are consenting to. See Office of the Privacy Commissioner 2001, Guidelines on Privacy in the Private Health Sector

[36] Guidelines on Privacy in the Public Health Sector, p.24

[37] ALRC, Discussion Paper 72 Review of Australian Privacy Law, paragraph 60.59, see http://www.alrc.gov.au/inquiries/privacy

[38] Draft guidelines, p. 7

[39] For example clause 2.1 (d) of the Commercial Radio Code of Practice 2010

[40] Draft guidelines, p. 11

[41] See ACMA, Australian's Views on Privacy in Broadcast News and Current Affairs- Complementary Survey Report to Community Research into Broadcasting and Media Privacy, August 2011, p. 5, http://www.acma.gov.au/WEB/STANDARD/pc=PC_410122

[42] Australian Law Reform Commission, For Your information: Australian Privacy Law and Practice, Report 108, Recommendation 74-2

[43] Draft guidelines, p. 9

[44] Commonwealth of Australia Department of Prime Minister and Cabinet, Issues Paper: A Commonwealth Statutory Cause of Action for Serious Invasion of Privacy (September 2011), http://www.dpmc.gov.au/privacy/causeofaction/

[45] For more information on how the NPPs deal with what are reasonable steps to providing notice to individuals about collection of their personal information, see Information Sheet (Private Sector) 18 - 2003: Taking reasonable steps to make individuals aware that personal information about them is being collected, http://www.privacy.gov.au/materials/types/infosheets/view/6550 

[46] See Revised Explanatory Memorandum to the Privacy Amendment (Private Sector) Act 2000 (Cth), pp. 130 - 131, see http://www.comlaw.gov.au/ The former Office of the Privacy Commissioner's Guidelines to Information Privacy Principles 1-3, describes these concepts in more detail and includes some examples of unfair collection practices

[47] See NPP 4.1 in Schedule 3 of the Privacy Act and IPP 4 in s 14 of the Privacy Act

[48] For more information see Office of the Privacy Commissioner Guidelines to the National Privacy Principles