29 August, 2019
The High Court of Australia has indicated that there is scope for the development and recognition of a tort of privacy to protect confidential information that is released into the public domain as a result of illegal hacking.
What you need to know
- On 14 August 2019, the High Court handed down its decision in Glencore International AG v Commissioner of Taxation [2019] HCA 26.
- The High Court has indicated that there is scope for the development and recognition of a tort of privacy to protect confidential information that is released into the public domain including as a result of illegal hacking or other activities.
- This development may encourage actions against corporations, media organisations and social media.
- In a unanimous judgment, the High Court dismissed proceedings by companies within the global Glencore group seeking an injunction to restrain the Australian Taxation Office from making use of any documents subject to legal professional privilege.
- The effect of the High Court's decision is that if your privileged documents become public, for example because of being illegally hacked, you may be unable to recover them or prevent third parties using them. You may still, however, be able to bring an action to prevent their misuse or disclosure by anyone who obtained or was proposing to disclose the documents in breach of confidence.
- The privileged documents obtained by the ATO were amongst the "Paradise Papers", a cache of over 13 million confidential electronic documents relating to offshore investments, leaked to the International Consortium of Investigative Journalists.
- The High Court held that legal professional privilege is not an actionable legal right capable of sounding in injunctive relief. The privilege is only an immunity from the exercise of powers that would otherwise compel the disclosure of privileged communications.
Background
The Paradise Papers and the issue before the High Court
In late 2017, the Paradise Papers, a cache of over 13 million confidential electronic documents relating to offshore investments, was leaked to the International Consortium of Investigative Journalists.
The leaked material included documents relating to Glencore, amongst which was, relevantly, advice from Appleby, the Bermudan law firm whose documents were stolen. That advice related to a restructure of four Australian companies within the Glencore group in a transaction called “Project Everest”.
In subsequent meetings with Glencore, the ATO indicated that it was in possession of the documents and that it was seeking to identify possible Australian links to tax avoidance.
Glencore commenced proceedings in the original jurisdiction of the High Court, seeking an injunction to restrain the ATO's use of the documents, and orders requiring the ATO to return the documents in its possession.
The Association of Corporate Counsel was granted leave to appear as amicus curiae at the hearing to make submissions in support of Glencore. The ACC sought to rely upon what it contended were important matters of public policy in support of extending the scope of legal professional privilege. In particular, the ACC submitted that, in a world where law firms, corporations and governments are increasingly the target for sophisticated cyber-attacks, Australia is potentially at risk of becoming an attractive place for hackers to access and leak stolen privileged documents. This could in turn lead to the blackmailing of companies, and threats that the documents would be released to executive agencies unless the hackers' demands were met.
LPP is a common law immunity
In a unanimous judgment, the High Court dismissed Glencore's proceeding, refusing the injunctive relief sought.
At the heart of Glencore's case was the proposition that, while legal professional privilege has long been recognised as a fundamental common law right, the law is yet to, but should, recognise a complete set of remedies to protect that right.
The High Court rejected Glencore's submissions, holding that Glencore's argument rested fundamentally upon the false premise that because legal professional privilege is a legal right which is capable of being enforced it may also found a cause of action. Consistently with the decision in Daniels Corporation v ACCC (2002) 213 CLR 543, the High Court reaffirmed that privilege is only available as an immunity from the exercise of powers to compel the disclosure of privileged communications (as opposed to the foundation for a cause of action).
In response to Glencore's submissions concerning the need for the scope of privilege to reflect the policy of the law upon which it is based, the High Court held that the purpose of the law in providing an immunity, was to enhance the administration of justice. By way of contrast, the law was not concerned with furthering a client's personal interest in preventing the use which might be made by others of that client's communications if they were obtained through proper channels.
Mind the Gap – Legal Remedies for illegal hacking
In finding that legal professional privilege could only be used as a shield against the disclosure of privileged communications, the High Court observed that, on the present state of the law, once privileged communications have been disclosed, the affected party could resort to equity and the doctrine of breach of confidence if it wished to restrain the use of that material.
However, in circumstances where the privileged information had already been widely released into the public domain, the High Court noted that the requirements for such equitable relief may be difficult to meet. The High Court noted that Glencore had not sought relief based on the doctrine of breach of confidence and consequently it had it made no allegation concerning the defendants' conduct or knowledge.
Therefore the High Court declined to give further consideration to this potential gap in the law (because they were not in possession of all of the relevant facts). The Court did, however, offer an indication of the areas of law which might be developed in order to provide an appropriate remedy, stating:
The plaintiffs do not seek an injunction on the ground of confidentiality. They do not seek to expand any area of the law such as any tort of unjustified invasion of privacy.
…
The plaintiffs' case for the grant of relief on a basis other than confidentiality is simply this: that any furtherance of the public interest which supports the privilege is sufficient to warrant the creation of a new, actionable right respecting privileged documents. This is not how the common law develops. The law develops by applying settled principles to new circumstances, by reasoning from settled principles to new conclusions, or determining that a category is not closed. Even then the law as developed must cohere with the body of law to which it relates.
…
In the absence of further facts it is not possible to say whether the plaintiffs are without any possibility of a remedy. But if there is a gap in the law, legal professional privilege is not the area which might be developed in order to provide the remedy sought.
In reaching this conclusion, the High Court cited, inter alia, the case of Wee Shuo Woon v HT SRL [2017] 2 SLR 94. In that case, the Singapore Court of Appeal applied and extended the existing jurisprudence on breach of confidence actions in order to determine that confidentiality was not lost over legally privileged documents that were released to the public via WikiLeaks following a cyberattack. The Court of Appeal further noted that, in such cases, the court's equitable jurisdiction to restrain a breach of confidence by way of injunction could be invoked.
A tort of unjustified invasion of privacy?
A tort of unjustified invasion of privacy already exists in several common law jurisdictions, including New Zealand. The recognition of such a tort in Australia was first considered in Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd (2001) 208 CLR 199 (Lenah).
In Lenah, the High Court dismissed the respondents request for an injunction to prevent the ABC from broadcasting footage of its possum slaughtering process that was obtained unlawfully by activists, on the basis that there was no cause of action to justify the grant of injunctive relief.
In the High Court's decision, Justices Gummow, Hayne and Callinan all recognised that the time for the development of such a tort was "ripe", but noted that any such development should be limited to protect the privacy of individuals and not the interests of a corporation.
The High Court's decision in Glencore comes only weeks after the ACCC released its final report on the Digital Platforms Inquiry, which recommended the introduction of a statutory tort for serious invasions of privacy. However, as in Lenah, the introduction of such a tort appears to be limited to the protection of individuals and not corporations.
Implications
In circumstances where the equitable doctrine of breach of confidence may currently be inadequate to restrain the misuse of confidential information that has already become part of the public domain, the High Court has again suggested that there may be scope to develop the doctrine and or recognise a tort of unjustified invasion of privacy. Whilst the former is the most likely route for bridging the gap, it remains to be seen how and when their invitation will be accepted.
Absent any statutory intervention, the development of the law in this area will serve the needs of corporations and governments that are increasingly the target of sophisticated cyberattacks, and who may find themselves without an adequate legal remedy in circumstances where confidential materials are released to the public en masse.
It is also likely that media and social media organisations will be the target for actions based on an unjustified invasion of privacy as the disclosure of such information usually occurs on those platforms.
The expansion of the applicable legal principles may minimise the potential for Australia to become an attractive place for hackers to access and leak stolen privileged documents and bring Australian law into alignment with comparable common law jurisdictions.
The Dispute Resolution team authored an article about this case and decision, titled "High Court holds that legal professional privilege may not found a cause of action" which considers the implications of the High Court's decision for clients and how privileged communications which have been disclosed, may be protected.
For further information, please contact:
Robert Todd, Partner, Ashurst
robert.todd@ashurst.com
