There are growing concerns in the community about privacy breaches involving remotely piloted aircrafts ("RPA"), commonly known as drones. RPA have the ability to intrude on a person's private activities intentionally, through deliberate surveillance, or unintentionally, in the course of other activities such as aerial photography, and search and rescue. The rapid improvement in drone technology has increasingly enabled RPA to become commercially available for use by private individuals. As a consequence, it has left Australia's current privacy regime inadequate to specifically deal with RPA. While there is yet to be any litigation involving RPA in Australia, it appears only a matter of time before the first case arises.
The main Australian statute dealing with privacy breaches is the Commonwealth Privacy Act 1988. While the Privacy Act applies to most Australian federal government agencies and most private organisations, it does not provide comprehensive privacy protection for Australians. The Privacy Act does not apply to a number of groups, including small businesses with an annual turnover of less than $3 million, political organisations, media organisations, and individual citizens acting in their personal, family or household affairs. Moreover, the Privacy Act would be considerably ineffective against invasive use of RPA because it focuses on data protection rather than behavioural privacy protection.
The Commonwealth Surveillance Devices Act 2004 regulates the lawful use of surveillance devices by Federal law enforcement agencies. However, the prohibitions on the use of surveillance devices are left to the relevant State and Territory statutes. It is conceivable that RPA could fall within the scope of the Commonwealth Surveillance Devices Act under the definitions of 'optical surveillance device' or 'listening device'. However, this statute was written without consideration to the capabilities of modern mobile surveillance devices. Consequently, applying the statute to such cases may be encumbered by the unique characteristics of drones. Moreover, the statute does not redress privacy breaches by ordinary citizens.
In Western Australia, the Surveillance Devices Act 1998 prohibits the use of listening and optical surveillance devices by a person to monitor or record someone engaged in private activity. Although this statute was introduced to, among other things, provide protection from child abuse and voyeurism, it may nonetheless provide some protection against invasive RPA use. Unlike some other surveillance statutes from other jurisdictions, the WA Surveillance Devices Act makes exception for the inadvertent recording of private behaviour that may occur incidentally by the lawful use of RPA, such as aerial photography. As a result,a person cannot be penalised for the operation of an RPA resulting in the unintentional monitoring or recording of a private activity.
Outside the statutory regime, there are a number of common law torts that may redress invasions of privacy. For example, trespass, nuisance or breach of confidence may, depending on the circumstances, be available for causes of action against intruding RPA operators. However, these torts are untested in RPA scenarios and, in any case, are unlikely to provide reliable protection because the respective legal principles emerged well before the development of drone technology.
In July 2014, the House of Representatives Standing Committee on Social Policy and Legal Affairs issued a report urging the Australian government to update Australia's privacy law to keep up to date with the proliferation of RPA. Among the committee's recommendations is to introduce new legislation to protect citizens against privacy-invasive technologies, including RPA. Specifically, the committee proposes the creation of a tort of serious invasion of privacy to address some of the gaps and limitations in Australia's existing privacy law. Whatever the solution, it is clear that legislative reform is required in the not too distant future to confront the privacy concerns associated with RPA.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.