Privacy in Australian law
Privacy in Australian law is affected and protected in limited ways by common law in Australia and a range of federal, state and territorial laws, as well as administrative arrangements. There is no absolute right to privacy in Australian law and there is no clearly recognised tort of invasion of privacy or similar remedy available to people who feel their privacy has been violated.
Australian courts have historically been reluctant to recognise a standalone cause of action for invasion of privacy, most notably in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd, where the High Court declined to confirm the existence of such a tort, while leaving open the possibility that it might develop in the future. As a result, individuals seeking redress for privacy intrusions must generally rely on indirect causes of action, such as breach of confidence, defamation, trespass, nuisance, or intentional infliction of harm, none of which are designed primarily to protect privacy interests.
In 2025, Australian privacy law underwent a significant reform with the introduction of a statutory cause of action for serious invasions of privacy added under the Privacy Act 1988(cth). For the first time, individuals in Australia gained a direct legal right to sue another person or organisation for serious invasions of their privacy, without needing to rely solely on indirect causes of action such as breach of confidence or equitable remedies.
What is privacy?
There is no statutory definition of privacy in Australia. The Australian Law Reform Commission was given a reference to review Australian privacy law in 2006. During that review it considered the definition of privacy in 2007 in its Discussion paper 72. In it, the ALRC found there is no "precise definition of universal application" of privacy; instead it conducted the inquiry considering the contextual use of the term "privacy".In reaching that conclusion, the ALRC began by considering the concept of privacy:
Privacy at common law
It is unclear if a tort of invasion of privacy exists under Australian law. The ALRC summarised the position in 2007:However, in 2008, the Court of Appeal of the Supreme Court of Victoria held "damages should be available for breach of confidence occasioning distress, either as equitable compensation, or under Lord Cairns' Act." This is a reference to the equitable doctrine of breach of confidence, which is different from a tort of invasion of privacy, although it has some applications to situations where one's privacy has been invaded.
In 2013, Attorney-General of Australia Mark Dreyfus QC MP again referred the issue of privacy to the ALRC. Its terms of reference included a detailed legal design of a statutory cause of action for serious invasions of privacy, and to consider the appropriateness of any other legal remedies to redress for serious invasions of privacy. The final report, , was tabled in September 2014, after there had been a change of government. There has not been a formal response from the Australian government.
Postal confidentiality
Since at least the 19th century, it has been the practice to enclose mail in an envelope to prevent infringement of confidentiality. The unauthorised interception of mail of another is a criminal offence.Telecommunications privacy
Telecommunications (Interception and Access) Act 1979
An Attorney-General discussion paper notes:Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
On 26 March 2015 both Houses of Parliament passed the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, which received royal assent on 13 April 2015.The Act implements recommendations of the Parliamentary Joint Committee on Intelligence and Security by amending the Telecommunications Act 1979 to:
- require telecommunications service providers to retain for two years telecommunications data prescribed by regulations;
- provide for a review by the PJCIS of the mandatory data retention scheme no more than three years after the end of its implementation phase;
- limit the range of agencies that are able to access telecommunications data and stored communications;
- provide for record-keeping and reporting the use of, and access to, telecommunications data; and
- require the Commonwealth Ombudsman to inspect and oversight these records for compliance, and Telecommunications Act 1997 to make consequential amendments.
2025 Reform
The reform was achieved through the Privacy and Other Legislation Amendment Act 2024, which amended the Privacy Act 1988 to include a new statutory tort. While many amendments in the Act took effect upon royal assent in late 2024, the statutory cause of action for serious invasions of privacy commenced on 10 June 2025.This change implements long‑standing recommendations, including from the Australian Law Reform Commission's 2014 report "Serious Invasions of Privacy in the Digital Era", which proposed creating a dedicated statutory cause of action for privacy invasions. Under the statutory cause of action, an individual may have a cause of action against another person if: The defendant invaded the plaintiff's privacy by intruding upon the plaintiff's seclusion or misusing information that relates to the plaintiff.
- A person in the plaintiff's position would have had a reasonable expectation of privacy in all the circumstances.
- The invasion was intentional or reckless.
- The invasion was serious.
- The public interest in protecting privacy outweighs any countervailing public interest.
- No proof of damage is required for the cause of action to arise.
- Proceedings must generally be commenced within 1 year after the plaintiff became aware of the invasion or within 3 years after it occurred. If the person whose privacy was invaded is under the age of 18, they don't have to start proceedings right away. Instead, they have until their 21st birthday to file a claim.
- A range of defences and exemptions applies, including consent, lawful authority, and exemptions for certain categories of entities such as intelligence and law enforcement bodies.
Australian privacy laws
Commonwealth
- Privacy Act 1988
- Telecommunications Act 1997
- National Health Act 1953
- Data-matching Program Act 1990
- Crimes Act 1914
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006
- The Healthcare Identifiers Act 2010
- Personally Controlled Electronic Health Records Act 2012
- Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
New South Wales
- Privacy and Personal Information Protection Act 1998
- Health Records and Information Privacy Act 2002
- Freedom of Information Act 1989
- State Records Act 1998
- Criminal Records Act 1991
- Surveillance Devices Act 2007
- Workplace Surveillance Act 2005
- Telecommunications Act 1987
- Access to Neighbouring Land Act 2000
- Crimes Act 2000
Victoria
- Privacy and Data Protection Act 2014
- Health Records Act 2001
- The Charter of Human Rights and Responsibilities Act 2006
- Freedom of Information Act 1982
- Public Records Act 1973
- Surveillance Devices Act 1999
- Telecommunications Act 1988
Queensland
- Human Rights Act 2019
- Public Interest Disclosure Act 2010
- Information Privacy Act 2009
- Right to Information Act 2009
- Public Records Act 2002
- Police Powers and Responsibilities Act 2000
- Criminal Law Act 1986
- Invasion of Privacy Act 1971
- Private Employment Agents Regulation 2005
South Australia
- Freedom of Information Act 1991
- State Records Act 1997
- Listening and Surveillance Devices Act 1972
- Telecommunications Act 1988
Western Australia
- Freedom of Information Act 1992
- Health Services Act 1995
- State Records Act 2000
- Spent Convictions Act 1988
- Surveillance Devices Act 1998
- Telecommunications Western Australia Act 1996
Tasmania
- Personal Information Protection Act 2004
- Right to Information Act 2009
- Archives Act 1983
- Annulled Convictions Act 2003
- Listening Devices Act 1991
- Telecommunications Tasmania Act 1999
Northern Territory
- Information Act 2002
- Criminal Records Act 1992
- Surveillance Devices Act 2007
- Telecommunications Northern Territory Act 2001
Australian Capital Territory
- Privacy Act 1988
- Australian Capital Territory Government Service Act 1994
- Health Records Act 1997
- Human Rights Act 2004
- Freedom of Information Act 1989
- Territory Records Act 2002
- Spent Convictions Act 2000
- Listening Devices Act 1992
Government agencies administering privacy laws
- Australian Government:
- *
- New South Wales:
- *
- Victoria:
- *
- *
- *
- Queensland:
- *
- *
- South Australia:
- *
- *
- Western Australia:
- *
- *
- Tasmania:
- *
- *
- Australian Capital Territory:
- *
- Northern Territory:
- *
Other Government websites and publications
- Australian Parliamentary Library
- , Australian Parliamentary Library
- has had two references concerning privacy law in Australia:
- landing page for the 2006 privacy reference.