Limiting claims for breach of privacy?
August 11, 2021
Privacy rights are fundamentally important. This has been confirmed by the Supreme Court of Canada in Douez v. Facebook, Inc where privacy rights are described as having “quasi-constitutional status”. That decision dealt with claims of breaches of British Columbia’s Privacy Act, not common law claims for damages in tort.
In the leading case defining the extent of the tort of “intrusion upon seclusion”, which is Ontario’s (and, it appears Canada’s) answer to damages for privacy breaches, Jones v. Tsige, the Ontario Court of Appeal intentionally took a narrow view of who could be sued. Only persons who intentionally intruded upon privacy could be successfully sued.
In the years since, victims of privacy breaches have made efforts to expand the scope, mostly unsuccessfully. The few successes have mainly been limited to decisions by a single motion judge deciding to allow a case to proceed to trial.
The Divisional Court, Ontario’s intermediate appeal court, recently considered another requested expansion in Owsianik v. Equifax Canada Co. This is the proposed class action against the leading credit reporting agency arising out of a hacker accessing private data belonging to millions of consumers. The certification judge allowed the claim of intrusion upon seclusion to continue, even though it was based upon allegations that Equifax was reckless in allowing the hacker to compromise their system security.
The three judges of the Divisional Court released a split decision, ruling 2-1 to overturn the certification of that part of the claim.
The majority were of the opinion that the signal by the court of Appeal in Jones was both a recent and clear indication against expanding the tort to include reckless, rather than intentional, conduct. They also relied upon the fact that in this particular case, the allegations include traditional claims of negligence which includes recklessness. If proven, the negligence claim will compensate the claimants, so, they say, no redefined tort specifically expanding privacy rights is required.
The majority disagreed with most of the earlier cases were individual judges would have allowed expanded claims to proceed. The exception involved a case of intentional intrusion of a different sort than in Jones.
The dissenting judge would have allowed the claim to proceed, because whether it eventually succeeds or not, the limits of the tort ought to be allowed to expand in response to new threats created by evolving technology based upon Douez v. Facebook, Inc.
This decision may ultimately be considered by the Court of Appeal, or even the Supreme Court. Until that time, however, it is likely to have a chilling effect upon the protection of privacy rights.
Despite this, if your privacy has been violated, you ought to consult a lawyer to find out whether or not you have a claim worth pursuing. As noted in the Equifax case, even if the tort of inclusion upon seclusion does not apply, you may still have a remedy.