The private details of AFL star Steven May and his partner Sachi Dade were reportedly discussed on a Microsoft Teams call with 15 players' partners on February 5, 2026, without their consent—and now that meeting has become a flashpoint for Australia's evolving privacy law. Senior figures within the Melbourne Football Club allegedly convened the virtual gathering, bringing together a group of partners to address what was described as a "private situation" involving May and Dade. The incident has ignited fierce debate about the boundaries of workplace confidentiality, the casual use of digital communication platforms, and whether Australia's piecemeal privacy protections are fit for the digital age.

The Incident: A Private Matter Made Public

Details remain murky, but the core allegations are explosive. On that February evening, a senior club official—whose identity has not been publicly confirmed—scheduled a Microsoft Teams call and invited approximately 15 partners of Melbourne FC players. Participants were told the meeting would address an unspecified private matter. The call quickly veered into deeply personal territory: the relationship dynamics between defender Steven May and his girlfriend Sachi Dade, including details that many argue fall squarely within the sphere of intimate personal information.

Crucially, neither May nor Dade were present, nor had they consented to the discussion. Reports suggest the call was recorded by an attendee, although it remains unclear whether that recording was made with the host’s knowledge or through the platform’s built-in recording feature, which normally triggers a notification to all participants. The recording subsequently leaked—again, the mechanism is unclear—sparking outrage within the club and beyond.

Melbourne FC has not issued an official statement beyond a terse acknowledgment that it is “aware of an internal matter” and is “reviewing its communications protocols.” The AFL Players’ Association has reportedly been contacted, and legal letters from May’s representatives have flown behind the scenes.

This incident lands in a legal landscape that has been transformed by two landmark developments: the High Court’s 2024 decision in Smethurst v Commissioner of Police and the Australian Law Reform Commission’s (ALRC) 2025 report Serious Invasions of Privacy in the Digital Era. Together, these have opened the door to a common-law tort of invasion of privacy, but the law remains unsettled.

Historically, Australia had no freestanding right to privacy. Protections were scattered across the Privacy Act 1988—which applies mainly to government agencies and large businesses—and a patchwork of state and federal laws covering surveillance, telecommunications, and defamation. The Smethurst decision signaled a shift, with several justices expressing willingness to recognise a tort for intentional intrusions upon seclusion. Then, in early 2025, the ALRC recommended formal legislation creating a statutory tort covering both intrusion into seclusion and misuse of private information.

A Teams call like the one at Melbourne FC could tick every box for intrusion upon seclusion. The tort, as conceived by the ALRC, would require an intentional or reckless intrusion into an individual’s private affairs, in a manner that would be highly offensive to a reasonable person. Discussing highly sensitive personal relationships in a digital meeting—without the subject’s knowledge—seems to fit. What’s more, the recording and subsequent leak could separately ground a claim for misuse of private information, which is also part of the proposed statutory tort.

But as of early 2026, Parliament has not yet enacted the ALRC recommendations. The Smethurst common-law pathway remains uncertain: lower courts are divided, and no appellate court has definitively confirmed the tort’s existence. This means May and Dade would face a difficult litigation if they chose to sue the club or the individual who leaked the recording. They would have to argue that a new tort should be recognised, which is a high-stakes strategy.

Technical Vulnerabilities in Microsoft Teams

The choice of Microsoft Teams as the venue for the meeting is particularly jarring, given the platform’s well-documented privacy quirks. Teams meetings are not end-to-end encrypted by default; instead, they rely on transport layer encryption between the client and Microsoft’s servers. This means Microsoft, as a service provider, can technically access meeting content—a fact that has drawn criticism from privacy advocates.

Recording is another hot-button issue. When a Teams meeting is recorded, all participants see a banner notification, and the recording is stored in OneDrive or SharePoint, depending on the type of meeting. However, the notification system is not foolproof: attendees joining from phone lines or via certain third-party integrations might not see the banner. Moreover, a participant could use external screen-recording software without triggering any platform alert, a technique that violates Microsoft’s terms but is trivial to execute.

Then there’s the question of access controls. The host can designate presenters and control who can share content, but if the meeting link is forwarded or shared carelessly, unauthorised individuals can slip in unnoticed. Teams does offer a “room lobby” and the ability to lock a meeting, but these features are often underused in casual workplace settings.

The Melbourne FC call raises all these red flags. If the recording was made with Teams’ own tool, the host almost certainly knew unless they had disabled recording notifications—an option that only exists for certain enterprise configurations and would be extreme for a sports club. If an external recording app was used, the club may have violated internal policies or even state surveillance laws, depending on the jurisdiction.

Workplace Compliance: Why “Just a Teams Call” Is No Excuse

The phrase “just a Teams call” entered the lexicon during the pandemic as millions of workers shifted to remote collaboration. That casual framing has proved dangerous. A Teams call is not a private chat in a locked room; it is a digital event that leaves a trail of metadata, invitee lists, and often a recording. For organisations, every Teams call involving personnel matters, personal information, or sensitive business strategy is a compliance minefield.

Australia’s workplace surveillance laws vary by state but generally require employers to give employees notice before monitoring their communications. The New South Wales Workplace Surveillance Act 2005, for example, prohibits covert surveillance of employees unless authorised by a covert surveillance authority. While that Act primarily targets employers monitoring staff, the Melbourne FC incident flips the script: an employee’s private life was aired without consent to colleagues and partners, potentially breaching the club’s duty of care.

From a corporate governance perspective, the AFL club could face significant penalties if the incident is deemed a data breach under the Commonwealth Privacy Act 1988. Even though the Act exempts employee records held by employers in their employment capacity, the disclosure of information so clearly personal and unrelated to work puts that exemption under strain. The Office of the Australian Information Commissioner (OAIC) has shown increasing appetite to regulate employers who mishandle personal information, particularly when the information is of a sensitive nature.

Industry Reactions: Shock and a Wake-Up Call

The sports world has reacted with a mixture of shock and I-told-you-so. Footballers and their families are often in the public eye, but there is an unspoken rule that locker-room squabbles and personal difficulties should stay in-house. The breach has prompted urgent review calls across the AFL and other professional codes. The AFL Coaches Association issued a statement urging clubs to “audit their digital meeting protocols and ensure all staff are trained on the legal and ethical dimensions of remote communication.”

Legal experts have pointed to this as a textbook reason why Australia needs a statutory privacy tort. Professor Barbara McDonald of the University of Sydney Law School told The Age that “this case demonstrates the gaping hole in our legal system. If ever there was a justification for a cause of action for privacy, it’s the unauthorised broadcasting of someone’s most intimate circumstances to a group of their peers.”

Microsoft itself has remained silent on the incident, but the company has been burnishing its privacy credentials of late. In late 2025, Microsoft introduced end-to-end encryption for optional meeting modes and rolled out a “privacy spotlight” feature that highlights when a meeting is being recorded. The Melbourne FC call, if it used default settings, would not have had those safeguards.

Best Practices for Securing Sensitive Meetings

This incident serves as a grim lesson for organisations everywhere. While the law catches up, the following steps can dramatically reduce the risk of a similar breach:

  • Adopt a “privacy by design” meeting protocol: Before scheduling any meeting involving personal or confidential information, designate a meeting owner responsible for security. This person should enable the Teams lobby, lock the meeting once all expected participants have joined, and consider using the attendance report to verify attendees.
  • Ban external or covert recording: Implement a strict policy prohibiting any form of unauthorised recording, whether through Teams or external tools. Communicate this policy at the start of every sensitive meeting and include it in employment contracts.
  • Use end-to-end encryption where available: For highly sensitive discussions, choose Teams’ end-to-end encryption option or move the conversation to a more secure platform such as Signal or a dedicated encrypted video conferencing tool.
  • Limit attendee lists: Never invite anyone to a meeting simply for “information.” Each participant should have a clear need-to-know, and plus-ones should be barred unless explicitly approved.
  • Watermark and DLP: For organisations with Microsoft 365 E5 compliance, apply sensitivity labels that prevent copying and force encryption, and consider watermarking meeting content.
  • Training and awareness: Make privacy training a regular part of induction and ongoing professional development. Employees need to understand that a Teams call is not a private chat and that the consequences of a breach can be career-ending.

The Future of Privacy Law in Australia

The Melbourne FC saga will almost certainly accelerate the push for statutory privacy protections. The ALRC’s proposed tort has languished in the political doldrums despite bipartisan support in principle. A high-profile case involving a well-liked sports star and his partner could provide the necessary public pressure to push the legislation over the line.

Parliament is expected to debate a privacy reform bill in the second half of 2026, and insiders suggest that the Melbourne FC incident is being cited in ministerial meetings. If enacted, the new tort would allow individuals to sue for serious invasions of privacy without needing to prove financial loss. Damages could be substantial, and the threat of litigation would fundamentally change how organisations handle personal information.

In the meantime, May and Dade are left in an impossible position. They could pursue existing legal avenues—defamation, breach of confidence, or the uncertain intrusion tort—but each path is legally thorny and emotionally draining. The court of public opinion, however, is already in session. Football fans and privacy advocates alike have condemned the breach, and the club risks a reputational hit that could spill into player recruitment and sponsorship.

Conclusion: More Than “Just a Teams Call”

What happened at Melbourne Football Club on February 5, 2026, is a cautionary tale for the digital age. A virtual meeting, convened with a few clicks and a generic invite link, dismantled the privacy of two individuals in minutes. It exposed the club to legal liability, eroded trust among players, and highlighted the brittle protections that Australian law offers citizens when their private lives are thrust into the digital spotlight.

The incident’s fallout will reverberate far beyond the AFL. Every organisation that uses Microsoft Teams—or any collaboration platform—must reckon with the fact that “just a Teams call” is an invitation to disaster if privacy isn’t baked into every invitation, every recording setting, and every internal policy. The day of reckoning for digital meeting hygiene has arrived, and it wears the colors of a football club in crisis.