Key Update: Australia’s statutory tort for serious invasions of privacy took effect on 10 June 2025, creating new legal risks for organisations and enhanced rights for individuals.
What It Covers
The new law allows individuals to take legal action against organisations for privacy invasions in two key areas:
Physical intrusion into private spaces (e.g., unauthorised surveillance)
Information misuse where individuals had reasonable privacy expectations
This extends beyond traditional Privacy Act coverage, potentially affecting any organisation, not just those bound by Australian Privacy Principles.
Legal Requirements
To succeed, claimants must demonstrate that protecting their privacy serves the public interest more than any competing interests. However, organisations have defences including consent, lawful authority, and specific exemptions for law enforcement and journalists in certain circumstances.
Critical Timeframes
Legal action must commence within strict deadlines:
Adults: Earlier of 1 year from becoming aware of the breach OR 3 years from when it occurred
Minors: Before their 21st birthdayPotential Consequences
Courts can order various remedies including financial damages, injunctions, or mandatory apologies.
Action Required: Review your workplace surveillance, data handling, and privacy policies. Consider seeking legal advice to ensure compliance with this expanded privacy framework.
https://www.oaic.gov.au/privacy/your-privacy-rights/more-privacy-rights/statutory-tort-for-serious-invasions-of-privacy