'A New Compact for Sexual Privacy' by Danielle Keats Citron in (2020)
William and Mary Law Review comments
Intimate life is under constant surveillance. Firms track people’s periods, hot flashes, abortions, sexual assaults, sex toy use, sexual fantasies, and nude photos. Individuals hardly appreciate the extent of the monitoring, and even if they did, little can be done to curtail it. What is big business for firms is a big risk for individuals. Corporate intimate surveillance undermines sexual privacy—the social norms that manage access to, and information about, human bodies, sex, sexuality, gender, and sexual and reproductive health. At stake is sexual autonomy, self-expression, dignity, intimacy, and equality. So are people’s jobs, housing, insurance, and other life opportunities. Women and minorities shoulder a disproportionate amount of that burden. Privacy law is failing us. Not only is the private-sector’s handling of intimate information largely unrestrained by American consumer protection law, but it is treated as inevitable and valuable. This Article offers a new compact for sexual privacy. It draws upon the lessons of civil rights law in moving beyond procedural protections and in authorizing injunctive relief. Reform efforts should focus on stemming the tidal wave of collection, restricting uses of intimate data, and expanding the remedies available in court to include orders to stop processing intimate data.
The much awaited report by the Queensland Law Reform Commission on
Review of Queensland’s laws relating to civil surveillance and the protection of privacy in the context of current and emerging technologies states
[1] The Commission was asked to recommend whether Queensland should consider legislation to appropriately protect the privacy of individuals in the context of civil surveillance technologies.
[2] Over time, surveillance device technologies have become increasingly sophisticated, accessible and affordable. Different surveillance devices capture different types of information, and may be used for different purposes. Whatever the purpose of their use, surveillance devices have the potential to impact on individual privacy.
[3] In Queensland, there is limited regulation of the use of surveillance devices. The Invasion of Privacy Act 1971 regulates the use of a listening device to overhear, listen to, monitor or record private conversations, and the communication or publication of information obtained from such use. However, it does not extend to other types of surveillance devices. In contrast, in most other Australian jurisdictions, surveillance devices legislation regulates the use of listening devices, optical surveillance devices, tracking devices and, in some jurisdictions, data surveillance devices.
[4] In addition, surveillance devices legislation in Queensland and other jurisdictions does not provide a civil response to an unjustified interference with an individual’s privacy caused by the use of a surveillance device.
[5] Other general laws, including information privacy legislation, the criminal law and some civil causes of action, offer only piecemeal and limited protection for the privacy of individuals in this context.
THE COMMISSION’S APPROACH
[6] In view of the gaps and uncertainties in the current laws in Queensland that regulate the use of surveillance devices, there is a need for a more comprehensive legislative response to appropriately protect the privacy of individuals in relation to the use of surveillance devices in civil society.
[7] The Commission therefore recommends that the Invasion of Privacy Act 1971 be repealed and replaced by new legislation which implements the Commission’s recommendations in the form of the draft Surveillance Devices Bill 2020 (the ‘draft Bill’) in Appendix F.
[8] In developing its recommendations for the draft Bill, the Commission has been informed by a number of principles and considerations, including:
• the importance of community expectations;
• the need to balance the protection of an individual’s privacy and the justified use of surveillance devices;
• the importance of consent as an authorising concept:
− if there is consent, the use of a surveillance device, or the communication or publication of information obtained from the use of a surveillance device, should be lawful;
− in the absence of consent, the use, communication or publication should be unlawful unless an exception applies;
• that objective standards should form the basis for the justified use of surveillance devices in the absence of consent;
• that the regulation of surveillance devices should be practical, and include:
− a criminal law response where the seriousness of a person’s conduct in using a surveillance device justifies the intervention of the State in imposing criminal sanctions; and
− a civil law response to promote the responsible use of surveillance devices in everyday contexts and to empower individuals whose privacy is affected to seek civil redress in appropriate circumstances;
• the desirability of reasonable consistency with surveillance devices legislation in other Australian jurisdictions; and
• that the operation of other laws regulating the use of surveillance devices should not be affected.
[9] The Commission also recognises that surveillance devices legislation may overlap with but has a different focus from legislation that regulates information privacy and data protection.
[10] An overview of the Commission’s principal recommendations and corresponding provisions of the draft Bill is set out below.
THE SCOPE AND PURPOSE OF THE DRAFT BILL
[11] The main purpose of the draft Bill is to provide for an individual’s privacy to be protected from unjustified interference from the use, or the communication or publication of information obtained from the use, of surveillance devices (cl 2(1)).
[12] Consistently with the surveillance devices legislation in other Australian jurisdictions, the draft Bill adopts a ‘recognised categories’ approach to regulating surveillance devices. This approach takes into account that different types of devices give rise to different privacy concerns and considerations.
[13] For the purposes of the draft Bill, a ‘surveillance device’ is defined as a listening device, an optical surveillance device, a tracking device, a data surveillance device or a device that is a combination of two or more of those devices (cl 6).
CRIMINAL PROHIBITIONS
The use prohibitions
[14] The draft Bill contains four prohibitions on the use of a surveillance device (‘the use prohibitions’). Specifically, it provides that a person must not use, install or maintain:
• a listening device to listen to, monitor or record a private conversation, without the consent of each party to the conversation (cl 18);
• an optical surveillance device to observe, monitor or visually record a private activity, without the consent of each party to the activity (cl 19);
• a tracking device to find, monitor or record the geographical location of:
− an individual, without the consent of the individual (cl 20(1)); or
− a vehicle or other thing, without the consent of each person who owns, or is in lawful control of, the vehicle or thing (cl 20(2)); or
• a data surveillance device to access, monitor or record information that is input into, output from or stored in a computer, without the consent of each person who owns, or is in lawful control of, the computer (cl 21).
[15] There are exceptions to the use prohibitions. It is not an offence for a person to use, install or maintain a surveillance device if:
• use of the device is reasonably necessary to protect the lawful interests of that person, or of another person who has authorised the person to use the surveillance device on their behalf (cl 22);
• use of the device is reasonably necessary in the public interest (cl 23);
• it is to obtain evidence of, or information about, a serious threat to the life, health safety or wellbeing of an individual, or a serious threat of substantial damage to property, if the person believes, on reasonable grounds, it is necessary for the device to be used immediately to obtain the evidence or information (cl 24); or
• the use, installation or maintenance is authorised under another Act of the State or an Act of the Commonwealth, or in circumstances prescribed by regulation (cl 26).
[16] There is an additional exception for the use of a surveillance device to locate a lost or stolen vehicle or other thing (cl 25).
[17] In contrast to the Invasion of Privacy Act 1971, the draft Bill does not generally permit participant monitoring; in the absence of consent, the use of surveillance device should be unlawful unless an exception (for a specific purpose which justifies the use) applies.
The communication or publication prohibitions
[18] The draft Bill contains three prohibitions on the communication or publication of information obtained from the use of a surveillance device (‘the communication or publication prohibitions’).
[19] Specifically, it prohibits a person from communicating or publishing surveillance information about:
• a private conversation or a private activity if the person knows, or ought reasonably to know, the information is surveillance information, and the person does not have the consent of each party to the conversation or activity to communicate or publish the information (cl 28);
• the geographical location of an individual, a vehicle or another thing if the person knows, or ought reasonably to know, the information is surveillance information, and the person does not have the consent of the following person or persons to communicate or publish the information:
− for information about the location of an individual—that individual;
− for information about the location of a vehicle or other thing—each person who owns, or is in lawful control of, the vehicle or thing (cl 29); or
• information that is input into, output from or stored in a computer, if the person knows, or ought reasonably to know, the information is surveillance information, and the person does not have the consent of each person who owns, or is in lawful control of, the computer to communicate or publish the information (cl 30).
[19] There are exceptions to the communication or publication prohibitions. It is not an offence for a person to communicate or publish surveillance information if the communication or publication is:
• in a legal proceeding (cl 31(1)(a));
• reasonably necessary to protect the lawful interests of the person, or of another person who has authorised the person to communicate or publish the information on their behalf (cl 31(1)(b));
• reasonably necessary in the public interest (cl 31(1)(c));
• reasonably necessary to lessen or prevent a serious threat to the life, health, safety or wellbeing of an individual, or of substantial damage to property (cl 31(1)(d)); or
• authorised under another Act of the State or an Act of the Commonwealth, or
in circumstances prescribed by regulation (cl 31(1)(e), (f)).
[20] In addition, a person does not contravene the communication or publication prohibitions if the use of a surveillance device to obtain the surveillance information the subject of the communication or publication was authorised under another Act (cl 31(2)).
[21] The maximum penalty for a contravention of the use prohibitions or the communication or publication prohibitions is 60 penalty units ($8007) or three years imprisonment.
Prohibition on possessing surveillance information
[22] The draft Bill also makes it an offence for a person, without the consent of each relevant person, to possess information that the person knows is surveillance information obtained in contravention of a use prohibition (cl 27(1)).
[23] This offence does not apply if the person possesses the information in relation to proceedings for an offence against the draft Bill, or because the information was communicated to the person or published in a way that does not contravene the draft Bill (cl 27(2)). The maximum penalty for a contravention of the prohibition on possessing surveillance information is 20 penalty units ($2669) or one year’s imprisonment.
Ancillary orders relating to the criminal prohibitions
[24] The court is empowered to make ancillary orders relating to proceedings for a contravention of the criminal prohibitions:
• in a proceeding for an offence against Part 2 of the legislation, the court may, at any time during the proceeding and if it considers it necessary in the interests of justice, make an order prohibiting the publication of evidence before the court, other than in the way and to the persons stated in the order (cl 32);
• if a person is convicted of an offence against the legislation, the court may order that:
− a surveillance device used in connection with the commission of the offence, or a document, device or other thing that contains or stores related information (that is, information to which the offence relates, or obtained using a surveillance device to which the offence relates) is forfeited to the State; or
− related information be destroyed (cl 33).
GENERAL OBLIGATIONS NOT TO INTERFERE WITH SURVEILLANCE
PRIVACY OF INDIVIDUALS
[25] To address situations where a person’s conduct interferes with an individual’s surveillance privacy, the draft Bill imposes a general obligation on a user of a surveillance device not to use the device in a way that interferes with an individual’s surveillance privacy (where the individual has a reasonable expectation of surveillance privacy and has not consented to such use) (cl 36). A similar general obligation applies in relation to the communication or publication of surveillance information (cl 37).
In this context, ‘surveillance privacy’, of an individual, means:
in relation to a particular use of a surveillance device—the individual is not the subject of surveillance from that use of a surveillance device; or
in relation to surveillance information obtained when the individual was the subject of surveillance—the surveillance information is not communicated or published (cl 34).
[26] A 'reasonable expectation' of surveillance privacy for an individual means that the individual is reasonably entitled to expect surveillance privacy in relation to a particular use of a surveillance device, or in relation to surveillance information obtained when the individual was the subject of surveillance (cl 34). Only those expectations that are reasonable in the circumstances will fall within the scope of the general obligations.
[28] The matters that are relevant for deciding whether an individual has a reasonable expectation of surveillance privacy include, but are not limited to:
• the individual’s location when the surveillance device is used;
• the subject matter of the use, or of the surveillance information;
• the type of device used;
• the nature and purpose of the use, communication or publication;
• the nature and extent of any notice given about the use;
• whether the individual has an opportunity to avoid the surveillance; and
• the individual’s attributes and conduct (cl 35).
[29] There are exceptions to the general obligation provisions. A person does not contravene a general obligation if the use, communication or publication is:
• authorised or required by law, or by an order or process of a court or tribunal;
• incidental to, and reasonably necessary for, the exercise of a lawful right to defend a person or property, including to prosecute or defend a civil or criminal proceeding; or
• reasonably necessary in the public interest and the relevant public interest outweighs the interference with the individual’s surveillance privacy (cl 38).
CIVIL COMPLAINTS PROCESS AND REMEDIES
[30] The draft Bill provides a civil mechanism for the resolution of a complaint about an alleged contravention of a general obligation made by or for an individual who is the subject of the alleged contravention (a ‘surveillance device complaint’) (cl 39).
[31] The Commission recommends a three-stage approach for the resolution of a surveillance device complaint (cll 39–65):
• a complaint may be made to the Surveillance Devices Commissioner (established under the legislation) for mediation;
• an unresolved complaint may be referred to QCAT for hearing and decision; and,
• if appropriate, QCAT may order remedial relief (including an order that the respondent must not repeat or continue a stated act or practice, or must compensate the complainant for loss or damage suffered because of the respondent’s act or practice by engaging in a stated act or practice or paying an amount of not more than $100 000).
[32] These provisions have been generally modelled on the mechanism for resolving privacy complaints under the Information Privacy Act 2009, with appropriate modifications.
A NEW REGULATOR
[33] The Commission recommends the establishment of a new independent regulator—the Surveillance Devices Commissioner—and a Surveillance Devices Commission.
[34] In addition to dealing with surveillance device complaints, the Surveillance Devices Commissioner will provide an avenue for education, expert advice and monitoring and best practice guidance to promote community understanding and encourage compliance with the legislation.
[35] Accordingly, the Surveillance Devices Commissioner’s functions include:
• receiving surveillance device complaints and dealing with them under the
legislation (cl 72);
• providing guidance (including, promoting understanding of and compliance with the general obligations and the operation of the legislation, and providing best practice for the use of surveillance devices and the communication or publication of surveillance information, in a way that respects individuals’ privacy) (cl 73);
• undertaking research, providing advice and monitoring particular matters, including research about whether the legislation is achieving its purpose, how surveillance devices and surveillance device technologies are used in civil society and developments in surveillance device technology, and identifying and commenting on any issues arising in relation to those matters (cl 74);
•
examining the practices of relevant entities (including local and State government agencies and other entities performing functions of a public nature, and private sector organisations or individuals who regularly or routinely use or publish information from surveillance devices) to monitor their compliance with the legislation (cl 75).
[36] The Commission also recommends reporting requirements relating to theSurveillance Device Commissioner’s functions to ensure transparency, integrity and accountability (cll 84–85).
PROTECTIONS AND OFFENCES
[37] To ensure the effective operation of the Surveillance Devices Commissioner’s functions, the Commission recommends a small number of standard protective provisions (including protection from civil liability) and offences relating to the actions of and dealings with the Surveillance Devices Commissioner (cll 88–92).
GENERAL MATTERS
[38] The Commission recommends that the Minister be required to complete a review of the effectiveness of the legislation within 5 years after its commencement. The review must consider:
• whether the legislation is achieving its purpose;
• how surveillance devices and surveillance device technologies are used in
civil society;
• developments in surveillance device technology; and
• whether the legislation should be amended to provide for new types of surveillance devices or new uses of surveillance devices and surveillance devices technologies in civil society (cl 95).
The Commission's recommendations are
CHAPTER 3: A NEW APPROACH TO REGULATING THE USE OF SURVEILLANCE DEVICES
3-1 The Invasion of Privacy Act 1971 should be repealed, and replaced by new legislation which implements the Commission’s recommendations in the form of the draft Bill.
[See Surveillance Devices Bill 2020 cl 96]
CHAPTER 4: PRELIMINARY MATTERS
Application of the Act
4-1 The draft Bill should provide that the legislation binds all persons, including the State. The provision should also make it clear that the State cannot be prosecuted for an offence against the legislation.
[See Surveillance Devices Bill 2020 cl 3]
4-2 The draft Bill should not affect—
(a) the operation of the Information Privacy Act 2009; or
(b) the operation of another law regulating the use of surveillance devices.
[See Surveillance Devices Bill 2020 cl 4(a), (b)]
Definition of ‘surveillance device’ and related definitions
4-3 The draft Bill should define ‘surveillance device’ as:
(a) a listening device, an optical surveillance device, a tracking device, a data surveillance device; or
(b) a device that is a combination of any two or more of those devices.
[See Surveillance Devices Bill 2020 cl 6]
4-4 The draft Bill should define ‘listening device’ as a device that is capable of being used to listen to, monitor or record words spoken to, or by, an individual in a conversation. However, it should expressly exclude a hearing aid or a similar device used by an individual with impaired hearing.
[See Surveillance Devices Bill 2020 cl 7]
4-5 The draft Bill should define ‘optical surveillance device’ as a device capable of being used to observe, monitor or visually record an activity. However, it should expressly exclude spectacles, contact lenses or a similar device used by an individual with impaired vision.
[See Surveillance Devices Bill 2020 cl 8]
4-6 The draft Bill should define ‘tracking device’ as a device capable of being used to find, monitor or record the geographical location of an individual, vehicle or other thing.
[See Surveillance Devices Bill 2020 cl 9]
4-7 The draft Bill should define ‘data surveillance device’ as a device or program capable of being used to access, monitor or record information that is input into, output from, or stored in a computer.
[See Surveillance Devices Bill 2020 cl 10]
4-8 The draft Bill should define ‘computer’ as an electronic device for storing and processing information.
[See Surveillance Devices Bill 2020 sch 1 (definition of ‘computer’)]
4-9 The draft Bill should define ‘surveillance information’ as information obtained, directly or indirectly, using a surveillance device.
[See Surveillance Devices Bill 2020 cl 14]
4-10 The draft Bill should define ‘information’ to include:
(a) a record in any form; and
(b) a document.
[See Surveillance Devices Bill 2020 sch 1 (definition of ‘information’)]
Definition of consent
4-11 The draft Bill should define ‘consent’ as express or implied consent.
[See Surveillance Devices Bill 2020 sch 1 (definition of ‘consent’)]
CHAPTER 5: CRIMINAL PROHIBITIONS ON THE USE OF SURVEILLANCE DEVICES
Definitions
5-1 The draft Bill should define ‘private conversation’ as:
(a) Words spoken by an individual are a private conversation if the words are spoken in circumstances that may reasonably be taken to indicate that—
(i) for words not spoken to anyone else—the individual does not want anyone else to listen to the words; or
(ii) for words spoken to another individual, or other individuals—the individual, or at least one of the individuals to whom the words are spoken, does not want the words to be listened to by anyone other than—
(A) the individual speaking the words; and
(B) the individuals to whom the words are spoken; and
(C) any other individual who has the consent of all of the individuals mentioned in subparagraphs (A) and (B).
(b) However, a private conversation does not include words spoken by an individual in circumstances in which the individual, and all of the individuals to whom the words are spoken, ought reasonably to expect that someone else may listen to, monitor or record the words.
[See Surveillance Devices Bill 2020 cl 11]
5-2 The draft Bill should define ‘private activity’ as:
(a) An activity is a private activity if it is carried out in circumstances that may reasonably be taken to indicate that—
(i) for an activity carried out by one individual—the individual does not want anyone else to observe the activity; or
(ii) for an activity carried out by two or more individuals—at least one of the individuals does not want the activity to be observed by anyone other than—
(A) the individuals carrying out the activity; and
(B) any other individual who has the consent of all of the individuals carrying out the activity.
(b) However, a private activity does not include an activity carried out by one or more individuals in circumstances in which all of the individuals carrying out the activity ought reasonably to expect that someone else may observe, monitor or visually record the activity.
[See Surveillance Devices Bill 2020 cl 12]
5-3 The draft Bill should define ‘party’ as:
(a) Each of the following is a party to a private conversation—
(i) an individual who speaks, or is spoken to, during the conversation;
(ii) an individual who listens to the conversation with the consent of all of the individuals mentioned in paragraph (i).
(b) Each of the following is a party to a private activity—
(i) an individual carrying out the activity;
(ii) an individual who observes the activity with the consent of all of the individuals mentioned in paragraph (i).
[See Surveillance Devices Bill 2020 cl 13]
5-4 The draft Bill should explain that, in the legislation, a reference to installing a surveillance device includes doing anything to, or in relation to, a device to enable it to be used as a surveillance device.
[See Surveillance Devices Bill 2020 cl 15]
5-5 The draft Bill should define ‘maintain’, in relation to a surveillance device, to include:
(a) adjust, relocate, repair or service the device; and
(b) replace a faulty device.
[See Surveillance Devices Bill 2020 sch 1 (definition of ‘maintain’)]
5-6 The draft Bill should explain that a reference to a person who owns a vehicle, computer or other thing does not include a person (an ‘excluded owner’) who owns the vehicle, computer or other thing if:
(a) another person has the use or control of the vehicle, computer or other thing under a credit agreement, hiring agreement, hire-purchase agreement, leasing agreement or another similar agreement; and
(b) under the agreement, the excluded owner is not entitled to immediate possession of the vehicle, computer or other thing.
[See Surveillance Devices Bill 2020 cl 16]
Prohibitions on the use, installation or maintenance of surveillance devices
5-7 The draft Bill provide that a person must not use, install or maintain a listening device to listen to, monitor or record a private conversation without the consent of each party to the conversation.
[See Surveillance Devices Bill 2020 cl 18]
5-8 The draft Bill should provide that a person must not use, install or maintain an optical surveillance device to observe, monitor or visually record a private activity without the consent of each party to the activity.
[See Surveillance Devices Bill 2020 cl 19]
5-9 The draft Bill should provide that a person must not use, install or maintain a tracking device to find, monitor or record the geographical location of:
(a) an individual without the consent of the individual; or
(b) a vehicle or other thing without the consent of each person who owns, or is in lawful control of, the vehicle or thing.
[See Surveillance Devices Bill 2020 cl 20]
5-10 The draft Bill should provide that a person must not use, install or maintain a data surveillance device to access, monitor or record information that is input into, output from or stored in a computer without the consent of each person who owns, or is in lawful control of, the computer.
[See Surveillance Devices Bill 2020 cl 21]
5-11 The draft Bill should provide that a person who contravenes a prohibition in Recommendations 5-7 to 5-10 commits an offence, which is punishable by a maximum penalty of 60 penalty units or three years imprisonment.
[See Surveillance Devices Bill 2020 cll 18, 19, 20, 21]
Exceptions to the prohibitions on the use, installation or maintenance of surveillance devices
5-12 The draft Bill should provide that a person who uses, installs or maintains a surveillance device does not commit an offence against the prohibitions in Recommendations 5-7 to 5-10 if use of the device is reasonably necessary to protect the lawful interests of:
(a) the person; or
(b) if another person has authorised the person to use the surveillance device on the other person’s behalf—the other person.
[See Surveillance Devices Bill 2020 cl 22]
5-13 The draft Bill should provide that a person who uses, installs or maintains a surveillance device does not commit an offence against the prohibitions in Recommendations 5-7 to 5-10 if use of the device is reasonably necessary in the public interest.
[See Surveillance Devices Bill 2020 cl 23(1)]
5-14 For the purposes of Recommendation 5-13, in deciding whether the use of a surveillance device is reasonably necessary in the public interest, a court must consider the following matters as they existed when the person used, installed or maintained the device:
(a) the subject matter of the use of the device;
(b) the information that the person reasonably expected would be obtained from the use of the device;
(c) the purpose for which the person intended to use information that the person reasonably expected would be obtained from the use of the device;
(d) the nature of the public interest that arose in the circumstances;
(e) whether the public interest could have been served in another reasonable way;
(f) the extent to which the use, installation or maintenance of the device affected, or was likely to affect, the privacy of an individual;
(g) whether, on balance in the circumstances, the public interest justified the interference with the privacy of an individual.
[See Surveillance Devices Bill 2020 cl 23(2)]
5-15 The draft Bill should provide that a person who uses, installs or maintains a surveillance device to obtain evidence of, or information about, a serious threat does not commit an offence against the prohibitions in Recommendations 5-7 to 5-10 if the person believes, on reasonable grounds, it is necessary for the device to be used immediately to obtain the evidence or information.
[See Surveillance Devices Bill 2020 cl 24(1)]
5-16 For the purposes of Recommendation 5-15, the draft Bill should define the term ‘serious threat’ to mean:
(a) a serious threat to the life, health, safety or wellbeing of an individual; or
(b) a serious threat of substantial damage to property.
[See Surveillance Devices Bill 2020 cl 24(2)]
5-17 The draft Bill should provide that a person who uses a surveillance device to locate a vehicle or other thing does not commit an offence against the prohibitions in Recommendations 5-7 to 5-10 if the person:
(a) is not in possession or control of the vehicle or thing; and
(b) believes, on reasonable grounds, that the vehicle or thing is lost or stolen; and
(c) is an owner of the vehicle or thing or, before the vehicle or thing was lost or stolen, was in lawful control of it.
[See Surveillance Devices Bill 2020 cl 25]
5-18 The draft Bill should provide that a person who uses, installs or maintains a surveillance device does not commit an offence against the prohibitions in Recommendations 5-7 to 5-10 if the use, installation or maintenance is:
(a) authorised under another Act of the State or an Act of the Commonwealth; or
(b) in circumstances prescribed by regulation.
[See Surveillance Devices Bill 2020 cl 26]
CHAPTER 6: CRIMINAL PROHIBITIONS ON THE COMMUNICATION OR PUBLICATION OF SURVEILLANCE INFORMATION
Communicating or publishing surveillance information
6-1 The draft Bill should provide that a person must not communicate or publish surveillance information about a private conversation or private activity if the person:
(a) knows, or ought reasonably to know, the information is surveillance information; and
(b) the person does not have the consent of each party to the conversation or activity to communicate or publish the information.
[See Surveillance Devices Bill 2020 cl 28]
6-2 The draft Bill should provide that a person must not communicate or publish surveillance information about the geographical location of an individual, a vehicle or another thing if the person:
(a) knows, or ought reasonably to know, the information is surveillance information; and
(b) the person does not have the consent of the following person or persons to communicate or publish the location:
(i) for information about the location of an individual—that individual;
(ii) for information about the location of the vehicle or other thing—each person who owns, or is in lawful control of, the vehicle or thing.
[See Surveillance Devices Bill 2020 cl 29]
6-3 The draft Bill should provide that a person must not communicate or publish surveillance information about information that is input into, output from or stored in a computer, if the person:
(a) knows, or ought reasonably to know, the information is surveillance information; and
(b) the person does not have the consent of each person who owns, or is in lawful control of, the computer to communicate or publish the information.
[See Surveillance Devices Bill 2020 cl 30]
6-4 The draft Bill should provide that a person who contravenes a prohibition in Recommendations 6-1 to 6-3 above commits an offence, which is punishable by a maximum penalty of 60 penalty units or three years imprisonment.
[See Surveillance Devices Bill 2020 cll 28, 29 and 30]
Exceptions to the communication or publication prohibitions
6-5 The draft Bill should provide that a person does not commit an offence against the prohibitions in Recommendations 6-1 to 6-3 above if the communication or publication of surveillance information is:
(a) in a legal proceeding; or
(b) reasonably necessary to protect the lawful interests of:
(i) the person who is making the communication or publication; or
(ii) another person who has authorised the person making the communication or publication to do so on their behalf; or
(c) reasonably necessary in the public interest; or
(d) reasonably necessary to lessen or prevent a serious threat:
(i) to the life, health, safety or wellbeing of an individual; or
(ii) of substantial damage to property; or
(e) authorised under another Act of the State or an Act of the Commonwealth; or
(f) in circumstances prescribed by regulation.
[See Surveillance Devices Bill 2020 cl 31(1)]
6-6 The draft Bill should provide that a person does not commit an offence against the prohibitions in Recommendations 6-1 to 6-3 above if the use of a surveillance device to obtain the surveillance information the subject of the communication or publication was authorised under another Act of the State or an Act of the Commonwealth.
[See Surveillance Devices Bill 2020 cl 31(2)]
6-7 The draft Bill should provide that, for deciding whether the communication or publication of surveillance information is ‘reasonably necessary in the public interest’ for Recommendation 6-5(c) above, a court must consider the following matters as they existed when the person communicated or published the information:
(a) the subject matter of the surveillance information;
(b) the scope of the communication or publication;
(c) the nature of the public interest that arose in the circumstances;
(d) whether the public interest could have been served in another reasonable way;
(e) the extent to which the communication or publication affected, or was likely to affect, the privacy of an individual; and
(f) whether, on balance in the circumstances, the public interest justified the interference with the privacy of an individual.
[See Surveillance Devices Bill 2020 cl 31(3)]
CHAPTER 7: ANCILLARY MATTERS
Possessing surveillance information
7-1 The draft Bill should provide that a person must not, without the consent of each relevant person, possess information that the person knows is surveillance information obtained in contravention of the use prohibitions in the legislation.
[See Surveillance Devices Bill 2020 cl 27(1)]
7-2 For the purposes of the offence in Recommendation 7-1 above, a ‘relevant person’, in relation to surveillance information, means—
(a) if the surveillance information is about a private conversation obtained using a listening device—each party to the conversation;
(b) if the surveillance information is about a private activity obtained using an optical surveillance device—each party to the activity;
(c) if the surveillance information is about the geographical location of an individual obtained using a tracking device—the individual;
(d) if the surveillance information is about the geographical location of a vehicle or other thing obtained using a tracking device—each person who owns, or is in lawful control of, the vehicle or thing; or
(e) if the surveillance information is about the information input into, output from or stored in a computer obtained using a data surveillance device—each person who owns, or is in lawful control of, the computer.
[See Surveillance Devices Bill 2020 cl 27(3)]
7-3 However, for the purposes of the offence in Recommendation 7-1 above, a person does not commit an offence if the person possesses the information:
(a) in relation to proceedings for an offence against the legislation; or
(b) because it was communicated to the person, or published, in a way that does not contravene the legislation.
[See Surveillance Devices Bill 2020 cl 27(2)]
7-4 The draft Bill should provide that the maximum penalty for the offence in Recommendation 7-1 above is 20 penalty units or one year’s imprisonment.
[See Surveillance Devices Bill 2020 cl 27(1)]
Admissibility of evidence obtained from the use of a surveillance device
7-5 The draft Bill should expressly state that it does not affect the power of a court to make a decision about the admissibility of information obtained using a surveillance device as evidence in a proceeding.
[See Surveillance Devices Bill 2020 cl 4(c)]
Non-publication orders
7-6 The draft Bill should provide that, in proceedings for an offence against Part 2 of the legislation (which deals with the criminal prohibitions), the court may, at any time during the proceeding and only if it considers it necessary in the interests of justice, make an order prohibiting the publication of evidence given before the court, other than in the way and to the persons stated in the order.
[See Surveillance Devices Bill 2020 cl 32(1)–(4)]
7-7 The draft Bill should provide that a person must not contravene an order made under the provision in Recommendation 7-6 above, unless the person has a reasonable excuse. The maximum penalty for such a contravention is 60 penalty units or three years imprisonment.
[See Surveillance Devices Bill 2020 cl 32(5)]
Forfeiture or destruction of surveillance device or information
7-8 The draft Bill should provide that:
(1) if a person is convicted of an offence against the legislation, the court before which the person is convicted may make an order that:
(a) a surveillance device used in connection with the commission of the offence is forfeited to the State;
(b) a document, device or other thing that contains related information, or on which related information is stored, is forfeited to the State; or
(c) related information be destroyed;
(2) before making an order for forfeiture or destruction, the court may require notice to be given to, and hear from, a person the court considers appropriate;
(3) the power to order forfeiture or destruction should apply whether or not the surveillance device, document, device or thing to be forfeited, or related information to be destroyed, has been seized;
(4) the court may also make any order that it considers appropriate to enforce the forfeiture;
(5) the provision in Recommendation 7-8(1) above does not limit the court’s powers under the Penalties and Sentences Act 1992, the Criminal Proceeds Confiscation Act 2002 or another law;
(6) when forfeited to the State, the surveillance device, document, device or thing becomes the State’s property and may be dealt with as directed by the chief executive.
[See Surveillance Devices Bill 2020 cl 33(1)–(6)]
7-9 For the purposes of Recommendation 7-8 above, ‘related information’, for an offence, should be defined to mean ‘information to which the offence relates, or obtained using a surveillance device to which the offence relates’.
[See Surveillance Devices Bill 2020 cl 33(7)]
CHAPTER 8: GENERAL OBLIGATIONS NOT IN INTERFERE WITH SURVEILLANCE PRIVACY OF INDIVIDUALS
General obligations not to interfere with surveillance privacy of individuals
8-1 The draft Bill should include civil provisions, separate from the criminal prohibitions in the legislation, that:
(a) impose obligations on the use of, or the communication or publication of information obtained from the use of, a surveillance device, within the meaning of the draft Bill, to avoid interference with an individual’s surveillance privacy; and
(b) form the basis for the complaints mechanism in Recommendations 9-1 to 9-32 below.
The civil provisions should have the features set out below.
[See Surveillance Devices Bill 2020 pts 3 and 4]
Statement and scope of the general obligations
8-2 The draft Bill should provide that, if an individual has a reasonable expectation of surveillance privacy:
(a) a person must not use a surveillance device in a way that interferes with the individual’s surveillance privacy; and
(b) a person must not communicate or publish the surveillance information in a way that interferes with the individual’s surveillance privacy.
[See Surveillance Devices Bill 2020 cll 36(1)–(2) and 37(1)–(2)]
8-3 However, a person does not contravene a general obligation in Recommendation 8-2 above if:
(a) the individual concerned has consented to the surveillance device being used in that way or, relevantly, to the communication or publication; or
(b) the person did not know, and ought not reasonably to have known, that the particular use of the surveillance device or, relevantly, the communication or publication would interfere with the individual’s surveillance privacy.
[See Surveillance Devices Bill 2020 cll 36(3) and 37(3)]
8-4 The draft Bill should provide that, for the purpose of this part of the draft Bill:
(a) ‘surveillance privacy’, of an individual, means:
(i) in relation to a particular use of a surveillance device—the individual is not the subject of surveillance from that use of a surveillance device; or
(ii) in relation to surveillance information obtained when the individual was the subject of surveillance—the surveillance information is not communicated or published; and
(b) ‘reasonable expectation’, of surveillance privacy for an individual, means the individual is reasonably entitled to expect surveillance privacy—
(i) in relation to a particular use of a surveillance device; or,
(ii) in relation to surveillance information obtained when the individual was the subject of surveillance.
[See Surveillance Devices Bill 2020 cl 34]
8-5 The draft Bill should provide that the matters that are relevant for deciding whether an individual has a reasonable expectation of surveillance privacy include (but are not limited to) the following:
(a) the individual’s location when the surveillance device is used;
(b) the subject matter of the use, or of the surveillance information, including whether it is of an intimate, familial, health-related or financial nature;
(c) the type of device used;
(d) the nature and purpose of the use, communication or publication, including:
(i) the extent to which the use, communication or publication targets the individual;
(ii) whether the use is covert;
(iii) in relation to the communication or publication, how the information is communicated or published; and
(iv) whether the use, communication or publication contravenes a provision of an Act;
(e) the nature and extent of any notice given about the use;
(f) whether the individual has an opportunity to avoid the surveillance;
(g) the attributes and conduct of the individual, including:
(i) the extent to which the individual has a public profile, invites or encourages publicity or shows a wish for privacy;
(ii) the extent to which the individual is in a position of vulnerability;
(iii) the nature of any relationship between the individual and the person using the surveillance device, or making the communication or publication; and
(iv) the effect that the use, communication or publication is reasonably likely to have on the individual’s health, safety or wellbeing.
[See Surveillance Devices Bill 2020 cl 35]
Exceptions to the general obligations
8-6 A person does not contravene a general obligation in Recommendation 8-2 above if the person’s use of a surveillance device or, relevantly, communication or publication of surveillance information:
(a) is authorised or required by law or by an order or process of a court or tribunal;
(b) is incidental to, and reasonably necessary for, the exercise of a lawful right to defend a person or property, including to prosecute or defend a criminal or civil proceeding; or
(c) is reasonably necessary in the public interest and the public interest outweighs the interference with the individual’s surveillance privacy.
[See Surveillance Devices Bill 2020 cl 38]
CHAPTER 9: CIVIL COMPLAINTS PROCESS AND REMEDIES
A complaints mechanism
9-1 The draft Bill should provide a mechanism for complaints about alleged contraventions of the general obligations in Recommendation 8-2 above (‘surveillance device complaints’) to the effect that:
(a) complaints may be made to the Surveillance Devices Commissioner (the ‘commissioner’) established under Recommendation 10-2(b) below for mediation;
(b) complaints not resolved by mediation may be referred to QCAT for hearing and decision; and
(c) if appropriate, the tribunal may order remedial relief.
The complaints mechanism should have the features set out below. [See Surveillance Devices Bill 2020 pt 4, cl 39]
Making and referring complaints to the commissioner
9-2 A complaint under Recommendation 9-1 above:
(a) may be made to the commissioner:
(i) by an individual who is the subject of the alleged contravention;
(ii) by an agent of the individual; or
(iii) by a person authorised by the commissioner in writing to make the complaint for the individual; and
(b) may be made under paragraph (a) jointly by or for two or more individuals.
[See Surveillance Devices Bill 2020 cl 40]
9-3 A complaint may be referred to the commissioner by any of the following entities, if they consider that the complaint may also be a complaint under this legislation:
(a) the Information Commissioner, in relation to a complaint received under the Information Privacy Act 2009;
(b) the Human Rights Commissioner, in relation to a complaint received under the Human Rights Act 2019;
(c) the Ombudsman, in relation to a complaint received under the Ombudsman Act 2001;
(d) the Health Ombudsman, in relation to a complaint received under the Health Ombudsman Act 2013; or
(e) any other entity that has received the complaint in performing its functions under a law [including a law of another State or the Commonwealth].
[See Surveillance Devices Bill 2020 cl 41, sch 1 (definitions of ‘referral Act’ and ‘referral entity’)]
9-4 A complaint made or referred to the commissioner under Recommendation 9-2 or 9-3 above must be in writing, state the complainant’s name and contact details (including, for example, the complainant’s postal or email address), state the respondent’s name, address or other contact details if they are known, and include enough information to identify the alleged contravention to which the complaint relates.
[See Surveillance Devices Bill 2020 cl 42(1)]
9-5 A complaint made or referred to the commissioner under Recommendation 9-2 or 9-3 above must be made or referred within six months after the alleged contravention that is the subject of the complaint came to the complainant’s knowledge, or within a further period that the commissioner considers is reasonable in all the circumstances.
[See Surveillance Devices Bill 2020 cl 43]
9-6 For a complaint made to the commissioner by an individual under Recommendation 9-2 above, the commissioner must give reasonable help to the complainant to put the complaint in writing.
[See Surveillance Devices Bill 2020 cl 42(2)]
Dealing with complaints
9-7 The draft Bill should set out the way in which the commissioner is to deal with a complaint made or referred to the commissioner under Recommendation 9-2 or 9-3 above.
[See Surveillance Devices Bill 2020 cl 44]
Preliminary notice and inquiries
9-8 As soon as practicable after receiving a complaint made or referred to the commissioner under Recommendation 9-2 or 9-3 above, the commissioner must give a notice to the complainant and respondent stating:
(a) the substance of the complaint;
(b) the role of the commissioner in dealing with the complaint; and
(c) that the commissioner may seek information or documents from the complainant or respondent in relation to the complaint.
The notice to the respondent must also require the respondent to advise the commissioner of the respondent’s contact details, including, for example, the respondent’s postal or email address.
[See Surveillance Devices Bill 2020 cl 46]
9-9 Where a complaint is made or referred to the commissioner under Recommendation 9-2 or 9-3 above, the commissioner may make preliminary inquiries about the complaint to decide how to deal with the complaint and, if the complaint does not include enough information to do so, to identify the respondent to the complaint.
[See Surveillance Devices Bill 2020 cl 45]
9-10 The Queensland Government should take steps to facilitate a memorandum of understanding between CASA and the commissioner about the sharing of information by CASA about registered owners and accredited flyers of drones for the purpose of complaints under the legislation.
Direction to protect privacy of complainant or respondent
9-11 In dealing with a complaint, the commissioner may, by notice, direct a person not to communicate or publish information that identifies, or is likely to identify, the complainant or respondent to a complaint if the commissioner is satisfied on reasonable grounds that it is necessary to do so to protect the privacy of the complainant or respondent. Non-compliance with a direction, without reasonable excuse, should be an offence with a maximum penalty of 10 penalty units.
[See Surveillance Devices Bill 2020 cl 47]
Refusing to deal with a complaint
9-12 The commissioner may refuse to deal with a complaint, or part of a complaint, if:
(a) the commissioner considers that:
(i) the complaint does not comply with the requirements at Recommendation 9-4 above about the matters that must be stated in the complaint;
(ii) there is a more appropriate course of action available under another law to deal with the subject of the complaint or part;
(iii) the subject of the complaint or part has been appropriately dealt with by another entity; or
(b) the complaint or part was not made or referred to the commissioner within the time stated at Recommendation 9-5 above; or
(c) the complaint or part is frivolous, trivial, vexatious, misconceived or lacking in substance;
[See Surveillance Devices Bill 2020 cll 17, 48(1)]
9-13 The commissioner may refuse to continue to deal with a complaint, or part of a complaint, under any of the grounds in Recommendation 9-12 above or if:
(a) the complainant does not comply with a reasonable request made by the commissioner in dealing with the complaint or part;
(b) the commissioner is satisfied on reasonable grounds that the complainant, without a reasonable excuse, has not cooperated in the commissioner’s dealing with the complaint or part; or
(c) the commissioner can not make contact with the complainant.
[See Surveillance Devices Bill 2020 cll 17, 48(2)]
9-14 If the commissioner refuses to deal with a complaint or to continue dealing with a complaint under Recommendation 9-12 or 9-13 above:
(a) the commissioner must give notice of the refusal, with reasons, to the complainant and, unless the commissioner considers it is not necessary to do so in the circumstances, to the respondent; and
(b) the complaint lapses, and the complainant cannot make a further complaint under this legislation about the same alleged contravention.
[See Surveillance Devices Bill 2020 cll 49 and 50]
Referral of complaints to other entities
9-15 The commissioner may refer a complaint to another entity as follows, if it considers the complaint would be more appropriately dealt with by the other entity and if the complainant consents:
(a) if the subject of the complaint could be the subject of a privacy complaint under the Information Privacy Act 2009, the commissioner may refer the complaint to the Information Commissioner;
(b) if the subject of the complaint could be the subject of a human rights complaint under the Human Rights Act 2019, the commissioner may refer the complaint to the Human Rights Commissioner;
(c) if the subject of the complaint could be the subject of a complaint under the Ombudsman Act 2001, the commissioner may refer the complaint to the Ombudsman;
(d) if the subject of the complaint could be the subject of a health service complaint under the Health Ombudsman Act 2013, the commissioner may refer the complaint to the Health Ombudsman.
[See Surveillance Devices Bill 2020 cl 51(1)–(2)]
9-16 If the commissioner refers a complaint under Recommendation 9-15 above to another entity, the commissioner:
(a) may, with the complainant’s consent, give the entity information about the complaint obtained by the commissioner; and
(b) must give notice of the referral, with reasons, to the complainant and, unless the commissioner considers it is not necessary to do so in the circumstances, to the respondent.
[See Surveillance Devices Bill 2020 cl 51(3)–(4)]
Arrangements with other entities
9-17 The commissioner may enter into an arrangement with the Information Commissioner, the Human Rights Commissioner, the Ombudsman or the Health Ombudsman (a ‘referral entity’) to provide for:
(a) the types of complaint under the legislation that the commissioner should refer to the referral entity (under Recommendation 9-15 above), and how the referral is made;
(b) the types of complaint made under a referral Act that the referral entity should refer to the commissioner (under Recommendation 9-3 above), and how the referral is made;
(c) dealing with a complaint or other matter under a referral Act that could also form the basis of a complaint under the legislation; or
(d) cooperating in the performance by the commissioner and the referral entity in their respective functions to ensure the effective operation of the legislation and the referral entity’s legislation.
[See Surveillance Devices Bill 2020 cl 52, sch 1 (definitions of ‘referral Act’ and ‘referral entity’)]
Mediation of complaints
9-18 The draft Bill should specify that the purpose of mediation is to identify and clarify the issues in the complaint and to promote the resolution of the complaint in a way that is informal, quick and efficient.
[See Surveillance Devices Bill 2020 cl 53]
9-19 The commissioner must try to mediate the complaint if:
(a) in the commissioner’s opinion, it is reasonably likely the complaint could be resolved by mediation; and
(b) the commissioner does not:
(i) refuse to deal with, or to continue to deal with, the complaint, under Recommendation 9-12 or 9-13 above; or
(ii) refer the complaint to another entity under Recommendation 9-15 above.
[See Surveillance Devices Bill 2020 cl 54(1)]
9-20 Where Recommendation 9-19 applies, the commissioner must give notice of the mediation to the complainant and respondent stating:
(a) the substance of the complaint;
(b) the powers the commissioner may exercise in trying to resolve the complaint by mediation; and
(c) that the commissioner may seek information or documents from the complainant or respondent in relation to the complaint.
The notice to the respondent must also state that the respondent will have an opportunity to respond to the complaint in writing.
[See Surveillance Devices Bill 2020 cl 55]
9-21 The commissioner may take the reasonable action the commissioner considers appropriate to try to resolve the complaint by mediation. Without limiting the steps the commissioner may take, the commissioner may:
(a) ask the respondent to respond in writing to the complaint;
(b) give the complainant a copy of the respondent’s written response;
(c) ask or direct the complainant or respondent to give the commissioner information relevant to the complaint, including by notice given under Recommendation 10-8(c) below;
(d) make enquiries of, and discuss the complaint with, the complainant and respondent;
(e) provide information to the complainant and respondent about the legislation and how it applies to the complaint; or
(f) facilitate a meeting between the complainant and respondent.
[See Surveillance Devices Bill 2020 cl 54(2)–(3), sch 1 (definition of ‘information’)]
Confidentiality of mediation
9-22 A person who is or has been the commissioner or a staff member of the commission must not disclose information coming to their knowledge during a mediation. However, this does not apply if the disclosure is made:
(a) with the consent of the complainant and respondent to the complaint;
(b) for the purpose of giving effect to the commissioner’s complaints handling or reporting functions under the legislation;
(c) for statistical purposes without identifying a person to whom the information relates;
(d) for an inquiry or proceeding about an offence happening during the mediation;
(e) for a proceeding founded on fraud alleged to be connected with, or to have happened during, the mediation; or
(f) under a requirement imposed by an Act.
[See Surveillance Devices Bill 2020 cl 56]
9-23 Evidence of anything said or done, or an admission made, in the course of the mediation of a complaint is admissible in a civil proceeding only if the complainant and respondent agree. However:
(a) This provision does not apply to a mediated agreement filed with QCAT under Recommendation 9-25 below; and
(b) A ‘civil proceeding’ for this provision does not include a civil proceeding founded on fraud alleged to be connected with, or to have happened, during the mediation.
[See Surveillance Devices Bill 2020 cl 57]
Mediated agreement
9-24 If, after mediation, the complainant and respondent agree to resolve the complaint:
(a) the agreement is not binding, as a ‘mediated agreement’, until it is written down, signed by the complainant and respondent and certified by the commissioner as the agreement signed by the parties in accordance with these requirements;
(b) the commissioner must keep a copy of the mediated agreement.
[See Surveillance Devices Bill 2020 cl 58]
9-25 The complainant or respondent may file a copy of the mediated agreement prepared under Recommendation 9-24 above with QCAT.
[See Surveillance Devices Bill 2020 cl 59(1)]
9-26 If a mediated agreement is filed with QCAT under Recommendation 9-25 above, the tribunal may make orders necessary to give effect to the agreement if the tribunal is satisfied that:
(a) the order is consistent with an order the tribunal may make under Recommendation 9-31 below or the QCAT Act; and
(b) it is practicable to implement the order.
An order made by the tribunal under this provision is, and may be enforced as, an order of the tribunal under the QCAT Act.
[See Surveillance Devices Bill 2020 cl 59(2)–(3)]
Referral of complaints to tribunal
9-27 The draft Bill should provide that, if:
(a) the commissioner does not:
(i) refuse to deal with, or to continue to deal with, the complaint, under Recommendation 9-12 or 9-13 above; or
(ii) refer the complaint to another entity under Recommendation 9-15 above; and
(b) in the commissioner’s opinion, the complaint is unlikely to be resolved:
(i) by mediation of the complaint; or
(ii) despite attempts to mediate the complaint
the commissioner must give notice to the complainant and respondent that these provisions apply and that the commissioner will, if asked to do so by the complainant, refer the complaint to QCAT to decide.
[See Surveillance Devices Bill 2020 cll 60 and 61]
9-28 The complainant may, in writing to the commissioner, ask for the referral of the complaint to QCAT within 20 business days after receiving notice under Recommendation 9-27 above.
[See Surveillance Devices Bill 2020 cl 62(1)]
9-29 The commissioner must refer the complaint to QCAT within 20 business days after receiving a request made under Recommendation 9-28 above.
[See Surveillance Devices Bill 2020 cl 62(2)]
Tribunal’s jurisdiction and procedure
9-30 Where a complaint is referred to QCAT under Recommendation 9-29 above:
(a) the tribunal must exercise its original jurisdiction under the QCAT Act to hear and decide the complaint;
(b) the complainant and respondent to the complaint are both parties to the proceeding;
(c) the complainant is taken to be the applicant for the proceeding;
(d) the respondent is taken to be the respondent for the proceeding;
(e) subject to para (f) below, the rules and procedures applying to QCAT under the QCAT Act apply to the proceeding; and
(f) for a hearing conducted by the tribunal in relation to the complaint, the tribunal is to be constituted by at least one legally qualified member.
[See Surveillance Devices Bill 2020 cll 62(3), 63 and 64]
9-31 After the hearing of a complaint referred to QCAT under Recommendation 9-29 above, the tribunal may make one or more of the following final decisions to decide the complaint:
(a) an order that declares the respondent’s use, communication or publication contravened a general obligation in Recommendation 8-2(a) or (b) above in relation to the complainant and, if QCAT considers appropriate, includes one or more of the following—
(i) an order that the respondent must not repeat or continue a stated act or practice;
(ii) an order that the respondent must compensate the complainant for loss or damage (including for injury to the complainant’s feelings or humiliation) suffered because of the respondent’s act or practice by:
(A) engaging in a stated act or practice; or
(B) paying the complainant a stated amount of not more than $100 000;
(b) an order dismissing the complaint, or part of the complaint;
(c) an order that the complainant be reimbursed for expenses reasonably incurred in connection with making the complaint.
[See Surveillance Devices Bill 2020 cll 17, 65(1)–(2)]
9-32 An order made by the tribunal under Recommendation 9-31(a)(ii) above must state the reasonable time within which the relevant action must be taken.
[See Surveillance Devices Bill 2020 cl 65(3)]
Resourcing
9-33 QCAT should be provided with any additional resources necessary to ensure the effective operation of the new jurisdiction conferred on the tribunal by the legislation.
CHAPTER 10: A NEW REGULATOR
A new independent regulator
10-1 There should be an independent regulator. For the purpose of the draft Bill, the independent regulator is established as a separate entity under Recommendation 10-2 below. If the independent regulator’s functions were instead to be conferred on an existing entity, some of the recommended provisions would need appropriate modification. Whichever way the independent regulator is established, it should have the functions, powers and main features set out below.
[See Surveillance Devices Bill 2020 pt 5]
Establishment of the regulator
10-2 There should be a Surveillance Devices Commission (the ‘commission’). The commission:
(a) is a statutory body for the Financial Accountability Act 2009 and the Statutory Bodies Financial Arrangements Act 1982; and
(b) consists of the Surveillance Devices Commissioner appointed under Recommendation 10-3 below, and the staff of the commission employed under Recommendation 10-7 below.
[See Surveillance Devices Bill 2020 cll 66, 67]
10-3 The Surveillance Devices Commissioner (the ‘commissioner’):
(a) is appointed by, and holds office on the terms and conditions decided by, the Governor in Council;
(b) holds office for a term of not more than five years stated in the instrument of appointment and, if a person is reappointed as commissioner, may hold office for not more than ten years continuously; and
(c) controls the commission.
[See Surveillance Devices Bill 2020 cll 71, 77, 78(1)–(3)]
10-4 The draft Bill should also include standard provisions dealing with leave of absence as commissioner, vacancy in office, the grounds on which a person may be removed from office as commissioner, and the preservation of certain rights of public service employees. Other relevant provisions of general application in the Acts Interpretation Act 1954 will also apply.
[See Surveillance Devices Bill 2020 cll 78(4), 79, 80, 81, 82]
10-5 The draft Bill should ensure the independence of the commissioner by providing that:
(a) in performing the commissioner’s functions, the commissioner must act independently, impartially and in the public interest; and
(b) the commissioner is not subject to direction by any person about how the commissioner performs the commissioner’s functions.
Under Recommendation 10-12(d), (e), (f) and 10-16(b) below, the Minister may, however, request advice, assistance or an examination, and may require a report, about particular matters.
[See Surveillance Devices Bill 2020 cll 69 and 70]
10-6 The commissioner may delegate to an appropriately qualified staff member of the commission the commissioner’s functions or powers under the legislation or another Act. Provisions of general application in the Acts Interpretation Act 1954 will apply to the delegation.
[See Surveillance Devices Bill 2020 cl 93]
1
10-7 Staff of the commission:
(a) are employed under the Public Service Act 2008; and
(b) are not subject to direction, other than from the commissioner or a person authorised by the commissioner, about how the commissioner’s functions are to be performed.
[See Surveillance Devices Bill 2020 cl 83]
Functions and powers
10-8 The draft Bill should provide the following in relation to the commissioner’s general functions and powers:
(a) The commissioner has the functions and powers given by the legislation;
(b) The commissioner has power to do all things that are necessary or convenient to be done to perform the commissioner’s functions under the legislation; and
(c) If the commissioner believes on reasonable grounds that a person may have information relevant to a complaint being dealt with by the commissioner or to another function being performed by the commissioner, the commissioner may, by written notice, ask or direct the person to give the information to the commissioner within a reasonable period.
[See Surveillance Devices Bill 2020 cll 68 and 76(1)–(4)]
10-9 The commissioner’s functions include receiving and dealing with complaints under Recommendations 9-1 to 9-29 above. There should be a clear administrative division, supported by formal policies and procedures, between the commissioner’s complaints handling and mediation functions and the other functions of the commissioner.
[See Surveillance Devices Bill 2020 cl 72]
10-10 The commissioner’s guidance functions include:
(a) promoting understanding of and compliance with the legislation, including the general obligations in Recommendation 8-2 above;
(b) providing information and guidance about the operation of the legislation;
(c) providing education and training about the legislation, including the general obligations in Recommendation 8-2 above and the lawful use of surveillance devices;
(d) issuing guidelines about any matter related to the commissioner’s functions, including guidelines on any of the following matters:
(i) how the legislation applies;
(ii) how an exception in Recommendation 5-12 to 5-18 or 6-5 to 6-7 above applies, including examples;
(iii) best practice for the use of surveillance devices, and the communication or publication of surveillance information, in a way that respects individuals’ privacy; and
(iv) making, referring and dealing with complaints under Recommendation 9-1 above; and
(e) giving information and reasonable help to complainants and respondents in relation to their complaints and the processes under the legislation.
[See Surveillance Devices Bill 2020 cl 73(1)]
10-11 The draft Bill should additionally provide that the guidelines issued under Recommendation 10-10(d) above must be published on the commissioner’s website.
[See Surveillance Devices Bill 2020 cl 73(2)]
10-12 The commissioner’s research, advice and monitoring functions include:
(a) undertaking or commissioning research to monitor:
(i) whether the legislation is achieving its purpose;
(ii) how surveillance devices and surveillance device technologies are used in civil society;
(iii) developments in surveillance device technology;
(b) identifying and commenting on any issues relating to the use of surveillance devices in civil society, and the communication or publication of surveillance information;
(c) identifying and commenting on legislative and administrative changes that would improve the operation of the legislation;
(d) on request of the Minister or on the commissioner’s own initiative, advising the Minister about matters relevant to the operation and administration of the legislation;
(e) on request of the Minister, assisting the Minister to review the legislation under Recommendation 11-2 below; and
(f) on request of the Minister, examining other Acts and proposed legislation to determine whether they are, or would be, consistent with the purpose of the legislation and the general obligations in Recommendation 8-2 above.
[See Surveillance Devices Bill 2020 cl 74]
10-13 The commissioner’s compliance monitoring functions include examining—on the commissioner’s own initiative or otherwise—the practices of relevant entities, in relation to the following matters, to monitor whether the practices comply with the legislation:
(a) how the entities use surveillance devices, and communicate or publish surveillance information;
(b) the surveillance device, and communication or publication, technologies used by the entities; and
(c) the programs, policies and procedures of the entities in relation to each of the matters in paragraphs (a) and (b).
[See Surveillance Devices Bill 2020 cl 75(1)]
10-14 For the purpose of Recommendation 10-13 above:
(a) ‘relevant entity’ means:
(i) a ‘public entity’ within the meaning of the Human Rights Act 2019;
(ii) an entity with an annual turnover of more than $5 million for the current or previous financial year;
(iii) an entity that regularly or routinely uses a surveillance device, or communicates or publishes surveillance information;
(iv) an entity that uses a surveillance device to monitor crowds in places that are open to or used by the public, whether or not on the payment of a fee; and
(v) another entity prescribed by regulation.
(b) ‘relevant entity’ does not include an entity to the extent its practices relate to enforcing a law of the State, including, for example, the Queensland Police Service or the Crime and Corruption Commission.
Reporting requirements
10-15 In addition to the annual financial reporting requirements that will apply under the Financial Accountability Act 2009, the draft Bill should provide that:
(a) as soon as practicable after the end of each financial year, the commissioner must give the Minister an annual report about the operation of the legislation;
(b) without limiting paragraph (a), the annual report must include information for the financial year about the following matters:
(i) the number of complaints made or referred to the commissioner;
(ii) the types of complaints made or referred to the commissioner, including:
(A) the categories of entities to which the complaints relate;
(B) the uses of surveillance devices to which the complaints relate;
(C) the provisions of Recommendation 8-2 ff above to which the complaints relate;
(iii) the outcome of complaints made or referred to the commissioner, including:
(A) the number of complaints the commissioner refused to deal with, or to continue to deal with, and the grounds for refusing under Recommendations 9-12 and 9-13 above;
(B) the number and type of complaints referred to another entity under Recommendation 9-15 above;
(C) the number and type of complaints resolved by the commissioner by mediation under Recommendation 9-19 above;
(D) the number and type of complaints referred to QCAT under Recommendation 9-29 above;
(iv) the outcome of complaints referred to QCAT; (v) another matter prescribed by regulation.
(c) the Minister must table a copy of the annual report in the Legislative Assembly within 14 sitting days after receiving the report.
[See Surveillance Devices Bill 2020 cl 84]
10-16 The draft Bill should also provide that:
(a) the commissioner may at any time prepare a report about a matter relevant to the performance of the commissioner’s functions under the legislation and give the report to the Minister;
(b) the commissioner must, if asked by the Minister, prepare a report about a matter mentioned in paragraph (a) and give the report to the Minister as soon as practicable after it is prepared; and
(c) the Minister must table a copy of a report given to the Minister under paragraph (a) or (b) in the Legislative Assembly within 14 sitting days after receiving the report.
[See Surveillance Devices Bill 2020 cl 85]
10-17 The draft Bill should also provide the following safeguards in relation to a report of the commissioner prepared under Recommendation 10-15 or 10-16 above:
(a) the report must not include personal information about an individual unless the individual has previously published the information, or gave the information for the purpose of publication; and
(b) the report must not make an adverse comment about a person unless the commissioner has given the person an opportunity to respond, in writing, to the proposed comment and any response from the person is fairly stated in the report.
For paragraph (a), ‘personal information’ has the same meaning as under the Information Privacy Act 2009, section 12.
For paragraph (b), ‘adverse comment’ does not include a statement that a person did not participate in resolving a complaint under the legislation.
[See Surveillance Devices Bill 2020 cll 86 and 87]
Protections and offences
10-18 The draft Bill should include the following protective provisions and offences relating to the actions of and dealings with the commissioner, to ensure the effective operation of the commissioner’s functions:
(a) The commissioner is protected from civil liability for acts done or omissions made honestly and without negligence under the legislation.
(b) Where a person, acting honestly, gives information or a written response to the commissioner under a provision of the legislation:
(i) the person is not liable (civilly, criminally or under an administrative process) because the person gave the information or written response; and
(ii) the person cannot be held to have breached a code of professional etiquette or ethics or departed from accepted standards of professional conduct because the person gave the information or written response.
(c) A person who is or has been the commissioner or a staff member of the commission and who, in that capacity, acquires or has access to or custody of confidential information must not make a record of or disclose the information to another person. This does not apply if the record is made or the information is disclosed with the consent of each person to whom the record or information relates, in performing a function under the legislation, or as required or permitted under another Act. ‘Confidential information’ means any information that:
(i) relates to a complaint made under the legislation;
(i) is personal information about a complainant, respondent or another individual;
(iii) is about a person’s financial position or background; or
(iv) if disclosed, would be likely to damage the commercial activities of a person to whom the information relates.
This does not include information that is publicly available or to statistical or other information that is not likely to identify the person to whom it relates.
(d) A person who is or has been the commissioner, or a staff member of the commission, cannot be required to give information related to the performance of functions under the legislation to a court. This does not apply if the information is given in performing a function under the legislation, or as required or permitted by another Act.
(e) It is an offence, with a maximum penalty of 10 penalty units:
(i) for a person, in the administration of the legislation, to give information to the commissioner or a staff member of the commission that the person knows is false or misleading in a material particular; or
(ii) for a person to fail, without reasonable excuse, to comply with a direction of the commissioner, given in a notice, requiring the person to give information to the commissioner. It is a reasonable excuse for this provision if compliance would require disclosure of information that is the subject of legal professional privilege, or information that might tend to incriminate the individual.
[See Surveillance Devices Bill 2020 cll 76(5)–(6), 88, 89, 90, 91 and 92, sch 1 (definition of ‘information’)]
CHAPTER 11: GENERAL MATTERS
Regulation-making power
11-1 The draft Bill should provide that the Governor in Council may make regulations under the legislation.
[See Surveillance Devices Bill 2020 cl 94]
Review of Act
11-2 The draft Bill should provide that the Minister must complete a review of the effectiveness of the legislation within five years after the commencement. In completing the review, the Minister must consider:
(a) whether the legislation is achieving its purpose; and
(b) how surveillance devices and surveillance device technologies are used in civil society; and
(c) developments in surveillance device technology; and
(d) whether the legislation should be amended to provide for:
(i) new types of surveillance devices; or
(ii) new uses of surveillance devices and surveillance device technologies in civil society.
In addition, the Minister must table in the Legislative Assembly a report on the outcome of the review as soon as practicable after the review is completed.
[See Surveillance Devices Bill 2020 cl 95]
Consequential provisions
11-3 If legislation based on the draft Bill is enacted, the references to the ‘Invasion of Privacy Act 1971’ in the following Acts should be omitted and replaced by references to the legislation, as appropriate:
(a) the Commissions of Inquiry Act 1950;
(b) the Fisheries Act 1994;
(c) the Police Powers and Responsibilities Act 2000;
(d) the Public Safety Preservation Act 1986; and
(e) the Youth Justice Act 1992.
