Legal and Non-Legal Responses (HSC SSCE Legal Studies): Revision Notes
Legal and Non-Legal Responses
Legal responses
Legal responses to Facebook privacy issues in Australia involve various laws and regulations designed to protect individuals' personal information. These responses operate at both federal and state levels and attempt to extend Australian authority beyond its borders.
Federal and state privacy laws
Privacy legislation refers to laws designed to establish, maintain and protect the privacy rights of individuals. In Australia, privacy regulation is complex because federal laws do not always apply to state and territory agencies (except the Australian Capital Territory). This creates a layered system of privacy protection.
The complexity of Australian privacy regulation stems from the federal system where Commonwealth laws don't automatically apply to state and territory agencies. This means different privacy protections may apply depending on whether you're dealing with a federal or state government agency.
At the Commonwealth level, key privacy laws include the Privacy Act 1988 (Cth), which forms the cornerstone of federal privacy protection, along with sector-specific legislation such as the Telecommunications Act 1997 (Cth), National Health Act 1953 (Cth), and the Healthcare Identifiers Act 2010 (Cth). These laws regulate how organisations collect, store and use personal information.
New South Wales has its own suite of privacy laws, with the Privacy and Personal Information Protection Act 1998 (NSW) and the Health Records and Information Privacy Act 2002 (NSW) being the primary legislation. Additional laws cover specific areas including surveillance (Surveillance Devices Act 2007 (NSW)), workplace monitoring (Workplace Surveillance Act 2005 (NSW)), and criminal records (Criminal Records Act 1991 (NSW)).
Australian privacy law attempts to protect Australian users of global social media platforms like Facebook through two main mechanisms:
- Giving extraterritorial application to the Privacy Act 1988 (Cth)
- Regulating trans-border data flow (data movement across international borders)
Extraterritorial jurisdiction
Extraterritorial jurisdiction enables a government to legally exercise authority beyond its normal territorial boundaries. In Australia, this power is granted to state parliaments through of the *Australia Act 1986 (Cth)$.
Jurisdiction refers to the powers of a court, which depend on three factors: its geographic area of authority, the types of matters it can decide, and the remedies it can order.
Section of the Privacy Act 1988 (Cth) provides extraterritorial operation, targeting acts or practices conducted outside Australia by organisations seeking personal information about Australian citizens or permanent residents. This provision aims to prevent organisations from circumventing their privacy obligations by transferring personal information handling to countries with weaker privacy standards.
Significant Limitations of Extraterritorial Jurisdiction:
There are major constraints to this approach that limit its practical effectiveness:
- The Act cannot override another country's privacy laws
- It has not yet been tested in an international court
- Currently, it functions primarily as a watchdog mechanism, encouraging businesses to maintain ethical practices rather than providing enforceable sanctions against overseas entities
Trans-border data flows
The Privacy Act 1988 (Cth) contains thirteen Australian Privacy Principles (APPs), which establish baseline privacy standards for organisations handling personal information. All private sector health service providers and most other private sector organisations must comply with these principles.
Principle 8 specifically addresses cross-border disclosure of personal information. However, all the principles are relevant to social media privacy because modern users share enormous amounts of personal information on platforms like Facebook. This data sharing enables businesses to access detailed information about individuals and target marketing to them with unprecedented precision.
Despite their comprehensive coverage, the APPs face similar enforcement challenges to the extraterritorial provisions. They serve primarily as a deterrent and only apply to businesses operating within Australia. No Australian or international court has yet tested their application to global social media companies, leaving their practical effectiveness uncertain.
Workplace social media policies
Employers face competing pressures regarding social media use. While businesses can ban staff from using social media at work, this appears hypocritical when the same businesses use Facebook for product promotion. Most human resource experts recommend that businesses adopt a proactive approach by implementing clear workplace policies on social media use.
Research by Hays Personnel, reported by SmartCompany, revealed significant employee expectations around workplace social media access. Of 840 workers surveyed, 19.7% stated they would reject a job offer if reasonable social media access was denied. From the employer perspective, 44% of businesses believed that allowing social media access improved staff satisfaction and retention.
Key Components of Effective Workplace Social Media Policies:
A comprehensive policy should address several critical areas:
- Specify when and how social media can be used during work hours
- Clarify whether usage will be monitored
- Define whether employees can use work email addresses for social media accounts
- Establish procedures for how complaints about the company should be handled
- Include appropriate grievance procedures and adequate training programs to prevent and resolve social media-related workplace issues
The relationship between employer and employee regarding social media extends beyond workplace conduct. An individual's social media profile often includes their employer's name, meaning their online behaviour and demonstrated personal values may reflect on their employer. This has led to several important legal cases establishing the boundaries of acceptable social media use.
Case study: Stutsel v Linfox Australia Pty Ltd [2011] FWA 8444
Case Study: The Importance of Written Social Media Policies
This case established important principles about workplace social media policies and employee dismissal.
The Facts: A disgruntled employee vented frustration about supervisors on his Facebook page after work hours. Colleagues who were Facebook friends reported these comments to management. The employer dismissed the employee, arguing that his use of derogatory terms was discriminatory and damaged the business's reputation.
The Outcome: The employee challenged the dismissal through Fair Work Australia and succeeded. The Commissioner upheld the unfair dismissal complaint for several reasons, notably because the company lacked a social media policy. Without clear guidelines, workers at the business had no framework for understanding appropriate social media conduct when discussing work-related issues on these platforms.
The Key Principle: This case demonstrates the legal importance of having clear, documented social media policies. Employers cannot dismiss employees for violating standards that have never been communicated or established.
Case study: NSW Police Force social media policy
Case Study: Balanced Approach to Social Media Policy
The NSW Police Force has developed a comprehensive approach to employee social media use through two key documents: the 'Personal Use of Social Media Policy and Guidelines' and the 'Official Use of Social Media Policy'.
Rather than banning social media use entirely, these documents specify what employees can and cannot comment on. This approach recognises that social media can play a vital role in modern police work.
By setting clear boundaries while allowing appropriate use, the policy balances organisational needs with employee freedom and operational effectiveness.
Case study: Commonwealth Bank policy controversy
Case Study: The Perils of Overreaching Social Media Policies
The Commonwealth Bank case illustrates the importance of management understanding social media's implications.
The Initial Policy: The bank's initial social media policy required employees to report any negative commentary about the bank that they saw on social media, including on their own Facebook pages. Failure to report such comments would lead to employment termination.
Employee Concerns: Employees objected strongly to this policy because:
- It blurred the distinction between on-duty and off-duty time, making them feel perpetually at work
- It made employees responsible for comments made by others, which they could not control
The Resolution: The Financial Services Union (FSU) negotiated with the bank to modify the policy. The revised version still required reporting of negative comments but removed dismissal as the automatic consequence of non-reporting.
The Lesson: The FSU representative advised members to exercise caution with their own online postings, noting that current or potential employers could be monitoring their social media activity.
Case study: Michael Nolan dismissal
Case Study: Social Media Conduct Reflecting on Employers
This 2015 case involved a Sydney hotel supervisor whose offensive social media behaviour led to employment termination.
The Incident: Michael Nolan posted a sexist and offensive comment on journalist Clementine Ford's Facebook page. Ford had posted about online harassment she received on White Ribbon Day, which aims to prevent men's violence against women. Nolan responded to her post with the word "Slut".
The Consequences: Because Nolan's Facebook profile listed his employer as Meriton Apartments, Ford tagged the Meriton Group on Facebook and questioned whether they were aware of their employee's conduct. Ford also captured screenshots showing other racist and offensive jokes Nolan had posted publicly.
The Outcome: The Meriton Group investigated and terminated Nolan's employment, stating in a public statement that they did not condone such behaviour. Nolan was removed from the Meriton site pending investigation and was dismissed after the investigation concluded.
The Key Principle: This case demonstrates that employers may take action when employees' social media conduct, even outside work hours, reflects poorly on the organisation, particularly when the employee publicly identifies their employer on their profile.
Non-legal responses
Electronic Frontier Foundation
The Electronic Frontier Foundation (EFF) is a non-profit organisation established in the United States in 1990. Initially focused on protecting freedom of speech, the EFF expanded its mission to include privacy protection as the internet grew.
How the EFF Operates:
The EFF operates primarily through education and advocacy rather than legal enforcement. It runs campaigns educating users about protecting themselves when using the internet and social media. The organisation employs a "naming and shaming" strategy, publicly identifying businesses that inappropriately use the internet to gather user information.
By creating public awareness and reputational pressure, the EFF provides an alternative mechanism for addressing privacy concerns when legal remedies are unavailable or ineffective.
This approach complements legal responses by creating social and commercial incentives for companies to respect user privacy.
Key Points to Remember:
- Australia has multiple layers of privacy legislation at both Commonwealth and state levels, but federal laws don't always regulate state agencies
- Extraterritorial jurisdiction allows Australian law to apply beyond its borders, but the Privacy Act 1988 (Cth) cannot override other countries' laws and has not been tested internationally
- The thirteen Australian Privacy Principles (APPs) set baseline privacy standards, with Principle 8 specifically covering cross-border data sharing
- Workplace social media policies are essential—cases like Stutsel v Linfox show that employers cannot dismiss employees for breaching non-existent policies
- Non-legal responses like the Electronic Frontier Foundation use education and "naming and shaming" to complement legal protections
- Legal action against Facebook remains difficult in Australia, with effectiveness limited by enforcement challenges and lack of international court testing