A recent UK High Court decision determined that the misuse of private information is a tort … Sydney media law academic Dr David Rolph looks at the ramifications for the development of a privacy law in Australia
In mid-January, while a lot of the Australian legal fraternity was still enjoying its summer break and possibly contemplating the impending start of a new legal year, the High Court of Justice of England and Wales handed down a fascinating decision on privacy and internet search engines.
The issues for decision facing Justice Michael Tugendhat in Vidal-Hall v Google Inc ( EWHC 13 (QB)) were essentially procedural: should the claimants have permission to serve the originating process on Google Inc, which was based outside of the jurisdiction?
The facts of the case and some of the legal issues are interesting from an Australian perspective, particularly as it is not yet clear if or how Australian law might develop to protect personal privacy more directly.
The case concerned proceedings brought by three applicants who all used Apple devices to access the internet and all used Google services, such as its search engine, Google Maps and Gmail.
As Mr Justice Tugendhat (pic) observed, these services “are so well known that they need no description”.
The claimants complained that, when using the Google services, Google collected personal information about them, analysed it and used it to allow targeted advertisements to be directed to them.
The personal information they claimed to have been collected about them by Google was extensive, including:
(a) internet surfing habits; (b) interests, hobbies and pastimes; (c) news reading habits; (d) shopping habits; (e) social class; (f) racial or ethnic origin; (g) political affiliation or opinion; (h) religious beliefs or beliefs of a similar nature; (i) trade union membership; (j) physical health; (k) mental health; (l) sexuality; (m) sexual interests; (n) age; (o) gender; (p) financial situation; (q) geographical location”.
They framed the claims in breach of confidence, misuse of private information and contraventions of the Data Protection Act 1998 (UK).
In order to serve the originating process on Google outside the jurisdiction, the claimants had to establish that the claim was one in tort where either the damage was sustained within the jurisdiction or the act was committed within the jurisdiction, causing damage.
This turned upon whether one or more of the claims were tortious.
Mr Justice Tugendhat held, not unexpectedly, that the claim for breach of confidence was not a claim in tort.
The more interesting issue was whether the claim for misuse of private information was a claim in tort.
This cause of action has been recognised in English law as an adaptation of the equitable cause of action for breach of confidence, in order to accommodate the requirements of the European Convention on Human Rights, particularly Article 8 guaranteeing the right to a private life.
Its origins might be equitable but it has outgrown them. Its development as a freestanding cause of action is complete and the consequences of that are now being worked through.
One of the consequences is that the cause of action for misuse of private information is treated as a tort.
Lord Nicholls of Birkenhead first made this observation in Campbell v MGN Ltd  and subsequent cases have endorsed this.
Mr Justice Tugendhat’s decision in Vidal-Hall v Google is important because it is not a matter of idle taxonomy – it relates directly to a concrete legal issue.
In finding that misuse of private information was a tort, notwithstanding its equitable origins, Mr Justice Tugendhat observed that:
“History does not determine identity. The fact that dogs evolved from wolves does not mean that dogs are wolves.”
Referring to Dicey and Morris on Conflict of Laws, his Lordship noted that the authors of the learned work suggested “there is an argument for looking beyond the historical domestic divide between law and equity”.
Superior courts in Australia have demonstrated no real inclination to develop a freestanding tort of invasion of privacy, following on from the High Court’s decision in ABC v Lenah Game Meats Pty Ltd (2001).
Instead, the preference appears to be for a development of the equitable cause of action for breach of confidence to protect personal privacy.
Given the longstanding and tenacious commitment to the “divide between law and equity” in Australia, it is difficult to imagine an Australian court reaching a similar conclusion to Mr Justice Tugendhat.
In relation to whether the act was committed within the jurisdiction, Mr Justice Tugendhat found that damage was sustained from such an act.
The damage in question could be characterised as what the claimants and potentially third parties saw on the claimants” computer screens.
The publication of the targeted advertisements, derived from the private information collected by Google, arguably constituted damage.
Mr Justice Tugendhat applied the position from defamation law in relation to publication in order to find that damage occurred within the jurisdiction.
Even if the gist of the wrong was the collection of the information, that also occurred within the jurisdiction.
Mr Justice Tugendhat does not explicitly refer to any authority in relation to publication in defamation law.
The leading Australian authority on point is the High Court’s decision in Dow Jones & Co Inc v Gutnick (2002).
If an Australian court had to deal with a claim for invasion of privacy or breach of confidence based on publication, the most coherent way for it to deal with that would be treat publication in the same way it is treated in defamation law.
It is difficult to identify a principled reason why a differential approach to publication should be adopted in defamation law on the one hand and breach of confidence and invasion of privacy on the other.
Somewhat courageously, Google attempted to argue that the information in question was not private because it was anonymous.
The argument proceeded that none of its employees was able to identify any of the claimants.
Mr Justice Tugendhat found that the issue was not whether the claimants were identified but whether they were identifiable.
Given that the harm they claimed they suffered was not merely the collection of the private information but the use of it in order to send back targeted advertisements to them and that those targeted advertisements might be observable by third parties, the claimants and their private information could also then be identifiable to those third parties.
Mr Justice Tugendhat emphasised that the case before him concerned particular private information about the claimants. They were not “generic complaints”.
A lot of the case law, but not all of it, in the English courts about misuse of private information relates to claims being brought against the mainstream press.
That gives the privacy law that has developed a certain flavour.
However, media intrusion upon privacy is not the only form of invasion of privacy.
Indeed, it is not the form of invasion of privacy that the majority of people would be most concerned about. Anxiety about the aggregation and retention of data by governments and corporations is widespread.
How the English courts deal then with the underlying claim in Vidal-Hall v Google will be interesting to observe.
There is a difficult balance to be struck between people’s expectations about their private information and their reliance upon free and convenient internet services.
Dr David Rolph lectures in media law at the University of Sydney Law School and is the editor of the Sydney Law Review. He is the author of Reputation, Celebrity and Defamation Law (Ashgate 2008).
This article was originally published in the Gazette of Law and Journalism, Australia’s leading online media law publication.