By Iain Freeman and Mathea McCubbing, Lavan Legal

Well I guess I'm going AWOL
Disconnect my telephone
Just like Greta Garbo
I want to be alone
-- Just Like Greta, Van Morrison

Greta is your average twenty something -- with three separate apple devices, a "Fitbit", a dependency on Google Maps, a fondness for posting selfies on Instagram, Twittering, looking at dream homes on Pinterest and booking private residences for hire via AirBnB. But every time she logs on, goes for a jog or takes a drive to the wine country, does Greta think about what she's actually giving away?

In a fast paced world where quick access to information is key and almost everyone has an individual web presence, it is easy for individuals mistakenly or unintentionally to relinquish control over information they would otherwise seek to protect. Were Greta to have a change of heart and wish to truly "be alone", Australian legislation, including the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth), would only go so far to provide her with safeguards and mechanisms to protect her personal information.

To be alone, Greta needs to understand what exactly it is she is doing with her information, what rights she has, especially after the information has been disclosed, and what she can do if her information has been misused or misappropriated.

Can Greta just be alone?

The key questions Greta needs to bear in mind are:

• What are my rights over my personal information?
• Who, what and where? -- who will collect my information and to whom will it be disclosed to, what will this entity use my information for and where will my information be stored?
• Do I know the applicable privacy policy or privacy terms and conditions?
• What is the minimum amount of personal information I must release to use this service/buy that product?

Short of "disconnecting the telephone", by choosing not to make use of any of these technologies whatsoever, Greta has to rely on the less than comprehensive protections offered by legislation such as the Privacy Act, Australian Consumer Law, Spam Act and the Do Not Call Register Act. However, reliance on these laws alone may not be enough, particularly where the services or applications used by individuals may not be subject to the application of those laws in the first place.

There is a possibility that in the future our modern day Greta may have more substantive recourse against those who invade or compromise their personal information. In its report tabled in Parliament on 3 September 2014, Serious Invasions of Privacy in the Digital Era, the Australian Law Reform Commission recommended the introduction of a tort for the invasion of privacy. The introduction of a tort of this kind would create a cause of action for an individual whose privacy has been impinged by another individual by:

• an intrusion upon seclusion (eg, by recording, watching or listening to a individual's private acts); or
• a misuse of private information (eg, by collecting, disclosing and using private information about an individual).

At this stage in time, it is unclear whether this proposal will be supported or seriously considered by Parliament. In any event, it would be remedial in nature. 

In the meantime, if individuals like Greta want to enjoy the benefits of the digital age, but to protect their personal information, and their privacy more generally, they need to be aware of what rights they do have (whether it be under Australian legislation or an entity's Privacy Policy), consider who will use that information and who it will be disclosed to, where that information will be stored and for what purpose it will be used and need to consider what is the minimum amount of information they can release to make use of the services and products they are interested in.

Note: This is an extract from Privacy Law Bulletin, March 2015, Volume 12 No 3