House of Representatives hands down report on drones, “Eyes in the Sky”
July 14, 2014 |
House of Representatives Standing Committee on Social Policy and Legal Affairs has handed down the report Eyes in the Sky, based on its inquiry into drone technology. It is a comprehensive report which hands down some very useful and sensible recommendations. Including Recommendation 3 which recommends legislation which provides protection against privacy invasive technologies. It goes further and recommends creating a tort of serious invasion of privacy. It is the latest in a long line of committees and Commissions to come to the conclusion, the inevitable logical conclusion, that there is a serious gap in Australia’s legal protections and a tort of privacy is required to fill that gap. Governments of both persuasions have been avoided, ignored or just plain danced on the spot on the issue and abrogated their responsibilities. But the technology develops at a pace and the issue looms large as a practical problem for more than academics.
The Committee’s press release provides:
New privacy laws might be needed to protect against a wave of ‘eyes in the sky,’ according to a Federal Parliamentary Committee.
Australia’s drone industry is booming thanks to rapidly improving technology that has made drones cheaper, more capable and easier to operate. Even as drones are poised to revolutionise the farming, mining, science, media and other industries, they also pose a real threat to privacy. Drone safety has also become a prominent concern, with numerous injuries and near-misses reported across Australia.
The House Standing Committee on Social Policy and Legal Affairs says that Australia’s existing privacy laws do not protect Australians’ privacy from drones. The Committee’s new report Eyes in the sky: Inquiry into drones and the regulation of air safety and privacy calls on the Australian government to modernise and simplify Australia’s privacy laws to protect against potentially invasive new technologies like drones. Current plans to update airspace regulation will improve safety, but the Committee calls for frequent review of regulations to keep pace with the rapid development of drone technology.
The Committee’s report, tabled today in Parliament, draws on evidence from industry groups, privacy experts and government agencies heard at two roundtable discussions and a number of public hearings earlier this year. The report makes six recommendations, calling for:
- the Australian government to consider legislating for a tort of privacy, as proposed in the discussion paper of the Australian Law Reform Commission’s Inquiry into Serious Invasions of Privacy in the Digital Era
- modernised and nationally-uniform laws regulating the use of surveillance devices, including drones
- a review of the laws regulating police use of surveillance drones
- an education campaign to inform drone users about privacy and air safety laws
- improved consultation regarding the effectiveness of air safety laws, and
- future reviews of privacy and air safety laws to keep up with developments in technology.
Committee Chair Mr George Christensen MP said that the inquiry had revealed gaps in Australia’s privacy laws leaving Australians at risk. ‘Drones are coming – the technology is here and it is only a matter of time before they become widespread,’ Mr Christensen said. ‘Drones will revolutionise some industries, with a wide range of beneficial uses. All the same, we must set out clear rules that govern how the police, governments, businesses and members of the public use drones.’
The recommendations in detail provide:
3 Safety in the air
Recommendation 1
The Committee recommends that the Australian Government, through the Civil Aviation Safety Authority, broaden future consultation processes it undertakes in relation to remotely piloted aircraft regulations so as to include industry and recreational users from a non- aviation background.
Future consultation processes should identify and seek comment from peak bodies in industries where remotely piloted aircraft use is likely to expand such as real estate, photography, media, and agriculture, amongst others.
4 Drones and privacy
Recommendation 2
The Committee recommends that the Australian Government, through the Civil Aviation Safety Authority (CASA), include information on Australia’s privacy laws with the safety pamphlet CASA currently distributes to vendors of remotely piloted aircraft. The pamphlet should highlight remotely piloted aircraft users’ responsibility not to monitor, record or disclose individuals’ private activities without their consent and provide links to further information on Australia’s privacy laws.
Recommendation 3
The Committee recommends that the Australian Government consider introducing legislation by July 2015 which provides protection against privacy-invasive technologies (including remotely piloted aircraft), with particular emphasis on protecting against intrusions on a person’s seclusion or private affairs.
The Committee recommends that in considering the type and extent of protection to be afforded, the Government consider giving effect to the Australian Law Reform Commission’s proposal for the creation of a tort of serious invasion of privacy, or include alternate measures to achieve similar outcomes, with respect to invasive technologies including remotely piloted aircraft.
Recommendation 4
The Committee recommends that, at the late-2014 meeting of COAG’s Law, Crime and Community Safety Council, the Australian Government initiate action to simplify Australia’s privacy regime by introducing harmonised Australia-wide surveillance laws that cover the use of:
- listening devices
- optical surveillance devices
- data surveillance devices, and
- tracking devices
The unified regime should contain technology neutral definitions of the kinds of surveillance devices, and should not provide fewer protections in any state or territory than presently exist.
Recommendation 5
The Committee recommends that the Australian Government consider the measures operating to regulate the use or potential use of RPAs by Commonwealth law enforcement agencies for surveillance purposes in circumstances where that use may give rise to issues regarding a person’s seclusion or private affairs. This consideration should involve both assessment of the adequacy of presently existing internal practices and procedures of relevant Commonwealth law enforcement agencies, as well as the adequacy of relevant provisions of the Surveillance Devices Act 2004 (Cth) relating but not limited to warrant provisions.
Further, the Committee recommends that the Australian Government initiate action at COAG’s Law, Crime and Community Safety Council to harmonise what may be determined to be an appropriate and approved use of RPAs by law enforcement agencies across jurisdictions.
Recommendation 6
The Committee recommends that the Australian Government coordinate with the Civil Aviation Safety Authority and the Australian Privacy Commissioner to review the adequacy of the privacy and air safety regimes in relation to remotely piloted aircraft, highlighting any regulatory issues and future areas of action. This review should be publicly released by June 2016.
Chapter 4 relating to the consideration of the privacy issues provides an interesting recap of the legal issues and the weaknesses in the legal protections.
It provides (absent footnotes):
Drones and privacy
4.1 Remotely piloted aircraft (RPAs) have the potential to pose a serious threat to Australians’ privacy. They can intrude on a person’s or a business’s private activities either intentionally, as in the case of deliberate surveillance, or inadvertently in the course of other activities like aerial photography, traffic monitoring or search and rescue. As RPAs become cheaper and more capable, and as the instruments they carry become more sensitive, they will provide governments, companies and individuals with the cost-effective capability to observe and collect information on Australians, potentially without their knowledge or consent.
4.2 This chapter will examine Australia’s existing regulatory environment in relation to RPAs and privacy and examine issues to be taken into consideration to ensure that Australian privacy laws adequately address the risks posed by RPAs.
A ‘fractured landscape’ – RPAs and privacy laws
4.3 Australia’s privacy regime is complex. There is a range of Commonwealth, State and Territory statutes and common law principles. However, the laws are complex, at times outdated by emerging technology, and significant variations exist between jurisdictions. The Committee has heard Australia’s privacy regime variously described as a ‘fractured landscape’, or a ‘patchwork of laws’. The following section provides a brief overview of the legal principles relevant to RPAs and privacy.
4.4 Just as it is critical to ensure that RPA use does not compromise public safety, so RPA use should not compromise the privacy of individuals or businesses. The capacity of RPAs to enter private property, to travel unnoticed, and to record images and sounds which can be streamed live create significant opportunities for privacy breaches.
4.5 Research by the Australian Privacy Commissioner shows that Australians’ concern for their privacy has remained high in an environment where there are a growing number of ways in which it can be breached. Mr Timothy Pilgrim, the Privacy Commissioner, told the Committee that:
our community research, that we undertake every three to four years, consistently shows that the community remains concerned about what is happening with their personal information. The community is concerned to make sure that there are protections in place for that personal information. So rather than seeing it becoming an issue that is dying, as some commentators have said in the past, it is actually a constant within the community.
4.6 Like any new technology, RPAs have both positive and negative applications. In considering how to address the potential privacy issues RPA use might raise, Mr Pilgrim said:
With such a new technology, the question comes down to how its use is going to be regulated. What are the ways in which it can be regulated so that we can still achieve the benefits that the technology can bring, at the same time as making sure that people have a right of recourse or a remedy if they believe their privacy has been invaded by misuse of those technologies?
4.7 The Commonwealth Privacy Act 1988 (the Privacy Act) provides a number of privacy protections to the Australian public. It is intended to ensure Australians are provided with information on, and some degree of choice about, the collection and use of their personal information by governments and large businesses.
4.8 The Privacy Act sets out thirteen privacy principles which govern how organisations should collect information, how they should manage it, and the circumstances under which it can be disclosed. Ms Angeline Falk of the Office of the Australian Information Commissioner described the Act as ‘a set of principles that focuses on transparency in the way in which personal information is collected’.
4.9 The Privacy Commissioner, Mr Pilgrim, told the Committee that:
The federal Privacy Act applies to most Australian government agencies at the federal level and many private sector organisations. It does set an overarching set of principles that those entities must comply with in how they collect, use, disclose, provide access to and secure personal information as part of their roles.
4.10 However, the Privacy Act does not provide Australians with comprehensive privacy protections. As Mr Andrew Walter from the Attorney-General’s Department (AGD) noted ‘[t]he Privacy Act does not apply to the collection and use of personal information by private citizens and does not provide overarching privacy protection for the individual’.
4.11 The Act contains exemptions for a number of groups. As such, the Privacy Commissioner noted that small businesses (with an annual turnover of less than $3 million), political organisations, media organisations, and individual citizens acting in the course of their personal, family or household affairs are not subject to the privacy principles.
4.12 In addition to the limitations to the Privacy Act created by its exemptions, the Act is not intended to protect against intrusions into Australians’ private seclusion. Dr Roger Clark from the Australian Privacy Foundation said:
we identify privacy of personal behaviour … as the interest that people have in not being intruded upon by undue observation or interference with their activities, whether or not data is collected— after which it would then move into another space.
When we look at the Privacy Act … it is all but irrelevant to behavioural privacy protection. It was designed that way; it was designed to deal with data protection only.
4.13 Therefore the Privacy Act offers substantial privacy protections in certain circumstances, but there are a number of situations in which it may not protect Australians against the invasive use of RPAs.
4.14 Mr Pilgrim noted that many States and Territories have privacy laws of their own, but that most of these are limited in much the same way as the Federal Act:
there are a series of privacy laws within a number of the states and territories. These generally apply to the activities of state and territory government agencies as well, and tend to be limited to those entities.
4.15 There are a range of additional laws that may protect against invasive or inappropriate use of RPAs. For example, each State and Territory has legislation that may make it illegal in certain circumstances to use a surveillance device to record or monitor private activities or conversations via listening devices, cameras, data surveillance devices or tracking devices.
4.16 The Commonwealth Surveillance Devices Act 2004 regulates the lawful use of surveillance devices by Federal law enforcement agencies but, according to Ms Catherine Smith from AGD, ‘does not contain prohibitions on the use of surveillance devices’. Those prohibitions are found in the relevant State and Territory statutes, which, according to AGD, are inconsistent:
These prohibitions on surveillance devices are found in the laws of the states and territories. We understand that the states and territories approach their surveillance devices prohibition laws differently. Also, the committee has heard that not all states have prohibited the use of all kinds of surveillance devices.
4.17 The Committee has heard that, in addition to varying between jurisdictions, in some cases these laws are outdated. According to Professor Des Butler:
There are four of our jurisdictions that have surveillance devices laws. Four of our jurisdictions have listening devices statutes that are simply not appropriate for the 21st century, and they really do need to have a look at what they are doing. Even within the surveillance devices statutes they are inconsistent.
4.18 AGD informed the Committee that the use of RPAs as surveillance devices is already regulated, since they fall within the definition of ‘optical surveillance device’ or ‘listening device’ in the Commonwealth Surveillance Devices Act. However, Ms Catherine Smith from AGD noted that the Surveillance Devices Act was written to cover the use of surveillance devices physically attached to property, and did not envisage the use of mobile surveillance systems like RPAs. Ms Smith said that ‘it would be of benefit’ to review this legislation ‘in the future as technology develops’.
4.19 In addition to surveillance laws, some States and Territories have laws which make photography for indecent purposes a criminal offence, or which prohibit observing or filming a person in a private place or when that person is engaging in a private act. These laws, though they were introduced with the intention of protecting against child abuse or voyeurism, may nonetheless provide limited privacy protection against invasive RPA use.
4.20 There are also a range of State and Territory stalking and harassment statutes that may be used to protect against privacy breaches caused by RPA users, though again these are not consistent across jurisdictions.
4.21 Finally, there are a number of common law torts which may also be relevant to RPA use. For example the torts of trespass, nuisance or breach of confidence may be available to people whose privacy has been invaded by RPAs, depending on the circumstances.
4.22 However, given that these principles emerged well before the development of RPA technology and in response to substantially different circumstances, they do not provide reliable protection against inappropriate RPA use.
Possible shortcomings of the current privacy regime
4.23 The previous section briefly outlined the range and complexity of the privacy laws that may apply in relation to RPAs. The Committee heard that this complexity has a number of unfortunate effects – in particular that: it may hinder access to remedies for breaches of privacy; RPA operators may face difficulties in complying with the law; and gaps in the law may exist which could need to be addressed. The following section discusses these concerns.
Uncertainty and access to remedies
4.24 The complexity of privacy laws generates considerable uncertainty as to the law’s scope and effect. Evidence suggested that Australia’s current privacy laws may not be sufficient to cope with the explosion of technologies that can be used to observe, record and broadcast potentially private behaviour. The Privacy Commissioner told the Committee that:
there are a number of laws that, in one form or another, do regulate the handling of personal information. First of all, what I do not think we do have—and I would be the first to admit this from my position—is a completely clear understanding of whether those laws as they currently exist are going to do the job, or whether, because of the patchwork nature of some of those laws, there are going to be gaps which need to be filled when we take into account how these new technologies can be used within the community.
4.25 In addition, Professor McDonald from the ALRC argued that lack of uniform laws negatively affects Australians’ privacy protections:
In terms of the surveillance laws, that has been a very common response we have had from people—that uniformity across state boundaries is very highly valued. At the moment the lack of uniformity means that there is insufficient protection of people’s privacy, because people do not know what is against the law and what is not.
4.26 In the same vein, Professor Des Butler noted that the lack of clarity in the law makes it more difficult for people who feel their privacy has been invaded to complain:
when you look at these various laws, it is a complex and messy thing anywhere … That needs to be addressed and then, in addition, people need to be able to have some understandable means of complaint—easy means of complaint—when these things start to take off, so to speak.
4.27 Simple and clear ways to seek redress are particularly important in relation to privacy, since the very nature of privacy breaches may make people reluctant to seek remedies. As Professor Butler noted:
part of the problem with any sort of breach of privacy is that a person who then seeks to get some sort of reparation for breach of privacy in fact breaches their own privacy again. So people may be reluctant to complain simply because it reignites the whole deal.
4.28 While these issues are not specific to RPAs, the capability and increased use of RPAs test the privacy regime by increasing the likelihood of privacy breaches.
Burden on industry
4.29 In addition to the difficulties individuals may face in seeking remedies for inappropriate RPA use, Australia’s complex privacy environment may also cause problems for RPA operators. Dr Reece Clothier, speaking for the Australian Association of Unmanned Systems, argued that in addition to privacy protections being inadequate industry faces a substantial regulatory burden:
we believe there is not much protection for the rights of the individual in terms of privacy in this country at the moment and that there is a patchwork of legislation across this country that is very difficult to navigate from the perspective of industry.
4.30 Professor McDonald noted the difficulties faced in particular by media organisations:
it is also insufficient protection for organisations like those in the media, because they find it difficult to know what they are doing, and if they operate—as all media now do—across state boundaries, they can be breaking the law in one state and cross over a boundary and they are not breaking the law. So that clearly makes law much more complex.
4.31 Journalist Mark Corcoran likewise highlighted the difficulties faced by media organisations as a result of Australia’s privacy patchwork:
There is a whole range of different laws in different states. That is where I think some of the media lawyers get sent grey before their time, trying to figure that out on a state-by-state basis.
4.32 In this environment, the Committee heard that some RPA businesses and industry groups have adopted voluntary privacy policies. Insitu Pacific, which as a Boeing subsidiary is one of Australia’s largest RPA companies, has done so. Mr Damen O’Brien, Insitu’s Senior Contracts Manager, said that:
Insitu Pacific understands and gets that there is a real concern out there about privacy … we have a privacy policy. It is a set of principles which align very closely with the privacy act and which deal with what we understand privacy to be.
4.33 Mr Brad Mason from the Australian Certified UAV Operators Association (ACUO) said that ACUO was in the process of developing a privacy policy. Mr Mason said that many of ACUO’s members already have privacy policies in place:
A lot of our members already adopt a privacy policy. If it is deemed that privacy may be an issue, then we will approach the people who may be affected and at least give them an opportunity to have their say, or voice their concerns or opinions before we actually put an aircraft in the air.
4.34 The implementation of voluntary codes of conduct and privacy policies by commercial RPA operators is a commendable response to public concern about the potential for invasive RPA use. However, regulatory change may ultimately be necessary to address the issue of privacy-invasive technologies.
Gaps in the law
4.35 Existing laws may not be sufficient to cope with the specific privacy issues widespread RPA use might raise. For example, many State surveillance acts may not provide for inadvertent recording of private behaviour. This could create uncertainty for RPA operators in a range of contexts – for example aerial photography, survey or emergency management.
4.36 In relation to this Mr Rodney Alder, representing the Australasian Fire and Emergency Service Authorities Council, said that:
my understanding at least with some of the state legislation … [is] that the offence is actually committed at the time of the recording
… One of the most probable applications for UAVs is rapid damage assessments. So immediately after a fire or some other incident, it is a niche UASs can clearly operate in. There is a potential for inadvertent privacy breaches in that situation.
4.37 In addition, the Committee notes that Australia’s existing surveillance laws were written before the development of current RPA technology. While in some cases they are written in technology neutral language, and therefore may still apply to the use of RPAs, widespread RPA use and their developing capabilities may nonetheless require a reassessment of current laws.
4.38 For example, while the use of listening devices is tightly regulated, according to the Commonwealth Surveillance Devices Act 2004, police may use RPAs as optical surveillance devices without a warrant so long as they do not enter onto premises without permission, or interfere with any vehicle or thing without permission.
4.39 As such, it was suggested that law enforcement agencies could deploy cheap and widespread aerial surveillance capability without requiring a warrant. The Committee notes that both the AFP and the Queensland Police have indicated that at present they have no plans to use RPAs for surveillance purposes.While these responses are reassuring, the regulatory gap remains a concern. This is an issue where technology appears to have surpassed situations envisaged when the relevant regulations were drafted, and confirms the need for regulatory review.
Private surveillance
4.40 While many of the issues raised by roundtable participants highlight problems that may arise in the future, the Committee notes that RPA use by animal rights groups has already brought the complexities of RPA use and privacy into focus. At its first roundtable, the Committee heard debate about the extent to which Australia’s privacy laws should protect farmers from unauthorised use of RPAs to monitor farming facilities.
4.41 The Committee is aware of media reports that animal protection groups have used RPAs to monitor agricultural facilities without their owners’ consent, with the intention of exposing animal cruelty or evidence of inaccurate claims about farms’ free-range status.
4.42 Some farming groups do not consider the use of RPAs by activist groups to be appropriate. Ms Deborah Kerr of Australian Pork Limited said that:
our view would be that it is not the role of activist organisations to actually undertake those activities. We would prefer to see the appropriate regulators who are accorded the relevant authority to investigate those matters actually able to undertake those activities. We certainly would not be supporting activists to be undertaking drone activities above our producers’ properties.
4.43 Ms Kerr noted that that many farmers consider their production facilities to be private spaces:
In fact, many of them would feel similar to what homeowners feel if they had been burgled: they would feel that they had been traumatised and that they had been invaded; they would feel dirty and that their staff had been put at risk. So dealing with the issue of privacy is a high priority.
4.44 Voiceless, an Australian think tank which aims to raise awareness of animal cruelty, told the Committee that undercover investigations have revealed animal neglect, cruelty and illegal activity on some farms in the past. RPA surveillance could help reduce that activity:
surveillance assists with reducing the rate of contravention of animal welfare regulations in our view, and it can be used not only by animal protection groups but also by enforcement arms like the police or the RSPCA in each state or territory, or the Animal Welfare League in New South Wales, to monitor and therefore enforce animal protection legislation.
4.45 Academic Mr Geoff Holland noted that surveillance of factory farming facilities has been effective in exposing illegal activity in the past:
A number of prosecutions of farms where there has either been mistreatment of animals or prosecutions under the Australian Consumer Law, the Trade Practices Act, has arisen because of information obtained either through static cameras that have been installed or, more recently, through the use of drones, particularly in the areas with the ACCC taking action for farmers or producers of both meat and eggs that are claiming that they were free range, or raised under certain conditions, and yet the surveillance showed that that was false.
4.46 The potential of RPAs to unobtrusively gain footage of illegal activities is enormous, and their use is obviously attractive to certain lobby groups. However, as with enforcement agencies, the unfettered use of RPAs to undertake surveillance operations and monitor the activities of an individual or a company is not consistent with the intent of privacy laws.
4.47 If technology has now enabled situations not considered when aspects of privacy and surveillance laws were drafted, then there is a pressing need to review the current regime and its adequacy to respond to RPA use.
Prospects for reform
4.48 The issues outlined above illustrate that RPAs can give rise to significant privacy concerns. However, roundtable participants emphasised that RPAs are just one of many emerging technologies that have the potential to seriously affect privacy in Australia. Any reform of Australia’s privacy laws, they argued, should address the issue of privacy without focusing on specific technologies.
4.49 In the first place, the use of RPAs is likely to prove extremely difficult to regulate. CASA’s Mr John McCormick noted that if and when large numbers of Australians begin purchasing consumer-level RPAs, CASA is unlikely to be able to regulate their use:
From CASA’s point of view, if we now try to do something to say that you cannot operate a lightweight UAV unless you tell us— leaving aside the grey area of the model aircraft—when it becomes something that is commercially viable I would be in a situation of writing of regulation that I know I cannot enforce. That is bad law.
4.50 Further, RPAs are one among a large number of new technologies that may impact on Australians’ privacy. Journalist Mr Mark Corcoran noted that while RPAs provide ‘phenomenal capability’ to media organisations, other new technologies exist which might be used to invade people’s privacy:
this is absolutely a surveillance technology, but I would argue that there are an equal number of other new technologies available that are equally invasive.
4.51 Similarly, Dr Reece Clothier argued that, instead of focusing on the privacy threats posed by RPA use, it is necessary to take a broader view of how privacy is affected by technological advances:
We need to step away from this idea that it is a specific piece of technology or a specific device and say, ‘Let’s protect the interests of privacy’ … Google Glass is a much more invasive technology that every person is going to be wearing in the next five years. So whether it is drones, Google Glass or the fact that I can collect metadata on your Facebook account and marry that up with your LinkedIn and actually track your movements, it is your personal information … it is an issue much broader than unmanned aircraft.
4.52 The Australian Privacy Foundation argued that, while RPAs give rise to some unique policy and legal problems, they highlight the inadequacies of Australia’s current privacy and surveillance laws:
the biggest problem is not drones per se; drones exacerbate existing massive deficiencies in surveillance law in Australia and
… we need to separate out those issues and solve the problems where the problems are.
4.53 Dr Clothier also argued that any reform undertaken to address the privacy issues caused by RPAs should be carried out carefully:
I would hate to see legislation put in place that hamstrings the many beneficial applications of this emerging aviation industry and its flow-on effects for mining, agriculture, surf-lifesaving— everything—through a piece of legislation that is chasing the 0.0003 per cent of people or organisations that will misuse it.
A tort of privacy
4.54 The Committee notes that the Australian Law Reform Commission (ALRC) is conducting an inquiry into serious invasions of privacy in the digital era and has proposed that the Australian Government create a tort for serious invasion of privacy. Such a tort may serve to address some of the gaps and limitations in Australia’s existing privacy law.
4.55 The Commission began its inquiry in June 2013 after a referral from then Attorney-General the Hon Mark Dreyfus QC MP. The inquiry’s terms of reference require the ALRC to consider the prevention of, and remedies for, serious invasions of privacy in the digital era. The ALRC’s inquiry was undertaken in response to:
the rapidly expanded technological capacity of organisations not only to collect, store and use personal information, but also to track the physical location of individuals, to keep the activities of individuals under surveillance, to collect and use information posted on social media, to intercept and interpret the details of telecommunications and emails, and to aggregate, analyse and sell data from many sources.
4.56 The ALRC released an issues paper on 8 October 2013 and invited submissions from interested parties. After a first round of submissions, the Commission released a discussion paper at the end of March 2014 which contained proposed recommendations. Further submissions, to a total of more than 120, have since been received. The Commission’s inquiry has been of considerable breadth and depth.
4.57 In its discussion paper, the ALRC proposed the creation of an action in tort for serious invasion of privacy. The proposed tort would be created by a Commonwealth Act and would define two types of fault – intrusion upon a person’s seclusion or private affairs, and misuse or disclosure of private information. The tort would be confined to intentional or reckless invasions of privacy, and would only apply where a person had a reasonable expectation of privacy.
4.58 The ALRC further proposed that the cause of action should only be available where the invasion of privacy is determined to be serious, and that the courts should balance a person’s right to privacy against competing principles – including freedom of expression (especially freedom of political communication), press freedom, open justice, public health and safety, and national security.
4.59 The ALRC has also proposed that the various pieces of Australian surveillance and workplace surveillance legislation should be harmonised. These changes, if enacted, would address a number of issues with Australia’s privacy regime which have been identified in the course of this inquiry.
4.60 The ALRC is required to present its report to the Attorney-General, Senator the Hon George Brandis QC, by 30 June 2014. The Attorney- General has 15 sitting days in which to table the report in Parliament. This would require the report to be released by September 2014. A timetable for a Government response to the ALRC has not been established.
Committee comment
4.61 RPA use raises serious privacy issues for Australians, and the problem will deepen as RPAs become cheaper and the cameras and sensors they carry become more sensitive. Given the ease with which RPAs can be bought locally, or imported, it will be very difficult to enforce regulatory compliance. Media reports indicate that RPAs are already being put to unsafe and potentially invasive uses.
4.62 Given the complexity of Australia’s privacy regime, it is likely that the majority of RPA users are unaware of the specific circumstances in which their RPA use may breach someone’s privacy. The Committee takes the view that steps should be taken to better inform the breadth of RPA users about possible privacy breaches and the need to operate RPAs responsibly.
The Committee recommends that the Australian Government, through the Civil Aviation Safety Authority (CASA), include information on Australia’s privacy laws with the safety pamphlet CASA currently distributes to vendors of remotely piloted aircraft. The pamphlet should highlight remotely piloted aircraft users’ responsibility not to monitor, record or disclose individuals’ private activities without their consent and provide links to further information on Australia’s privacy laws.
4.63 While it is difficult to prevent the misuse of new technologies, it may be possible to give people who have been the victims of that misuse easier access to justice. The current complexity of Australian privacy law is a burden to these individuals that should be addressed.
4.64 The Committee emphasises that while RPAs pose specific privacy problems, they are just one of many emerging technologies that have privacy implications. Addressing the issues RPA use raises should be part of a broader effort to update Australian privacy law to deal with the gamut of invasive technologies.
4.65 The Committee notes that the ALRC’s inquiry into serious invasions of privacy in the digital era is nearing completion. The Committee notes from its discussion paper that the ALRC may recommend the creation of a tort of serious invasion of privacy, and that it may recommend the standardisation of surveillance and harassment laws across jurisdictions. There is a clear need for reforms of this type.
The Committee recommends that the Australian Government consider introducing legislation by July 2015 which provides protection against privacy-invasive technologies (including remotely piloted aircraft), with particular emphasis on protecting against intrusions on a person’s seclusion or private affairs.
The Committee recommends that in considering the type and extent of protection to be afforded, the Government consider giving effect to the Australian Law Reform Commission’s proposal for the creation of a tort of serious invasion of privacy, or include alternate measures to achieve similar outcomes, with respect to invasive technologies including remotely piloted aircraft.
The Committee recommends that, at the late-2014 meeting of COAG’s Law, Crime and Community Safety Council, the Australian Government initiate action to simplify Australia’s privacy regime by introducing harmonised Australia-wide surveillance laws that cover the use of:
- listening devices
- optical surveillance devices
- data surveillance devices, and
- tracking devices
The unified regime should contain technology neutral definitions of the kinds of surveillance devices, and should not provide fewer protections in any state or territory than presently exist.
4.66 The Committee notes that law enforcement agencies have stated that at present they have no plans to use RPAs in a surveillance capability. However it is apparent that, given the rate at which RPA technology is developing, Australia’s law enforcement agencies will soon have access to cost-effective mass surveillance technology.
4.67 Moreover, evidence to this inquiry has indicated that the Commonwealth Surveillance Devices Act is no impediment to the deployment of that capability by law enforcement agencies. Australia’s surveillance laws were not designed with this capability in mind and, in order to protect Australian citizens’ rights and freedoms, the Committee is of the view that the use of RPAs for surveillance should be subject to a rigorous approval process.
The Committee recommends that the Australian Government consider the measures operating to regulate the use or potential use of RPAs by Commonwealth law enforcement agencies for surveillance purposes in circumstances where that use may give rise to issues regarding a person’s seclusion or private affairs. This consideration should involve both assessment of the adequacy of presently existing internal practices and procedures of relevant Commonwealth law enforcement agencies, as well as the adequacy of relevant provisions of the Surveillance Devices Act 2004 (Cth) relating but not limited to warrant provisions.
Further, the Committee recommends that the Australian Government initiate action at COAG’s Law, Crime and Community Safety Council to harmonise what may be determined to be an appropriate and approved use of RPAs by law enforcement agencies across jurisdictions.
4.68 RPAs have introduced privacy and safety issues not conceived of a decade ago. The Committee is aware that the technology of RPAs a decade from now may exceed what we can currently imagine. Given the seriousness of both privacy and air safety and the expected surge in the use of low cost RPAs, the Committee considers it imperative that a forward plan is in place to monitor RPA use and regulation.
4.69 While the current work of CASA and the ALRC is appropriately addressing current issues, a more coordinated approach for the future is required. Further, given the diversity of users and rapid technological change, there must be better coordination in the review and development of privacy and air safety regulation relating to RPAs.
The Committee recommends that the Australian Government coordinate with the Civil Aviation Safety Authority and the Australian Privacy Commissioner to review the adequacy of the privacy and air safety regimes in relation to remotely piloted aircraft, highlighting any regulatory issues and future areas of action. This review should be publicly released by June 2016.
The report has received extensive coverage in the newspapers with the Age, Australian and Guardian all running stories as did itnews and zdnet. On the ABC the Drum covers the story as does the The World Today which provides:
ELEANOR HALL: A parliamentary committee is recommending stronger privacy laws to protect the public from invasive technologies like drones.
The Government-dominated committee calls on the Abbott Government to look at creating a tort of privacy.
But the Attorney-General George Brandis has previously rejected such a move as an intrusion on personal freedoms.
From Canberra, Naomi Woodley reports.
NAOMI WOODLEY: The report of the House of Representatives Standing Committee on Social Policy and Legal Affairs is titled Eyes in the Sky, but its recommendations go beyond the use of remote-piloted aircraft, more commonly known as drones.
GEORGE CHRISTENSEN: The recommendations in this report are intended to serve as a starting point for an ongoing process of reform and adjustment to Australia’s privacy and air safety regimes.
NAOMI WOODLEY: The committee was chaired by the Queensland Coalition MP George Christensen. It has a total of six Government MPs and four from the Opposition.
GEORGE CHRISTENSEN: Australia’s remote-piloted aircraft or drone industry is growing rapidly. Increasing numbers of consumers are buying and using drones and they already play a role in a range of Australian industries, from journalism, cinematography, policing and emergency services, to agriculture, mining and scientific research.
NAOMI WOODLEY: Mr Christensen says they recognise drones can reduce the cost and risk of many dull or dangerous jobs, but he says they can also be misused.
GEORGE CHRISTENSEN: They can pose a safety risk to other aircraft or to people and property on the ground, and the cameras and sensors they carry can be used to invade someone’s privacy. The challenge we face is to realise the potential of this innovative technology while protecting against its risks.
NAOMI WOODLEY: The committee has made six recommendations in total which fall into two broad categories – safety and privacy.
GEORGE CHRISTENSEN: The committee has recommended that the Government simplify what is a complex web of privacy and surveillance laws, so that members of the public and drone operators alike can more easily understand the law.
At the same time, the committee has recommended that the Government consider introducing legislation to protect Australians from intrusions into their private seclusion and to provide a more reliable remedy for those whose privacy has been breached.
NAOMI WOODLEY: The Australian Law Reform Commission has recently finished a report on serious invasions of privacy. It has been handed to the Government but not yet publicly released.
The discussion paper issued by the commission raised the prospect of introducing a tort of privacy for the most serious invasions, that is, giving people the ability to launch a civil suit for compensation if their privacy is breached. The committee says this or something similar should be considered by the Government.
But in April, the Attorney-General George Brandis was quoted as rejecting that recommendation. His office hasn’t responded to The World Today’s request for comment today.
The committee’s deputy chair, the Labor MP Sharon Claydon, says the recommendations do have bipartisan support.
SHARON CLAYDON: The privacy act does offer some substantial protections in certain circumstances, but there are a number of situations in which it may not protect Australians against the invasive use of drones.
A lack of uniform laws across state boundaries was highlighted as particular issue of concern, as was the method for individuals to redress potential privacy breaches.
NAOMI WOODLEY: To address those concerns, the committee wants the federal and state and territory governments to harmonise surveillance laws across the country to include listening devices, optical and data surveillance devices, and tracking devices.
It says the Commonwealth should also examine the current and future use of drones by law enforcement agencies and their impact on privacy.
Labor’s Sharon Claydon says the committee has called on the Civil Aviation Safety Authority to include privacy information with the safety pamphlet already given to drone operators.
SHARON CLAYDON: While control of airspace is already legislated, the committee recommends that CASA broaden future consultation processes to include industry and recreational uses from a non-aviation background.
NAOMI WOODLEY: But the committee wants CASA and the privacy commissioner to conduct another review by 2016 to make recommendations for the future, given the rapid development of drone technology.
ELEANOR HALL: Naomi Woodley reporting.
As the story points out the Attorney General has made grumbling noises against a tort of privacy very much along the same lines as News Limited has run its opposition, that such a tort is an intrusion on personal freedoms. Except that privacy should be a personal freedom deserving of protection as well. The concern is that privacy rights abut the right to freedom of expression. In the main that is wrong and where there is a clash of rights the tort can be framed to give proper defences which would enable freedom of expression to be protected. It is not all that hard. More to the point there is a such a tort in New Zealand and the press is robust and active. There is a such a tort in Canada and it has not stopped reporters running stories.
Doing nothing is an abrogation of responsibility. The issue is clear and the developing problems will not go away because someone chants a political mantra. If anything the technology will keep expanding and the problems will grow. For example in AirDog auto-follow drone for GoPro smashes Kickstarter targets Zdnet reports on the development of auto follow drones that will follow a target and hover. It is designed to follow the owner or someone who wants to be followed but that can easily change. As the story says:
But what about the more sinister side of aerial tracking?
What if you do not trust your other half? An AirLeash can easily be concealed in a bag and used to track whoever you want whilst in range.
You can remotely spy on anyone carrying the AirLeash – your personal cameraman stabilizes the shots and focuses directly on the target.
You can position the AirLeash just outside the school gates and set the drone to fly around inside the perimeter.
This is not sci fi maybe scenarios. It is the here and the now. It is only where drones drop out of the sky and harm someone, as reported in Drone operators involved in athlete’s injury referred to Director of Public Prosecutions, is the law somewhat effective and then in a narrow range of safety related cases.
[…] House of Representatives hands down report on drones, “Eyes in the Sky” […]