Teresa Scassa - Blog

In its unanimous decision in Jones v. Tsige, 2012 ONCA 32, the Ontario Court of Appeal recognized at least one subset of a common law right of action for invasion of privacy. This subset, which the court calls the tort of “intrusion upon seclusion” is one of four privacy-related torts identified by U.S. law professor William L. Prosser in his article “Privacy”((1960), 48 Cal. L.R. 383 at 389), and adopted by the U.S. Restatement (Second of Torts) (2010). Its recognition in this case is described by Justice Sharpe as “an incremental step that is consistent with the role of this court to develop the common law in a manner consistent with the changing needs of society.”(at para 65).

Jones was the ex-spouse of Tsige’s current common law partner. Ostensibly out of a dispute with her partner, and questions about whether he was making child support payments, Jones began checking Tsige’s bank account information, to which she had access as an employee of Tsiges bank, the Bank of Montreal (BMO). The surreptitious checking of financial information occurred on at least 174 occasions over a 4 year period. After Jones voiced her suspicions to BMO, Tsige was confronted and admitted to the conduct and was disciplined by her employer. Jones brought a law suit against Tsige for invasion of privacy, seeking damages in the amount of $70,000 and punitive damages of $20,000. Her case was dismissed by summary judgment on the basis that there was no common law tort of invasion of privacy in Ontario. It was this decision which was appealed to the Court of Appeal.

The Court of Appeal outlined the four privacy-related torts identified by Prosser and adopted by the restatement:

1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.

2. Public disclosure of embarrassing private facts about the plaintiff.

3. Publicity which places the plaintiff in a false light in the public eye.

4. Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness. (reproduced at para. 18 of the Court of Appeal decision).

Justice Sharpe, writing for the unanimous court, noted that the tort of misappropriation of personality was already recognized in Ontario. Rather than recognize a broad tort of invasion of privacy, he chose, on these facts, merely to address the more limited tort of intrusion upon seclusion. Justice Sharpe noted that, in the Restatement, the tort of intrusion upon seclusion “includes physical intrusions into private places as well as listening or looking, with or without mechanical aids, into the plaintiff’s private affairs.” (at para 20).

Justice Sharpe reviewed prior case law from Ontario and noted that other courts had awarded damages for wrongs that involved privacy dimensions without explicitly recognizing a tort of invasion of privacy per se, or had at least declined to dismiss actions for invasion of privacy on the basis that the disclosed no reasonable cause of action. He also canvassed Charter privacy jurisprudence, noting that this case law “identifies privacy as being worthy of constitutional protection and integral to an individual’s relationship with the rest of society and the state.” (at para 39). He noted that “the common law should be developed in a manner consistent with Charter values” (at para 46), and that such an approach would favour the recognition of a right of action for intrusion upon seclusion.

Justice Sharpe next considered the relevance of various pieces of privacy legislation. The court below had expressed the view that the Personal Information Protection and Electronic Documents Act (PIPEDA), provided recourse for persons in the plaintiff’s position, and thus supported the view that the recognition of a tort action was unnecessary. Justice Sharpe corrected this erroneous view, noting that PIPEDA dealt with the information practices of “organizations” engaged in commercial activity, and did not address the particular circumstances that arose in this case (or that might arise in many others). Unfortunately, his reasons were not as complete as they might be on this point, and contain some misapprehensions of the nature and scope of PIPEDA. For example, Justice Sharpe erroneously refers to PIPEDA as “dealing with “organizations” subject to federal jurisdiction and does not speak to the existence of a civil cause of action in the province.” (at para 50). PIPEDA’s scope of application is much broader than just federally-regulated organizations; for example, it applies to all organizations in Ontario that engaged in “commercial activity”. Justice Sharpe also indicates that another reason that recourse under PIPEDA does not suffice is that it does not give a right to damages. This is not true; sections 12 and 14 of PIPEDA give complainants the option of seeking damages before the Federal Court once they have received a report of findings from the Commissioner. But Justice Sharpe is directly on point when he notes that PIPEDA would only have given Jones recourse against BMO, and not against Tsige. This is extremely important; PIPEDA’s scope of application (to organizations engaged in commercial activity) and its express exclusion of application to domestic contexts or where individuals are acting for private purposes (where so many truly egregious violations of privacy occur) mean that PIPEDA is only a very selective data protection tool and not a broad recourse for privacy invasive conduct.

Justice Sharpe also canvasses the four existing provincial statutes that create causes of action for invasion of privacy, as well as case law in the U.S. and commonwealth jurisdictions before arriving at the principles that should guide the newly minted tort in Ontario. He noted that the evolving case law supports the recognition of the new tort, and cited academic authority in support of this view. He then noted the importance of technological change as a driver for the recognition of privacy rights. He observed that “[a]s the facts of this case indicate, routinely kept electronic data bases render our most personal financial information vulnerable.” (at para 67). Similarly, health information databases pose risks, as to the innumerable other digital records we leave in our wake as we carry out our daily activities. He stated: “It is within the capacity of the common law to evolve to respond to the problem posed by the routine collection and aggregation of highly personal information that is readily accessible in electronic form.” (at para 68).

According to Justice Sharpe, the facts before him “cry out for a remedy”. Noting that Tsige’s actions were deliberate and sustained, as well as “shocking”, he observed that “the law of this province would be sadly deficient if we were required to send Jones away without a legal remedy.” (at para 69). He distilled the elements of the tort from the U.S. Restatement and summarized them in these terms:

The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. (at para 71)

However, he cautioned that “given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum.” (at para 71).

Justice Sharpe seems concerned that the tort must be narrowly drawn so as not to open any floodgates of litigation. He cautions that a claim for intrusion upon seclusion “will arise only for deliberate and significant invasions of personal privacy.” (at para 72) He also warns that “Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.” (at para 72) It is not clear that such an enumeration is ultimately helpful; while it does give some sense of the ambit of the tort he envisages, it may also lead overly cautious lower court judges to unduly restrain the parameters of a tort that may need to adapt and respond to our ever-shifting technological environment. Similarly, the standard of “highly offensive” is a tricky one, as is the perspective of the “reasonable” as opposed to the unusually privacy sensitive person.

Justice Sharpe is also sensitive to the need to balance privacy with other potentially competing interests, such as freedom of expression and freedom of the press. Thus, there is no absolute right of privacy, each case will require a contextual examination.

On the issue of damages, Justice Sharpe notes that it is not necessary to establish proof of loss (although it presumably would be open to a plaintiff to do so, had he or she incurred specific quantifiable losses associated with the invasive activity.) Where no proof of specific damages is advanced, Justice Sharpe, after an evaluation of damage awards in a series of cases, sets an upper limit of $20,000. He also distils the following criteria to provide guidance to courts in assessing where on the spectrum (from $0 to $20,000) a damage award should lie. A court should consider:

1. the nature, incidence and occasion of the defendant’s wrongful act;

2. the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;

3. any relationship, whether domestic or otherwise, between the parties;

4. any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong; and

5. the conduct of the parties both before and after the wrong, including any apology or offer of amends made by the defendant. (at para 87)

Aggravated or punitive damages awards are neither precluded nor encouraged, although Justice Sharpe notes that these would only be available in “exceptional cases calling for exceptional remedies.” (at para 88). On the facts before him, he settled on a damage award of $10,000, noting that although the actions were deliberate and repeated, the defendant had apologized and was genuinely remorseful. He also noted that she had not publicized the plaintiff’s financial information, and her actions caused no embarrassment or other public consequences. He declined to award punitive damages. Perhaps surprisingly, he did not award costs to either party, citing the novel issues raised by the case.

Teresa Scassa and Anca Sattler, “Location-Based Services and Privacy”, forthcoming in (2011) Canadian Journal of Law and Technology

The last decade has seen a rapid growth in the number and variety of location-based services that are available to consumers. These include applications that permit users to call up a variety of different information about their current locations. Location-based services (LBS) also allow individuals to share their location with friends in a wide range of social networking contexts. Location-based services also permit information to be pushed automatically to users based on their location.

Many location-based services offer real benefits to users. Yet LBS raises inevitable user privacy concerns. In some applications, privacy issues will arise between individual users, where, for example, applications permit the tracking of movements of family members, co-workers or “friends”. Location-based services may also result in the collection of a new layer of personal information about consumers by private sector companies. Information about individuals and their movements has meaningful commercial value, and the potential for the collection, use and disclosure of this information is significant. Location-based services also raise the spectre of state surveillance of individual activity – either concurrent with an individual’s movements (tracking), or retrospectively, through searching records of individual patterns of movement.

In this paper we begin by describing location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. We consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues such services raise. We also explore some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations.

In a recent case, Jones v. Tsige, (2011 ONSC 1475) Justice Whittaker of the Ontario Superior Court granted a motion for summary judgment in law suit which the plaintiff had argued that the defendant had invaded her privacy when she accessed her personal banking information 174 times in a 4 year period.  The defendant argued that there was no such action at common law in the province of Ontario.
    The defendant worked for the Bank of Montreal (BMO). She allegedly accessed the plaintiff’s banking information because she was in a relationship with the plaintiff’s ex-husband and wanted to see if he was paying child support to the plaintiff.  The defendant’s actions were eventually noticed by her employer, which disciplined but did not fire her.  Jones then sued Tsige for damages for invasion of privacy and for breach of fiduciary duty.  Justice Whittaker found that no fiduciary duty was owed on the facts.  The dispute turned, then, on whether there was a recognized tort of invasion of privacy in Ontario.
    In reaching the decision that no such tort existed, Justice Whittaker mistakenly indicated that it would have been open to Jones to bring a complaint against Tsige under the Personal Information Protection and Electronic Documents Act (PIPEDA). While that statute might have permitted Jones to bring a complaint against BMO, the statute does not apply to “personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” Here, Tsige was apparently collecting the information for her own personal purposes. The decision is thus based on the erroneous view that Jones could have had the remedy she sought by bringing a complaint under PIPEDA, followed by an application to the Federal Court under s. 14 of that Act for a remedy which could include damages. 
    Justice Whittaker’s misunderstanding of PIPEDA and its scope seems central to the outcome of this case.  Later on, he comments that because of the other statutes that exist to address privacy issues, such as PIPEDA, there was no “legal vacuum that permits wrongs to go unrighted.” (at para 53) As noted above, however, PIPEDA only applies where information is collected, used and disclosed in the course of commercial activity, and it does not apply in a range of other circumstances, including private or domestic contexts.  Invasion of privacy tort cases in those provinces which have created statutory torts frequently arise precisely in the context of disputes between neighbours or family members. (For just a few examples, see: Watts v. Klaemt, Wasserman v. Hall, Lane v. Lane, and Nesbitt v. Neufeld).
Justice Whittaker goes on to note that “[s]tatutory schemes that govern privacy issues are, for the most part, carefully nuanced and designed to balance practical concerns and needs in an industry-specific fashion.” (at para 56) Once again, these comments seem oriented towards the private sector data protection context.  Provincial statutes that establish torts of invasion of privacy (in Newfoundland, Manitoba, Saskatchewan and B.C.) do not duplicate the territory covered by private sector data protection legislation. They create recourse where there is a wilful and intentional violation of a privacy right. 
In reaching his decision, Justice Whittaker also reviewed case law in Ontario on the issue of whether there is a tort of invasion of privacy.  He noted that such a cause of action appears to have been recognized in Saccone v. Orr, (1981) 19 C.C.L.T. 37 (Ont. Cty Ct.), although he distinguished this case by noting that in Saccone the plaintiff had demonstrated actual harm.  Both Somwar v. McDonald’s Restaurants of Canada Ltd and Nitsopoulos v. Wong are cases in which Ontario courts declined to dismiss actions for invasion of privacy on the basis that they did not disclose a reasonable cause of action. The courts in both cases considered that the existence of such a tort was at least arguable.  Justice Whittaker did not take note of Caltagirone v. Scozzari-Cloutier, [2007] O.J. No. 4003 (Ont. Small Claims), a decision which actually recognized the tort.
    In spite of case law suggesting that a tort of invasion of privacy might be emerging at common law, Justice Whittaker chose to consider himself bound by comments of the Ontario Court of Appeal decision in Euteneier v. Lee.  The plaintiff in that case sought damages under the Charter for police conduct related to a strip search. The damages she sought were linked to what she claimed was harm to her privacy and dignity interests.  The Court of Appeal observed that there was no “’free standing’ right to dignity or privacy under the Charter or at common law.” (at para 63)  Justice Whittaker interpreted this comment, decided in a case involving a very different context, to mean that there was no tort of invasion of privacy at common law. 
    The decision is disappointing not just for its failure to recognize a tort law recourse that seems ripe to emerge at common law, but also for the way in which it misrepresents the nature and extent of recourse currently available under data protection statutes.   The decision is currently under appeal.

Teresa Scassa, Theodore Chiasson, Michael Deturbide, Anne Uteck, An Analysis of Legal and Technological Privacy Implications of Radio Frequency Identification Technologies, April 28, 2005.  Report Prepared under the Contributions Program of the Office of the Privacy Commissioner of Canada.

Stephen Coughlan, Robert Currie, Hugh Kindred and Teresa Scassa, Global Reach, Local Grasp: Constructing Extraterritorial Jurisdiction in the Age of Globalization, Prepared for the Law Commission of Canada, May 31, 2006.

Teresa Scassa, Jennifer Chandler and Elizabeth Judge, “Intelligence Gathering and Identification of Data Privacy Issues Arising from the Deployment of Intelligent Transportation Systems Including Vehicle-Infrastructure Integration and Cooperation”, prepared for Transport Canada, March 31, 2009.

“Tort of Invasion of Privacy Recognized in Ontario”, (2007) 5 Can. Privacy L.Rev. 4-5.

“Routine Border Searches of Laptop Computers” (2008) 5:7 Can. Privacy L. Rev. 72-74.

“Resolving the tension between counterfeit and grey goods”, Lawyers Weekly, January 23, 2009, pp. 7, 11.

“Social Networking, Privacy and Civil Litigation: Recent Developments in Canadian Law”, forthcoming in (2011) 7:7 Can. Privacy L. Rev.