There are growing concerns in the community about privacy breaches involving remotely piloted aircrafts (“RPA”), commonly known as drones. RPA have the ability to intrude on a person’s private activities intentionally, through deliberate surveillance, or unintentionally, in the course of other activities such as aerial photography, and search and rescue. The rapid improvement in drone technology has increasingly enabled RPA to become commercially available for use by private individuals. As a consequence, it has left Australia’s current privacy law regime inadequate to specifically deal with RPA. While there is yet to be any litigation involving RPA in Australia, it appears only a matter of time before we see the first case.
Australia’s Legislative Privacy Regime
The main Australian statute dealing with privacy breaches is the Commonwealth Privacy Act 1988. While the Privacy Act applies to most Australian federal government agencies and most private organisations, it does not provide comprehensive privacy protection for Australians. The Privacy Act does not apply to a number of groups, including small businesses with an annual turnover of less than $3 million, political organisations, media organisations, and individual citizens acting in their personal, family or household affairs. Moreover, the Privacy Act would be considerably ineffective against invasive use of RPA because it focuses on data protection rather than behavioural privacy indiscretions .
The Commonwealth Surveillance Devices Act 2004 regulates the lawful use of surveillance devices by Federal law enforcement agencies. However, the prohibitions on the use of surveillance devices for the general public are left to the relevant State and Territory statutes. It is conceivable that RPA could fall within the scope of the Commonwealth Surveillance Devices Act under the definitions of ‘optical surveillance device’ or ‘listening device’. However, this statute was drafted without consideration of the capabilities of modern mobile surveillance devices. Consequently, applying the statute to such cases may be encumbered by the unique characteristics of drones. Moreover, the statute is extremely limited in that it is unconcerned with privacy breaches by ordinary citizens.
In Western Australia, the Surveillance Devices Act 1998 (“WA Act”) prohibits the use of listening and optical surveillance devices by a person to monitor or record someone engaged in ‘private activity’. Although this statute was introduced to, among other things, provide protection against child abuse and voyeurism, it may nonetheless provide some protection against invasive RPA use. ‘Private activity’ is defined as:
[A]ny activity carried on in circumstances that may reasonably be taken to indicate that any of the parties to the activity desires it to be observed only by themselves, but does not include an activity carried on in any circumstances in which the parties to the activity ought reasonably to expect that the activity may be observed.
Put simply, if a person is in a place that is publicly accessible and there is no way of visually obscuring the private activity, such as a door or even a bush, it is unlikely that the private activity will be classified as such. Unlike the equivalent definition under the Victorian statute, the WA definition of ‘private activity’ clearly contemplates private activities taking place outdoors, such as backyard sunbathing. Further, unlike some other surveillance statutes from other jurisdictions, the WA Act makes exception for the inadvertent recording of private behaviour that may occur incidentally by the lawful use of RPA, such as aerial photography. As a result, a person cannot be penalised for the operation of an RPA resulting in the unintentional monitoring or recording of a private activity.
While the WA Act appears to more capable of dealing with RPA privacy breaches than equivalent statutes in other jurisdictions, it certainly has its limitations. Importantly, a breach of the WA Act is a criminal offence. This means that for a person to be found to be in breach, the offence must be proven ‘beyond all reasonable doubt’ – a far higher standard than the civil standard, ‘on the balance of probabilities’. Furthermore, it will be up to the State prosecutors to sue and convict any perpetrator rather than the person whose privacy was breached. Consequently, that person has little action in his or her right. This includes the lack of injunctive relief and the burden of having to pursue criminal damages for any compensation following a prosecution.
Outside the statutory regime, there are a number of common law torts that may redress invasions of privacy. For example, trespass or private nuisance may, depending on the circumstances, be available for causes of action against intruding RPA operators. However, these torts are untested in RPA scenarios and, in any case, are unlikely to provide reliable protection because they emerged well before the development of drone technology.
The right to sue for trespass is not limited to interferences at the ground level alone. It also extends to intrusions of the air space above the land. While this does not extend to the heavens, an intruder may be liable in trespass where the intrusion was within a height necessary for the ‘ordinary use and enjoyment of the owner’s land’. It was on this basis that the Court in Bernstein v Skyviews & General Ltd found that no trespass was committed by a Cessna aircraft flying over the plaintiff’s property to take an aerial photograph of that property. This means that where an RPA is operating at a height greater than what would be necessary for the ordinary use and enjoyment of the land, there would be no recourse in trespass.
The application of trespass in these circumstances is further burdened due to the requirement for the plaintiff to have the requisite title over the land to sue in trespass; however, this is not limited to ownership and can extend to exclusive possession of the land. This means that visitors on another person’s private premises and people in public spaces would not be protected by trespass. Additionally, a landowner would have no recourse to trespass in circumstances where an RPA spied on his/her property, but remained in the airspace of a neighbouring property.
There have been cases were the deliberate surveillance and recording of a neighbour has been held to be an unreasonable interference with a plaintiff’s enjoyment of land and therefore held to be a breach of private nuisance. In relation to RPA, Griffiths J in Berstein suggests that persistent surveillance of a person’s property by aircraft may be actionable as private nuisance. However, it has been suggested that something additional is required in order to establish private nuisance; that is, ‘besetting’ alone is not enough. In this regard, it may be necessary for an RPA intruder to combine persistent surveillance with noise, for example, in order to be in breach of private nuisance. What is ‘unreasonable interference’ will, of course, ultimately come down to the individual circumstances of the case.
Private nuisance does have some advantages over trespass in terms of dealing with RPA privacy invasions, such as the fact that the breach may take place from a neighbouring property. However, while it is theoretically plausible to cover some instances of intrusive RPA use, it remains inadequate to conclusively deal with RPA. Like trespass, a person will need to have the requisite interest in the land (that is, possession or an immediate right to possession) in order to sue for private nuisance. Consequently, private nuisance would be unavailable for a visitor on private premises.
Moving away from tortious causes of action, the High Court in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd overturned the long-standing position in Australia that the common law provided no protection for personal privacy. This understanding was based on comments made obiter in the High Court case of Victoria Park Racing and Recreation Grounds Co Ltd v Taylor. Lenah Game Meats found the position adopted in Victoria Park to be incorrect and that there was no impediment preventing Australian Courts from creating a cause of action for invasions of privacy. Indeed, Callinan J asserted:
It seems to me that, having regard to current conditions in this country, and developments of the law in other common law jurisdictions, the time is ripe for consideration whether a tort of invasion of privacy should be recognised in this country, or whether the legislatures should be left to determine whether provisions for a remedy for it should be made.
As recently as July 2014, the House of Representatives Standing Committee on Social Policy and Legal Affairs (“Committee”) issued a report urging the Australian government to update Australia’s privacy law to keep up to date with the proliferation of RPA. Among the Committee’s recommendations is to introduce new legislation to protect citizens against privacy-invasive technologies, including RPA. Specifically, the Committee proposes the creation of a tort of serious invasion of privacy to deal with the gaps and limitations in Australia’s existing privacy law. This idea was put forth by the Australian Law Reform Commission (“ALRC”) in 2008 and has since been further endorsed by, amongst others, the Law Institute of Victoria and the New South Wales Law Reform Commission.
In the ALRC formulation, liability for a serious invasion of privacy would arise in circumstances where there was a reasonable expectation of privacy and the act or conduct complained of would be highly offensive to a reasonable person of ordinary sensibilities. As possible examples for activities that could constitute an invasion of privacy, the ALRC listed:
- interference with an individual’s home or family life;
- unauthorised surveillance of an individual;
- interfered with, misused or disclosed correspondence; and
- disclosure of sensitive facts relating to an individual’s private life.
Further, the proposed cause of action would only be available to individuals and be restricted to intentional or reckless acts on the part of the defendant. There would also be no need to demonstrate proof of damage and the cause of action would be subject to a number of exhaustive defences, including:
- The act or conduct was incidental to the exercise of a lawful right of defence of person or property;
- The act or conduct was authorised or required by law;
- Disclosure of the information was of public interest or was fair comment on a matter of public interest; or
- Disclosure of the information was privileged under defamation law.
Some of the main arguments against the ALRC’s proposal included that:
- There is no need to change Australia’s current privacy law regime;
- The proposed law would interfere with other rights, especially the right to freedom of expression and freedom of the press;
- The proposed law would impose further restrictions on those parties already subject to the Privacy Act; and
- Any cause of action would be best developed incrementally at common law.
Clearly, the ALRC formulation took into account a broader range of privacy considerations rather than just the threat of RPA. Nonetheless, this proposed statutory cause of action appears to be a positive step to help allay the concerns of the public in relation to RPA and has generally received positive feedback from stakeholders.
It is clear that Australia’s privacy laws are not ready for drones. Worryingly, as technology continues to improve, the use of RPA will only continue to increase. Given the direction other countries’ laws are progressing in relation to privacy concerns, it is somewhat surprising that the Australian legislature and judicature have not been more proactive in responding to potential privacy issues resulting from RPA and other technologies. A new statutory cause of action, as proposed by the ALRC, will go some way to redressing these concerns. Any new law will also have to deal with the other privacy challenges of new technologies, such as the unintended consequences of technology, such as company smart phones, that enable corporations to take, store and use digital footage.
This is general information only, and does not constitute specific legal advice. If you would like further information in relation to this matter or other legal matters please contact our office on Freecall 1800 609 945 or email us now.
 See for example: Rod Chester, Parrot’s new range of toy drones aimed at teenagers raise privacy concerns (2 October 2015) News.com.au <http://www.news.com.au/technology/gadgets/parrots-new-range-of-toy-drones-aimed-at-teenagers-raise-privacy-concerns/story-fnda1lbo-122698223260>
 Section 6 – “any device capable of being used to record visually or observe an activity, but does not include spectacles, contact lenses or a similar device used by a person with impaired sight to overcome that impairment.”
 Section 6 – “any device capable of being used to overhear, record, monitor or listen to a conversation or words spoken to or by any person in conversation, but does not include a hearing aid or similar device used by a person with impaired hearing to overcome the impairment and permit that person to hear only sounds ordinarily audible to the human ear”
 Surveillance Devices Act 1998 (WA), s3.
 Ibid, s6(2)(e)
 Bernstein v Skyviews & General Ltd  QB 479 (“Bernstein”).
 Bury v Pope (1586) Cro Eliz 118; 78 ER 375.
 Above n6, 488.
 Raciti v Hughes (1995) 7 BPR 14,837.
 Above n2, 489.
 Ward, Lock & Co Ltd v Operative Printers Assistants’ Society (1906) 22 TLR 327, 329.
 Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199 (“Lenah Game Meats”).
 Victoria Park Racing and Recreation Grounds Co Ltd v Taylor (1937) 58 CLR 479, 496 (latham CJ), 521 (Evatt J) (“Victoria Park”).
 Lenah Game Meats, above n13, 328.
 House of Representatives Standing Committee on Social Policy and Legal Affairs, Parliament of the Commonwealth of Australia, Eyes in the Sky: Inquiry into Drones and the Regulation of Air Safety and Privacy (2014).
 Ibid 45.
 Australian Law Reform Commission, For Your Information: Australian Privacy Law and Practice, Report No 108 (2008) 88.
 Law Institute of Victoria, Issues Paper: A Commonwealth Statutory Cause of Action for Serious Invasion of Privacy, (2011) 4.
 New South Wales Law Reform Commission, Invasion of Privacy, Report No 120 (2009) 4-5.
 Above n18, 74.83.
 Ibid 74.81.