The new tort for Serious Invasions of Privacy commences soon – but who will use it? – Dentons
Co-authored by Michael Park, Partner, Jamie Griffin, Managing Associate, and Renata Panozzo, Law Graduate
Co-authored by Michael Park, Partner, Jamie Griffin, Managing Associate, and Renata Panozzo, Law Graduate
On 10 June 2025, the new statutory tort for serious invasions of privacy, as introduced under the Privacy and Other Legislation Amendment Act 2024 (Cth) (Privacy Amendment Act), will come into effect. The tort will be contained in a new Schedule 2 of the Privacy Act 1988 (Cth) (Privacy Act). This change takes effect six months after the Privacy Amendment Act received Royal Assent and after most of the first tranche of changes to the Privacy Act commenced in December 2024.
The introduction of the new statutory tort has been a longstanding privacy reform proposal in Australia and can be traced back to recommendations made in the Australian Law Reform Commission’s 2008 report, For Your Information. However, the high thresholds necessary to establish various elements of the tort may limit its utility.
The new statutory tort establishes a cause of action for individuals who have suffered a serious invasion of privacy arising from
For the tort to be actionable:
Importantly, the invasion of privacy is actionable without proof of damage.
Various definitions and interpretative provisions in the new Schedule 2 to the Privacy Act provide further guidance on the scope of this tort, including:
However, the breadth and interpretation of these elements will ultimately be a matter for the courts in any initial test cases.
A key feature of the new tort is the requirement that the contravening conduct must be either intentional or reckless. Relevantly, what constitutes being reckless is defined by reference to the meaning of that term in Schedule 1 to the Criminal Code Act 1995 (Cth) (Criminal Code).
Under section 5.4 of the Criminal Code, a person is reckless if they are aware that a substantial risk exists or will exist and, having regard to the circumstances, it is unjustifiable to take the risk but they do take that risk.
Aligning the definition of recklessness with the Criminal Code sets the standard for this element of the tort at a criminal standard of fault, which is significantly higher than that of the civil standard of negligence that may be applied to other torts. As such, plaintiffs seeking to enliven the tort will bear a significant evidentiary burden in establishing that the contravening conduct meets this higher criminal threshold.
Part 3 of the new Schedule 2 to the Privacy Act establishes exemptions to liability under the tort. Most notably, journalists and those who employ or assist journalists are exempt from liability and the new tort does not apply to otherwise privacy-invasive conduct which is carried out in the course of professional journalism. The Explanatory Memorandum to the Privacy Amendment Act states that these exemptions are designed to promote freedom of press and foster “public debate, to promote accountability and transparency, and serve as a platform for diverse opinions and voices”.
However, much like defamation law, this carve out significantly narrows the scope of potential claims against media defendants. Several existing defamation defences (including fair reporting of proceedings of public concern) are also recognised as defences to this new tort.
Given the likely costs of litigation to pursue a claim under this tort, it is possible that claims for a serious invasion of privacy will only be brought by public figures and celebrities and otherwise not frequently pursued by ordinary members of the public.
In addition to the exemptions mentioned above, Part 1 of Schedule 2 severs this Schedule from the rest of the Privacy Act. One consequence of this is the interaction with vicarious liability under section 8 of the Privacy Act. Under section 8, an employer may be held liable for the conduct of its employees where the conduct occurred in the course of their employment.
In applying similar provisions in other contexts, courts have generally been hesitant to impose vicarious liability when the employee’s conduct is criminal in nature, intentional or undertaken for a purpose not connected to their employment. Therefore, even if Schedule 2 were not severed from the Privacy Act, the intentional or criminal standards of recklessness required under the tort could potentially preclude a finding of vicarious liability for employers whose employees commit serious invasions of privacy.
When we first wrote on the proposed changes to the Privacy Act, we noted there was a possibility that this new tort may result in a rise in privacy-related class actions (such as actions being brought by individuals who are affected by a significant data breach). However, a closer examination of the elements of the tort now reveals that it may be poorly suited to class action claims.
To establish a class action, all members within the group must have a claim that arises from the same, similar or related circumstances and there must be a common issue in fact or law. Several elements of the tort may present challenges for class actions following the occurrence of a data breach, including:
Although the new tort may be difficult and costly to make out, the fact that Schedule 2 permits a maximum award of damages of AU$478,550 may nevertheless serve as a significant enticement for claims to be brought, including in the event of a significant data breach that appears to have been caused by serious failings in cybersecurity practices.
The commencement of this new statutory tort for invasions of privacy on 10 June 2025 should serve as yet another reminder for organisations to review their cybersecurity practices and internal processes and procedures for handling personal information. This is particularly relevant for organisations that hold large volumes of sensitive or potentially embarrassing personal information, including health service providers, insurers and financial institutions.
We are available to assist with any queries you might have in relation to how to prepare for possible claims under this new tort.
Email me
michael.park@dentons.com
Email me
jamie.griffin@dentons.com
Email me
antonia.hudson@dentons.com
© 2025 Dentons. All rights reserved. Attorney Advertising. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. This website and its publications are not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content.
Unsolicited emails and other information sent to Dentons will not be considered confidential, may be disclosed to others, may not receive a response, and do not create a lawyer-client relationship. If you are not already a client of Dentons, please do not send us any confidential information.
You are switching to another language. Please click Confirm below to continue.
You will now be taken from the global Dentons website to the $redirectingsite website. To proceed, please click Accept.
Beijing Dacheng Law Offices, LLP (“大成”) is an independent law firm, and not a member or affiliate of Dentons. 大成 is a partnership law firm organized under the laws of the People’s Republic of China, and is Dentons’ Preferred Law Firm in China, with offices in more than 40 locations throughout China. Dentons Group (a Swiss Verein) (“Dentons”) is a separate international law firm with members and affiliates in more than 160 locations around the world, including Hong Kong SAR, China. For more information, please see dacheng.com/legal-notices or dentons.com/legal-notices.
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
Co-authored by Michael Park, Partner, Jamie Griffin, Managing Associate, and Renata Panozzo, Law Graduate
On 10 June 2025, the new statutory tort for serious invasions of privacy, as introduced under the Privacy and Other Legislation Amendment Act 2024 (Cth) (Privacy Amendment Act), will come into effect. The tort will be contained in a new Schedule 2 of the Privacy Act 1988 (Cth) (Privacy Act). This change takes effect six months after the Privacy Amendment Act received Royal Assent and after most of the first tranche of changes to the Privacy Act commenced in December 2024.
The introduction of the new statutory tort has been a longstanding privacy reform proposal in Australia and can be traced back to recommendations made in the Australian Law Reform Commission’s 2008 report, For Your Information. However, the high thresholds necessary to establish various elements of the tort may limit its utility.
The new statutory tort establishes a cause of action for individuals who have suffered a serious invasion of privacy arising from
For the tort to be actionable:
Importantly, the invasion of privacy is actionable without proof of damage.
Various definitions and interpretative provisions in the new Schedule 2 to the Privacy Act provide further guidance on the scope of this tort, including:
However, the breadth and interpretation of these elements will ultimately be a matter for the courts in any initial test cases.
A key feature of the new tort is the requirement that the contravening conduct must be either intentional or reckless. Relevantly, what constitutes being reckless is defined by reference to the meaning of that term in Schedule 1 to the Criminal Code Act 1995 (Cth) (Criminal Code).
Under section 5.4 of the Criminal Code, a person is reckless if they are aware that a substantial risk exists or will exist and, having regard to the circumstances, it is unjustifiable to take the risk but they do take that risk.
Aligning the definition of recklessness with the Criminal Code sets the standard for this element of the tort at a criminal standard of fault, which is significantly higher than that of the civil standard of negligence that may be applied to other torts. As such, plaintiffs seeking to enliven the tort will bear a significant evidentiary burden in establishing that the contravening conduct meets this higher criminal threshold.
Part 3 of the new Schedule 2 to the Privacy Act establishes exemptions to liability under the tort. Most notably, journalists and those who employ or assist journalists are exempt from liability and the new tort does not apply to otherwise privacy-invasive conduct which is carried out in the course of professional journalism. The Explanatory Memorandum to the Privacy Amendment Act states that these exemptions are designed to promote freedom of press and foster “public debate, to promote accountability and transparency, and serve as a platform for diverse opinions and voices”.
However, much like defamation law, this carve out significantly narrows the scope of potential claims against media defendants. Several existing defamation defences (including fair reporting of proceedings of public concern) are also recognised as defences to this new tort.
Given the likely costs of litigation to pursue a claim under this tort, it is possible that claims for a serious invasion of privacy will only be brought by public figures and celebrities and otherwise not frequently pursued by ordinary members of the public.
In addition to the exemptions mentioned above, Part 1 of Schedule 2 severs this Schedule from the rest of the Privacy Act. One consequence of this is the interaction with vicarious liability under section 8 of the Privacy Act. Under section 8, an employer may be held liable for the conduct of its employees where the conduct occurred in the course of their employment.
In applying similar provisions in other contexts, courts have generally been hesitant to impose vicarious liability when the employee’s conduct is criminal in nature, intentional or undertaken for a purpose not connected to their employment. Therefore, even if Schedule 2 were not severed from the Privacy Act, the intentional or criminal standards of recklessness required under the tort could potentially preclude a finding of vicarious liability for employers whose employees commit serious invasions of privacy.
When we first wrote on the proposed changes to the Privacy Act, we noted there was a possibility that this new tort may result in a rise in privacy-related class actions (such as actions being brought by individuals who are affected by a significant data breach). However, a closer examination of the elements of the tort now reveals that it may be poorly suited to class action claims.
To establish a class action, all members within the group must have a claim that arises from the same, similar or related circumstances and there must be a common issue in fact or law. Several elements of the tort may present challenges for class actions following the occurrence of a data breach, including:
Although the new tort may be difficult and costly to make out, the fact that Schedule 2 permits a maximum award of damages of AU$478,550 may nevertheless serve as a significant enticement for claims to be brought, including in the event of a significant data breach that appears to have been caused by serious failings in cybersecurity practices.
The commencement of this new statutory tort for invasions of privacy on 10 June 2025 should serve as yet another reminder for organisations to review their cybersecurity practices and internal processes and procedures for handling personal information. This is particularly relevant for organisations that hold large volumes of sensitive or potentially embarrassing personal information, including health service providers, insurers and financial institutions.
We are available to assist with any queries you might have in relation to how to prepare for possible claims under this new tort.
Email me
michael.park@dentons.com
Email me
jamie.griffin@dentons.com
Email me
antonia.hudson@dentons.com
© 2025 Dentons. All rights reserved. Attorney Advertising. Dentons is a global legal practice providing client services worldwide through its member firms and affiliates. This website and its publications are not designed to provide legal or other advice and you should not take, or refrain from taking, action based on its content.
Unsolicited emails and other information sent to Dentons will not be considered confidential, may be disclosed to others, may not receive a response, and do not create a lawyer-client relationship. If you are not already a client of Dentons, please do not send us any confidential information.
You are switching to another language. Please click Confirm below to continue.
You will now be taken from the global Dentons website to the $redirectingsite website. To proceed, please click Accept.
Beijing Dacheng Law Offices, LLP (“大成”) is an independent law firm, and not a member or affiliate of Dentons. 大成 is a partnership law firm organized under the laws of the People’s Republic of China, and is Dentons’ Preferred Law Firm in China, with offices in more than 40 locations throughout China. Dentons Group (a Swiss Verein) (“Dentons”) is a separate international law firm with members and affiliates in more than 160 locations around the world, including Hong Kong SAR, China. For more information, please see dacheng.com/legal-notices or dentons.com/legal-notices.
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
