pdf (62.96 KB)

Submission to the Standing Committee of Attorneys-General by

the Office of the Privacy Commissioner

November 2005

1. Office of the Privacy Commissioner

The Office of the Privacy Commissioner (the Office) is an independent statutory body responsible for promoting an Australian culture that respects privacy. The Privacy Act 1988 (the Privacy Act) covers federal and ACT Government agencies, businesses with an annual turnover of more than $3 million, the private health sector, small businesses that trade in personal information and credit providers and credit reporting agencies. The Privacy Commissioner has responsibilities under the Privacy Act and other federal legislation to regulate the way agencies and organisations collect, use, store and disclose individual's personal information.

2. Background and Discussion Paper

It is understood that the ‘Unauthorised Photographs on the Internet and Ancillary Privacy Issues Discussion Paper’ (the Discussion Paper) prompting this submission was released in response to a series of incidents where unauthorised photographs of children and teenagers taken in public places were posted on the internet without the subjects’ consent. In one instance, the website which displayed images of schoolboy rowers had links to pornographic websites.

These incidents were widely reported in the media as having caused distress to the subjects of the photos and their parents and there was a reflection in the reportage that the incident was an invasion of privacy. However, in this particular case, there were few avenues of redress, primarily because the photographs, in and of themselves, were not offensive and were taken in a public space.

The focus in the Discussion Paper is on the use to which the images were put rather than the act of taking the photos because it was the subsequent use and publication on the Internet which is purported to have caused distress and attracted media attention.

The Privacy Commissioner welcomes the exploration of these issues in the Discussion Paper and hopes it encourages further debate within the community.

3. Application of the Privacy Act to Unauthorised Photographs on the Internet

The Privacy Act assists in protecting individual privacy by fostering individual’s control over their personal information, through the application of privacy principles to the information handling practices of Commonwealth government agencies and private sector organisations. The Information Privacy Principles (the IPPs) cover the federal government sector while the National Privacy Principles (the NPPs) cover many organisations in the private sector.

The Privacy Act only applies to personal information. Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. As is noted in the Discussion Paper at paragraph 63, “for the Privacy Act to apply that personal information must be in the form of a record which can include a document, database, photograph or other pictorial representation of a person”.

It is also important to note that there are a number of exceptions to the NPPs. In particular, the NPPs generally do not apply to small businesses. That is, a business with a turnover of 3 million dollars or less, which is not a health service provider, will not usually be covered by the Privacy Act.

In order to illustrate the scope of the Privacy Act in relation to unauthorised photographs on the Internet, it may be useful to consider the example of an Australian business placing photographs of an individual on its website taken without the individual’s consent. Generally speaking, it is likely that the individual concerned could refer the matter to the Privacy Commissioner for investigation.

If the organisation were covered by the Privacy Act, and the photograph constituted an individual’s ‘personal information’, the organisation may have an obligation to provide notice to the individual of its taking of the photograph, and in some cases, to seek the consent of the individual to do so. Depending on the purpose for which the photograph was taken, the organisation’s subsequent use of the image may then be limited to related secondary purposes within the individual’s reasonable expectations.

The issues raised in the Discussion Paper focus primarily on interactions between individuals. For example, the Discussion Paper appears to anticipate a scenario where an individual takes a photograph and posts it on a website that the individual administers.

Relevantly, under section 16E of the Privacy Act, the NPPs do not apply to the information handling practices of individuals who are not engaged in business but are merely conducting their personal, family or household affairs. Therefore, as is noted in the Discussion Paper, the Privacy Act will generally not apply to an individual who, acting in their private capacity, takes photographs of another person without their consent.

4. Review of the Private Sector Provisions in the Privacy Act – New Technologies

In March this year, this Office completed a Review of the Private Sector Provisions in Privacy Act (the Review). In the Issues Paper produced for the Review[1], the Office raised issues related to the adequacy of the Privacy Act in its application to new technologies, such as the Internet.

The Office suggested that the accessibility of new technologies could mean that individuals acting in their personal capacity may also be capable of invading individual privacy in ways that warrant further consideration. It is worth reflecting that there did not appear to be a great deal of support from submissions to the Review, or in consultations undertaken by this Office during the Review, for changing the Privacy Act so that it could cover the activities of private individuals in their personal capacity[2]. For example, in its submission to the Review, the Australian Consumers’ Association expressed the view that controlling individual behaviour is best left to social norms backed by general or specific laws.

However, as a result of submissions and consultations, the Office did recommend that the Australian Government review the NPPs to assess whether they remain relevant in light of technological developments and consider initiating discussions through appropriate international forums about how to deal with major international jurisdictional issues arising from global reach of new technologies[3]. It is possible, though not specifically dealt within the Review Report or the submissions, that issues related to unauthorised photographs on the Internet could be further explored as part of the implementation of these recommendations.

5. Options for Reform

The Discussion Paper puts forward a variety of different options for reform to combat the harm caused by publication of unauthorised photographs on the Internet. These options include a mix of approaches under civil and criminal law.

In regard to criminal law, the Discussion Paper suggests the creation of a new criminal offence to deal with unauthorised use of photographs of children, the clarification of the existing National Classification Code classification for the purposes of online content regulation and the use of ‘take down notices’ (that is, an enforceable mechanism for the removal of images from the Internet).

In exploring options for civil law remedies, the Discussion Paper considers the Dutch 'reasonable interests' approach. This approach is based on that taken in the Dutch Copyright Act which prohibits publication of a portrait if publication is contrary to the reasonable interests of the subject. The Discussion Paper also proposes the development of an education campaign to promote the appropriate use of mobile phone cameras and to increase community awareness of the existing mechanisms for making complaints about Internet content. A further remedy proposed is the establishment of a process whereby individuals may request that their image be removed from a website, in particular if the person in question objects to the context. For example, it might be personally offensive to be associated with a product that an individual finds objectionable - such as tobacco or alcohol.

The primary challenge in developing remedies for the harm associated with unauthorised photographs on the Internet is addressing the issue in a balanced manner, facilitating the freedom to take photographs in public places, while recognising community standards and the privacy interests of the subjects of such photographs.

The taking of photographs

As noted in the Discussion Paper, the extent to which the taking of unauthorised photos is harmful is often determined by the use to which the photos are put and the context in which they are displayed. For example, displaying photographs of children or adults at the beach in an album as part of a record of a holiday may be relatively benign, but posting them on a voyeuristic Internet site may cause harm and distress.

It is a reasonable assumption that the majority of unauthorised photographs taken in public are taken for innocuous purposes. An album filled with shots taken in public forums whilst sightseeing would be commonplace in many Australian households. Consequently, it is difficult to apply regulatory or legal restrictions to the taking of unauthorised images because the regulation would have to include a mechanism for anticipating whether the purpose for which the photo is taken is harmful. Furthermore, robust community debate would be necessary to establish whether this approach was viewed as an appropriate response to a generally socially acceptable behaviour.

This is particularly the case in relation to situations where individuals are taking photographs in their private capacity. In restricting the taking of unauthorised images of children and people, non legal approaches may be a more effective response. There is evidence that social protocols are developing so that just as an individual might ask somebody in a restaurant to stop using a mobile phone because it is intrusive, people are less afraid to tell somebody to stop using a camera phone at the beach or in contexts involving children where taking photos is perceived to be voyeuristic by the community[4].

The Office understands that a number of Australian community organisations have put in place protocols requesting patrons not use mobile phones in change rooms, in order to avoid the possibility of mobile phone camera usage. Organisations may consider implementing similar protocols in sensitive contexts, especially involving children.

The Office supports the recommendation in the Discussion Paper that an education campaign be embarked upon to better inform the community of issues around the use of mobile phone cameras, but also suggests that the scope of such a campaign be extended to include the appropriate taking of photographs generally.

The use or publication of unauthorised photographs

The ability to develop digital photographs on personal computers and distribute them via the Internet increases the number of potential uses and viewers of unauthorised photographs and decreases the control that the subject has over their image. It is in the context of these new technological developments that the issue of redress for harm caused by the inappropriate use of these images under existing legal and regulatory arrangements has arisen.

In paragraph 73 of the Discussion Paper it is noted that “The Commonwealth Criminal Code has recently been amended to include an offence of intentionally using a carriage service (including use of the Internet) in a way which would be regarded by reasonable persons as being in all the circumstances, menacing harassing or offensive”. The test that the image is offensive to a reasonable person would appear to be a way of addressing this issue in a balanced manner facilitating the freedom to take photographs in public places while recognising community standards on what uses of images are regarded as offensive.

A stronger test, which may be appropriate in cases involving children, could be to apply the reasonable interest test, based on the approach in Dutch copyright law. By this measure, the use of an image would not be permitted if it is contrary to the reasonable interest of the person shown in the image. This test would seem to deliver a higher degree of control to children and their guardians over the use of the child’s image. Given the sensitivity around images of children in the community, evident in the public response to the particular case of the schoolboy rowers this which partially precipitated the Discussion Paper, a more subjective test which delivers greater individual control over personal information may be the preferable option.

Additionally, it seems reasonable that any reform to the criminal law would be more effectively implemented in conjunction with enforcement mechanisms such as the suggested ‘take down notices’ and clarification of the existing National Classification Code classification for the purposes of online content regulation. These solutions may give individuals a measure of control over the use of their image, consistent with community standards.

Consent

As noted in the Discussion Paper it is often not feasible to secure consent for photographs taken in public places. From a privacy perspective, it is desirable that individuals maintain an appropriate level of control over their personal information, which may include photographs. Giving individuals the ability to consent to the use of their personal information gives them control over their personal information and the capacity to maintain a degree of privacy by restricting the use of this information. However, in situations where individuals, acting in their private capacity, are taking innocuous photographs of others, consent is unlikely to be practical and it may be more appropriate for regulation to focus on building in alternative mechanisms for individual control.

Accordingly, the Office generally supports further consideration on the development of a process whereby individuals may request that their image be removed from a website. This level of control may provide individuals with greater choice over how their image may be used.

6. Conclusion

It is vital that any measures taken to address the issues of unauthorised photographs on the Internet accurately reflect community standards and expectations. Accordingly, a balance must be struck between the freedom of individuals to take photographs and the privacy interests of the subjects in those photographs. Given the importance of considering the contextual nature of the issues involved, a multi - layered approach, using a combination of mechanisms is likely to be the most effective way forward. The Office supports options for reform which incorporate education campaigns to raise community awareness about the issues associated with unauthorised photographs, combined with criminal and civil remedies that most appropriately address the particular harm caused. Ultimately, implementation will be smoothest if reform in this area is guided by community standards.