The Privacy Commissioner has released the 2026 survey into Australian Community Attitudes to Privacy. The Privacy Commissioner conducts  a survey annually.  As with previous years it reveals that Australians value their privacy and are concerned about modern practices which interfere with that privacy.  Not surprisingly the concerns are greater now than 5 years ago and the trust lower.

The Commissioners’ foreward provides:

Australians’ expectations about privacy continue to sharpen as the information ecosystem becomes more complex, data-intensive and difficult to navigate. The 2026 Australian Community Attitudes to Privacy Survey (ACAPS) points to a community that places a high value on privacy, but does not consistently experience privacy protections as workable in practice. Trust is uneven across sectors, and wariness of emerging technologies is increasing, particularly in terms of fairness, accountability and the practical ability to exercise rights. Australians want greater transparency, more proportionate collection of personal information, and a fairer go when using digital services.

The right to privacy and the right to access information are protected and promoted by the Office of the Australian Information Commissioner (OAIC). The ACAPS findings go to broader issues beyond privacy such as information access and encompass the full range of the OAIC’s regulatory 2025-26 priorities, which include a focus on rebalancing power and information asymmetries, and rights preservation in new and emerging technologies. This survey builds on the cross-jurisdictional 2025 Information Access Study, which showed Australians expect accountability, transparency, and clear access to government information – particularly where technology such as artificial intelligence (AI) is being used to support automated decisions.

Just as technology is proving to be a means to rapidly transmit information its deployment is impacting public trust. This is because data handling is arguably not keeping pace with community expectations, and hampering Australians’ engagement in the digital economy. Greater confidence in how personal information is handled would increase Australians’ willingness to use digital services or programs that require sharing personal information. Around two-thirds (68%) say they would be more likely to use such digital services if they felt their data was handled fairly and responsibly.

ACAPS shows that while 93% say protecting personal information is important to them and 87% say they are more concerned about privacy than 5 years ago, many do not feel able to act on that concern day-to-day. Consent is often experienced as a gateway: 65% say sharing information rarely or never feels like a genuine choice and 68% say the same about consent. A substantial proportion of the community (78%) report very little or no real control over how their personal information is collected and used, and 52% say they accept sharing because they might otherwise miss out on essential services or opportunities. This points to persistent power and information asymmetries not addressed by notice and consent alone.

Australians also draw clear fairness boundaries. Only 10% say organisations’ real-world data practices are usually fair, while 35% say they are mostly or always unfair. Fairness concerns appear to concentrate around disproportionate collection, limited or unrealistic opt-out, and situations where benefits are perceived to flow mainly to organisations. There is strong rejection of practices associated with data brokerage and advertising technology, alongside expectations for stronger limits on collection, retention and secondary uses. Australians feel that when an entity collects their personal information for one reason, it is often not fair or reasonable for them to use it for another reason. For example, 93% say it is not fair and reasonable for an entity to use the personal information they collected to provide a product or service to train AI models. The survey also indicates a strong boundary around using personal information to train AI systems after a service they have received has ended (71% say this is unacceptable), reinforcing the importance of purpose limitation and lifecycle controls.

Expectations are clear for new and emerging technologies. AI is a widely recognised privacy risk (69%), trust in AI companies is low (4%), and acceptance of AI uses involving personal information appears contingent on protections that make high impact uses transparent and contestable. Australians most frequently prioritise a right to human review (81%), limits on how personal information is retained by third-party providers (80%), and being told when AI is being used (79%). This underscores the importance of the forthcoming automated decision-making (ADM) transparency obligation, which will require regulated entities to disclose the use of AI and ADM in their privacy policies from December 2026.

As the government sector expands its use of technology to inform decision making and deliver services, preservation of information access rights is increasingly important.

This emphasis on transparency was mirrored in the 2025 Information Access Study that found a significant majority of Australians (86%) also agree that the government must publicly report on any technology used to inform freedom of information decision-making (including AI and automated decision-making). The OAIC’s January 2026 report into ADM highlighting transparency obligations under the FOI Act shows that much needs to be done to ensure Australians are aware of how their information is used by government agencies. As a responsive regulator, the OAIC is focused on strengthening the information governance of the Australian Public Service and ensuring timely access to government information. In providing the ADM Report and guidance to government agencies, the OAIC recognises the efficiency and productivity gains that can be delivered through technology to a community that is confident to engage with digital services and better equipped to exercise related rights, including seeking a review of a government agency decision.

ACAPS highlights the gap between formal rights and lived experience. Two in 5 Australians (40%) say they do not really know what data organisations hold about them or how to access it, and only 11% say they can easily access their data and request corrections or deletion. Even where concerns arise, action is not assured: 64% had concerns in the past year, but 52% did not raise them, often because they felt it would not make a difference (56%), would be too hard or time-consuming (51%), or they did not know how (40%). This reinforces the importance of clear, timely and accessible pathways for access and redress.

Australians demand transparency, both in understanding their privacy rights, how their information is used, and in embracing their right to access that information. Improving transparency will strengthen the community’s already active engagement with these systems and safeguard a healthy, informed and vibrant democracy.

Some of the findings are:

• 93% say protecting personal information is important to them, and 87% say they are more concerned about their privacy than they were 5 years ago
• Almost all respondents (98%) say organisations that collect, use or share personal information should be responsible for protecting privacy even if no immediate harm occurs, with 86% viewing this responsibility as very strong.
• Around two-thirds (68%) say they would be more likely to use digital services requiring personal information if they believed their data was handled fairly and responsibly
• Nearly all (96%) say some conditions should be in place before AI is used
• Around 7 in 10 Australians (71%) consider it somewhat or very uncomfortable for organisations to use personal information originally provided for a service to train AI systems after that service has been completed.
• Acceptance is lowest for automated eligibility or risk-based decisions, such as loan approvals or benefit eligibility, with only one-quarter (25%) viewing this as acceptable
• 78% report very little or no control over how their personal information is collected and used
• regarding consent, 65% say sharing information rarely or never feels like a genuine choice and 68% say the same about 52% say they accept sharing because they might otherwise miss out on essential services or opportunities
• Around 9 in 10 Australians (92%) say data collection can be acceptable under certain conditions, particularly where:
  • the purpose is clear (69%),
  • consent or opt-in is available (68%),
  • collection is limited to what is necessary (66%), and
  • the ability to opt out of non-essential collection (61%).
• 73% (vs 64% in 2023) experienced a privacy concern in the past 12 months
• The most common concerns were being unable to unsubscribe from marketing (41% vs 25% in 2023) and having information used for unsolicited direct marketing (38% vs 21% in 2023)
• Among those who experienced a concern, 70% (vs 55% in 2023) reported more scams/spam, 46% (vs 53% in 2023) reported loss of trust and 39% reported loss of control
• Around three-quarters (77%) of Australians whose data was involved in a breach experienced at least one form of harm, while exposure to scams and spam increased and was the most common impact (62% vs 52% in 2023).
• Only 10% say organisations’ real-world practices are usually fair, while 35% say they are mostly or always unfair
• Around 9 in 10 say it is not fair and reasonable to use personal information for selling/trading personal information (96% vs 87% in 2023), online tracking, profiling and targeted advertising to children (96% vs 89% in 2023) or other vulnerable individuals (95% vs 88%), unnecessary location tracking (94% vs 87%), training AI models/products (93%), significant AI-informed decision (91% vs 70%), differential pricing (91%), or targeted advertising based on sensitive data (91% vs 84% in 2023). Around 7 in 10 (71%) consider it unacceptable for organisations to use personal information provided for a service to train AI systems after the service has been completed
• Individuals view the provision of basic identifiers to access a service as reasonable, but 92% say there are some types of information organisations should never collect. Information about sexual orientation (72%) and biometrics (71%) feel excessive or unjustified in most situations, regardless of the organisation or purpose
• Trust remains highest for health service providers (74%) and government agencies (68%), but has fallen across insurance, telecommunications, technology, retail and real estate sectors since Trust is lowest for social media companies (3% vs 14% in 2023), data brokers and AI companies (4%).
• 40% do not really know what data organisations hold about them or how to access it, while 11% say they can easily access their data and request corrections or deletion
• 64% had concerns in the past year, but 52% did not raise them. Among non-complainants, 56% said it would not make a difference, 51% said it would be too hard/time-consuming, and 40% did not know how. Among those who did complain, only 9% said the issue was resolved to their satisfaction
• Confidence in privacy complaint handling varies by sector, with banks and financial institutions (46%), health services (42%) and government agencies (41%) rated highest, and very low confidence in online retailers (4%) and social media platforms (3%).
• 93% support a legal right to request deletion of personal information, and there is strong support for extending equivalent privacy obligations to currently exempt sectors
• The biggest privacy risks identified by Australians include:
  • data breaches (82%, up from 74% in 2023)
  • organisations not storing personal information securely (77%, up from 60% in 2023)
  • scammers attempting to access personal information (75%, up from 71% in 2023)
  • organisations sending information overseas (70%, up from 50% in 2023)
  • concern about AI systems using personal information (69%, up from 43% in 2023).

  Together, these findings suggest that perceived privacy risks are linked to weaknesses in organisational systems, poor information handling and security by organisations, and harmful actions by outside parties.

Read the rest of this entry »

Last Friday, 28 May 2026, the New South Wales Parliamentary Research Service has released a Report, NSW privacy law and the new tort of serious invasion of privacy. It is authored by Barbara McDonald, Professor Emerita of the University of Sydney Law School. Professor McDonald conducted the Australian Law Reform Commission enquiry into digital privacy which was published as the Serious Invasions of Privacy and the Digital Era in 2014.

Key aspects of the Report are:

Concept of privacy

• It is generally used to refer to privacy of information, privacy of communications and personal privacy, with the last aspect being the most general and undefined in scope.
• The right to privacy is recognised in the Universal Declaration of Human Rights and the International Covenant of Civil and Political Rights 1966 (ICCPR), which was ratified by Australia in 1980.⁴ Article 17 of the ICCPR provides that:

1. 1. No one should be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation.
   2. Everyone has the right to the protection of the law against such interference or attacks.

• Ultimately, privacy underpins individuals’ ability to live fulfilled lives by allowing them to develop autonomy, forge family and other relationships, develop independent thoughts and opinions, obtain assistance when necessary, and communicate with others on matters of social, personal and democratic importance.
• Personal privacy encompasses bodily privacy and privacy in physical places.
  • Bodily privacy underpins physical safety, integrity and personal dignity.
  • Privacy in physical spaces underpins personal security and safety as well as freedom of movement and association.
  • Personal privacy may also be said to encompass the rights to a family life which are recognised in international covenants
• Informational privacy refers to privacy over information or data, in whatever form, about a person, including their relationships, their activities and their movements. It:
  • may or may not be classed as confidential information, depending on the circumstances. It includes health information and personal financial information.
  • overlaps with other aspects of privacy as disclosure of private information about a person can affect their relationships, dignity, security and freedoms.
• Communications privacy:
  • refers to all manners and forms in which a person or entity may communicate with others, and may include draft or unsent communications.
  • overlaps with informational and personal privacy due to the human interaction involved in, and the content of communications. Examples might relate to personal correspondence between people in a relationship or closed group, or between a professional advisor and patient or client. The digital revolution and technological advances providing new ways to communicate have also opened up new ways to invade communications and other aspects of privacy

Existing privacy laws

• the common law of Australia has not kept up with the law developed elsewhere. Further, the absence of Australia-wide human rights legislation such as in the United Kingdom or New Zealand has no doubt meant that the springboard for the courts to develop private remedies is also absent.

• Bodily privacy is protected in the common law by the torts of trespass to the person (which includes battery, involving non-consensual physical interference) and assault (which involves threats of imminent violence). These tort actions provide no protection against indirect interferences such as visual snooping or photography or filming of a person without consent, nor against the use or communication of such footage

• Any unlawful entry is a trespass to land. While there is implied permission to enter for a range of lawful purposes, an entry for a purpose outside those lawful purposes will be treated as trespass and a person in breach of the entry conditions may become a trespasser. Media crews have been sued for trespass in such cases
• A limitation of existing law is that only the occupier with exclusive possession could sue for trespass
• The tort of private nuisance protects an occupier’s quiet enjoyment of their land and premises from a substantial interference caused by the extraordinary activities of a neighbour or other person outside the land
• Confidential information–information imparted under an obligation to keep it confidential–has long been protected by the courts, ever since Prince Albert obtained an injunction to stop the publication of descriptions of Queen Victoria’s private etchings of their family life which had been entrusted just for personal copies to be made
• Where photography is taken in an intimate context it is an actionable breach of confidence, remedied by an injunction and/or damages, to communicate those images or recordings to third parties without consent
• the law on confidential information may not necessarily protect private information fully: it may not have been imparted under an obligation to keep it confidential; it may have become publicly or widely known (and yet still be private in nature); and the law on breach of confidence is usually more concerned with preventing misuse or disclosure than remedying injured feelings after the breach
• The Telecommunications Interception and Access Act 1979 (Cth) applies to communications using telecommunications. Section 7 prohibits the interception of a communication passing over a telecommunications system and makes it unlawful to authorise or permit or enable another person to intercept such a communication. It only applies to interceptions during the passage of communications over a network. It does not, for example, apply by placing a tape recorder beside the telephone receiver (although state legislation may then apply
• in NSW is the Surveillance Devices Act 2007 (NSW) which provides important, but not complete, protection for personal and communication privacy. This Act provides that a person must not knowingly install, use or maintain a listening device to overhear, record, monitor or listen to a private conversation. Among the exceptions is where all principal parties consent to the recording.  A private conversation is defined as a conversation carried on in circumstances that may reasonably be taken to indicate that any of the parties’ desire to be heard only by themselves or by someone to whom they have given consent. It does not include a conversation in which the parties ought reasonably to expect that it may be overheard by someone else
• With regard to optical devices, a person must not knowingly install, use or maintain an optical surveillance device on or within premises or a vehicle to record visually or observe the carrying on of an activity where that involves entry on the premises or a vehicle without the consent of the owner or occupier or interference with the vehicle
• The Privacy Act 1988 (Cth) regulates the use of personal information by Commonwealth and other government entities, commercial entities or corporations with an annual turnover of more than $3 million, and small business entities that deal in personal or health information. Other small business entities holding personal information are not regulated by the Act. Personal information is defined as ‘information or opinion about an identified individual, or an individual who is reasonably identifiable, whether or not true and whether or not in material form’. Information about an individual may come within the definition even though it is not, in fact, what would be considered to be private or confidential information.
• The Privacy Commissioner, as a member of the Office of the Australian Information Commissioner (OAIC), is charged with overseeing and enforcing the operation of the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) contained in that Act
• The consequence of an entity not complying with, for example, the Australian Privacy Principles or other provisions of the Privacy Act 1988 may be an adverse determination by the Commissioner. The entity may seek a review of that determination by the Administrative Review Tribunal or commence judicial review proceedings. Orders to enforce the Commissioner’s determination may be made by the Federal Court of Australia
• The limitations of privacy legislation are that is the lack of a private or direct remedy in the courts for an individual who has been adversely affected by a breach of the legislation, rather than the indirect and time-taking route of seeking a determination to be enforced in federal courts. Importantly, this omission also reduces the availability of class actions which may be a more economical route than individual actions for a group of people adversely affected by a breach
• There is an exemption for media organisations for acts and practices carried out ‘in the course of journalism’; with the latter term not being defined. To be protected by this exemption, the media organisation must show itself to be bound by a code of practice, a form of self-regulation. It has been commented that the ‘level of protection [of personal privacy] that these codes provide in practice is questionable.’That will continue to be so, given that the exemption for journalists and media organisations under the new tort, as discussed in the next section, does not depend on their compliance with industry codes of conduct

Read the rest of this entry »

It is estimates season and the Privacy Commissioner appeared before Senate Estimates Committee on Tuesday.

• As of 31 March 2026, in the first three quarters of the financial year compared to the same time last year, privacy complaints increased by 73 per cent, and finalisations increased by 38 per cent. There is a backlog
• The OAIC is about to release its Australian community attitudes to privacy survey
• the OAIC remains mealy mouthed about enforcement “We are designing our regulatory approach proportionate to the issues that are raised and the harm that either is potential or has occurred, as indicated by my colleague.”  and  “..how we’re adjusting our regulatory posture through education, through enforcement and through all available measures to ensure we’re able to stem the incoming numbers.” Whatever that means.
• the Privacy Commissioner has some interesting theories for the spike in complaints; complaints about not getting access to personal information and excessive collection.  Both have always been matters of concern so why are people complaining now when they were less inclined to do so previously.
• there is no timetable on the second tranche of reforms.  

                   Senator BLYTH: What date has been set for that second tranche?                               What’s the timeline that you’re working towards?

                    Ms Chidgey : There’s been no specific timing set for that at this point,                        but we’re working towards targeted consultation.

The transcript provides:

CHAIR: The committee’s proceedings today will begin with the Office of the Australian Information Commissioner. Read the rest of this entry »

Privacy and data security is highly relevant in the use of Artificial Intelligence (“AI”). The Hong Kong Privacy Commissioner’s Office has undertaken a check on compliance with 60 organisations. The report makes it clear that AI is ubiquitous and there was reasonable steps being taken by many organisations in Hong Kong.  The report make clear what needs to be done to properly deploy AI without inadvertently impacting privacy. It is as big an issue in Australia.

The media release provides:

The compliance checks covered 60 organisations. In addition to the sectors covered in the 2025 compliance checks, including banking and finance, beauty services, education, government departments, insurance, medical services, public utilities, retail, social services, telecommunications and transportation, the compliance checks this round were expanded to cover the accounting, food and beverage, innovation and technology, logistics and property management sectors. The exercise sought to gain a more comprehensive understanding of whether different sectors complied with the relevant requirements of the Personal Data (Privacy) Ordinance (PDPO) in the collection, use and processing of personal data when using AI systems. 
 
The compliance checks also examined the 60 organisations’ implementation of the recommendations and best practices set out in the “Artificial Intelligence: Model Personal Data Protection Framework”^[3] (Model Framework), and the “Checklist on Guidelines for the Use of Generative AI by Employees”^[4] (Gen AI Checklist) published by the PCPD, as well as assessed their overall performance in AI governance.
 
Based on the findings of the compliance checks, the PCPD has the following major observations regarding the organisations’ personal data protection practices in their use of AI (see Annex for details):
 
Latest Application of AI in Hong Kong
Read the rest of this entry »

The papers, standards and guidelines published by the National Institute of Science and Technology (“NIST”) are in many ways more practical and effective than the guidelines issued by privacy regulators which must of necessity be more general. The NIST has published a very useful standard on methods to help manufacturers restore operations after a cyber attack.

The summary provides:

Industrial control systems (ICS) and devices that run manufacturing environments play a critical role in our nation’s economy. Manufacturers rely on ICS to monitor and control physical processes that produce goods for public consumption. These same systems face an increasing number of cyber attacks, presenting a real threat to manufacturing safety and production. Though defense-in-depth security architecture can help mitigate cyber risk, it may not entirely eliminate it. Organizations should have a plan to recover and restore manufacturing operations should a cyber event impact plant operations. The NCCoE, together with the NIST Communications Technology Laboratory and industry collaborators, will demonstrate an approach for responding to and recovering from an ICS attack within the manufacturing sector by leveraging the following cybersecurity capabilities: event reporting, log review, event analysis, and incident handling and response. The NCCoE will implement each of these capabilities in a discrete-based manufacturing work-cell that emulates a typical manufacturing process. The project will result in a freely available NIST Cybersecurity Practice Guide. Read the rest of this entry »

It has taken a while but the Government has finally released its repoonse to the Senate Legal and Constitutional Affairs Legislation Committee report.  Most of the recommendations related to machinery issues and were thus easily accepted.

The response provides:

The Australian Government welcomes the opportunity to respond to the Senate Legal and Constitutional Affairs Legislation Committee’s report, Privacy and Other Legislation Amendment Bill 2024 [Provisions] (the Report), tabled on 14 November 2024.

The Government thanks individuals and organisations that contributed to the Committee’s inquiry, including in preparing written submissions and appearing before the Committee.

The Government moved a number of amendments to the Privacy and Other Legislation Amendment Bill 2024 (the Bill) to implement recommendations of the Report.

The Bill passed the Parliament on 29 November 2024, and received Royal Assent on 10 December 2024.

The Privacy and Other Legislation Amendment Act 2024 makes a range of important amendments to strengthen privacy protections for Australians. The Act:

• • requires the development of a Children’s Online Privacy Code which will apply to social media and other internet services which are likely to be accessed by children
  • enables streamlined information sharing in the case of an emergency or an eligible data breach, while ensuring that information is appropriately protected
  • supports the free flow of information with appropriate protections by providing for countries and binding schemes with substantially similar data privacy protections to Australia to be prescribed
  • expands the suite of regulator powers and enforcement options available to the Australian Information Commissioner to effectively protect privacy
  • provides individuals with transparency about the use of their personal information in automated decisions which significantly affect their rights and interests
  • establishes a statutory tort for serious invasions of privacy, and
  • creates new criminal offences targeting the release of personal data in a manner that is menacing or harassing – a practice known as ‘doxxing’.

The Australian Government’s response to the Report is set out below. The response addresses the recommendations contained in the Report and in the additional comments

Committee’s Recommendations

Recommendation 1

The committee recommends that the minimum consultation period for the Children’s Online Privacy Code is extended to at least 60 days. Read the rest of this entry »

Shiny Hunters is on a tear. They have been successful in hacking Canvas and reportedly (but not confirmed) scored a US $10 million dollar pay off. That data breach affected Australian educational institutions. Now it has breached 7 – Eleven’s data security. It suffered a data breach last month, resulting in over 600,000 records being stolen. When 7 – Eleven refused to pay the ransom documents were leaked onto a dark web.

The article regarding the breach provides:

Convenience store chain giant 7-Eleven confirmed that its systems were breached in a cyberattack claimed by the ShinyHunters extortion group last month.

Founded in 1927, 7-Eleven now operates, franchises, and licenses over 86,000 stores globally, including 13,000 stores in the U.S. and Canada, while its 7Rewards and Speedy Rewards loyalty programs have more than 100 million members. Read the rest of this entry »

There have been some very significant data breaches in Australia in May. They include a data breach at Gregory Jewellers, with the loss of 574 gigabytes from the company, Champion Homes lost 44 gigabyte which was posted on the darknet, a data breach of a third party provider to Queensland Education and a data breach at Scope Systems. The Canvas data breach by the cybercriminal group Shiny Hunters has been the biggest data breach story in May. The Information Commissioner published an almost proforma statement on the data breach involving Canvas. Seven months ago Canva was hacked using an encrypted password data accessing 4 million Canva accounts. Canva published a reasonable statement of where things are at and the need to change passwords. The data breach had a huge impact on education providers in Australia. They were amongst the 9,000 institutions worldwide who were impacted. It also highlighted the poor response plans of many educational institutions. This lead to a scam warning about those trying to make some quick money pretending to be from Education Departments. Canva ultimately paid a ransom. It is rumoured to be Read the rest of this entry »

Location data is very valuable for a whole range of businesses and law enforcement. One of the first things police do when they have a suspect in a serious crime is to review the location data of that person’s mobile phone. That has sunk many alibis. At the commercial level location data is very valuable as well. It is also very sensitive information. At its most granular tracking a person’s movements is a serious invasion of his or her privacy. And that is what the Federal Trade Commission alleged in its charges against Kochava, a data broker. The FTC sued Kochava in August 2022 for selling data that tracked people to reproductive health clinics, places of worship and other sensitive locations. To resolve the matter Kochava has consented to orders injuncting it from selling sensitive information.

The sale of data in the United States is a big industry and there is no equivalent in Australia in the private sector because of the Privacy Act and general regulation against the commodification of data for commercial gain.  But the technology is the same in Australia as in the United States.  And in the recent past the controls on data exchange have loosened.

This case is relevant in highlighting the importance of securing and not misusing tracking data.  Tracking data is not confined to mobile phones.  Technology now allows for tracking of fitness devices and other wearable items.  Modern cars have tracking Read the rest of this entry »

Horsham Council has suffered an analogish data breach with cameras found in the change rooms of the Horsham Town Hall. The cameras were found on 1 April 2026. The Council brought in the Victoria Police. The analysis of the cameras resulted in two search warrants being executed resulting in mobile phones, computuers and storage devices being seized. It appears possible, if not likely, that the cameras were in place for 4 years.

Last Thursday the Council announced that a second inspection revealed no hidden cameras were found. Doing a sweep of rooms, including change rooms, would hardly rate is news normally.  But this privacy breach has been hugely embarrassing for Horsham, particularly as the cameras were found in change rooms in the Town Hall which was used to stage community functions and performances.  

As the Guardian Reports in The terrifying rise of secret cameras, the use of secret cameras is a growing problem but one that has a disturbing long history.  Spy cameras have been used in espionage as far back as 1885 and developed into more sophisticated devices during each of the World Wars and the Cold War. Miniaturisation and reduced cost of cameras put cameras that could be used secretly into the hands of individuals (or companies). Digital technology, with the ability to use and record remotely made the use of video cameras more widespread. 

While a member of the Board of the Australian Privacy Foundation and in my professional life, complaints of secret camera use were a fairly regular occurrence. 

Victoria criminalised this behaviour where, under the Surveillance Devices Act 1999, there is a prohibition of recording “private activities” where participants reasonably expect privacy, such as in homes or bathrooms. The penalties include 240 penalty units or up to 2 years imprisonment. Until the passage of the Statutory Tort of Interference with Privacy the civil options were limited and complicated.  In this case it is unlikely that there is a claim against Horsham Council for a breach of privacy.  That said, it is very odd that Read the rest of this entry »