Why it's time for guidelines on 'privacy and the media'

Conroy's “Clean Feed” project is an attempt to do something that has been to date unusual in the Australian context. It seeks to impose regulation through changes to infrastructure rather than the law (what Larry Lessig called in the US context “West Coast code” - or software - rather than “East Coast code”- or law). Most of the constraints on publishers in Australia are legal in nature. An indication of the scope of the constraints is provided by the list below.

Legal constraints on publishers

• Breach of Confidence
• Censorship
• Contempt of Court
• Copyright Infringement
• Defamation
• Discrimination
• Harassment
• Misleading or Deceptive Conduct
• Negligence
• Negligent Misstatement
• Privacy Breach
• Racial Vilification
• Suppression Orders

Many of these laws are quite vague in their expression, and their application to any particular circumstance can only be determined by court action. In “official media” organisations, a great deal is known about them. Protections have been institutionalised, through business processes that review draft content for possible breaches prior to publication. Prosumers are (with some exceptions) subject to these laws, but most “unofficial media” contributors have yet to grasp their significance.

Privacy regulation

Among the constraints on publishers, privacy remains something of a Cinderella, waiting for its big moment. There is a distinct lack of laws, because the media is exempt from the private sector provisions of the Privacy Act (subject to the weak proviso that "the organisation is publicly committed to observe [published] standards that deal with privacy ..."). But times are changing. The UK courts have been, ever-so-slowly, developing a privacy tort, and Australian courts have shown signs of preparedness to create one if the legislature continues to fail to do so.

The media industry and the media professions had the opportunity to establish self-regulatory schemes, and most did so. But they fell a long way short of public expectations. For example, the Media Alliance Code provides brief guidance in relation to gathering information, but none about publication. The Australian Press Council's Privacy Standards are highly permissive, particularly in relation to disclosure of personal data. And the Australian Communications and Media Authority (ACMA) administers a register of Codes of Broadcasting Practice that, in at least their privacy segment, are vacuous and unenforceable. For example, even that of the ABC (PDF 144KB) says (in total), "The rights to privacy of individuals should be respected in all ABC content. However, in order to provide information which relates to a person’s performance of public duties or about other matters of public interest, intrusions upon privacy may, in some circumstances, be justified".

In response to the abject failure of the self-regulatory movement to satisfy the public need, the Australian Law Reform Commission (ALRC) recommended in late 2008 that "The Privacy Act should be amended to provide that media privacy standards must deal adequately with privacy in the context of the activities of a media organisation", and that consultative processes should lead to "a template for media privacy standards that may be adopted by media organisations".

Further, the ALRC recommended that "Federal legislation should provide for a statutory cause of action for a serious invasion of privacy ... restricted to intentional or reckless acts". Irresponsible media commentators have knee-jerked against this recommendation, and misrepresented its scope. It will be a valuable adjunct to the properly articulated “media privacy standards” that the ALRC has called for; but it will only ever be applicable in cases of quite serious and distinctly unreasonable breaches.

The Australian Privacy Foundation's Policy Statement

The Australian Privacy Foundation (APF), formed in 1987, is the primary association dedicated to protecting the privacy rights of Australians. It is an active supporter of freedom of the press and freedom of speech, not only because of their intrinsic importance, but also because gaining and sustaining privacy rights is dependent on them.

The APF policy statement on “privacy and the media” calls for the articulation of the vague privacy principles in current codes into meaningful guidance. That will enable professional journalists to make decisions about what personal data is and is not relevant to their articles. It will also enable oversight bodies to exercise judgment on complaints, and impose sanctions where they are appropriate. The intention is emphatically not to straitjacket the media, but to lay out the rules of the game for all to see.

Beyond merely calling for action, the APF has formulated quite specific proposals in relation to the Framework and the Guidelines that it believes are needed. The intention is to provide a balanced set of protections for the public and freedoms for the media. A topical example of a guideline (published before the current swine flu “pandemic”) is "The justification for the collection or publication of personal data [may] be based on ... Relevance to Public Health and Safety. For example, disclosure of a person's identity may be justified if they are a traveller who recently entered Australia and they are reasonably believed to have been exposed to a serious contagious disease".

Next steps

The APF has invited media industry associations (through the Australia's Right To Know Coalition) and the media professional association, Media Entertainment & Arts Alliance (MEAA), to consider the APF's framework and guidelines as a basis for expanding their codes.