Teresa Scassa - Blog

On March 7, 2012, counsel for Tory cabinet Minister Vic Toews made an ex parte application for a court order that would compel the Registrar of the Manitoba Court of Queen’s bench to disclose any logs or requisition forms that would reveal the identities of anyone who had applied to view the files relating to Mr. Toews divorce proceedings. The application made reference to the fact that persons unknown had accessed the files, made copies of some of the documents, and posted them on the Internet. These acts had taken place during the so-called “Vikileaks” scandal; the person who disclosed the information was allegedly responding to the government’s lawful access bill before Parliament which critics have claimed could lead to unprecedented forms and levels of state surveillance of Canadians’ Internet activities. Mr. Toews had attracted a great deal of negative media attention leading up to the Vikileaks scandal when he publicly stated that a critic of the bill could either stand with the government or stand with the child pornographers.

The open courts principle in Canada means that not only the decisions of courts are available to the public, but that court hearings take place in public and that court records may also be consulted by members of the public. There are limits, of course. In appropriate circumstances courts may seal files, limit access to hearings, or place bans on the publication of all or some aspects of court proceedings. The person or persons who accessed the Toews divorce files were within their rights to do so.

The Justice Saull of the Manitoba Court of Queen’s bench granted the application and ordered the Registrar to disclose the information sought by counsel for Toews. This very troubling decision is brief, and offers no explanation of the basis for the order.

Ex parte proceedings are inherently non-adversarial; the opposing party, or the affected party, is not present to participate in the hearing or to provide their own perspective or arguments. In proceedings where an applicant (often seeking to launch a defamation suit) seeks a court order to compel disclosure of the identity of a person who has anonymously posted allegedly defamatory material about them on the Internet, courts have insisted that the applicant meet a stringent test in order to justify the violation of the privacy of the person engaged in the internet communications, and to justify compelling a third party to disclose information that they must otherwise keep in confidence. The elements of this test require the court to assess:

(i) Whether the applicant has provided evidence sufficient to raise a valid, bona fide or reasonable claim;

(ii) Whether the applicant has established a relationship with the third party from whom the information is sought such that it establishes that the third party is somehow involved in the acts complained of;

(iii) Whether the third party is the only practicable source of the information available;

(iv) Whether the third party can be indemnified for costs to which the third party may be exposed because of the disclosure, some [authorities] refer to the associated expenses of complying with the orders, while others speak of damages; and

(v) Whether the interests of justice favour the obtaining of the disclosure.

None of these elements appear to have been considered in this case. Significantly, the applicant did not even allege that any legal wrong, such as defamation, was committed. The brief merely stated that the applicant “had a vital interest in knowing who accessed his personal affairs and published them on the interest [sic] as “retribution” for his fulfilling his mandate as a member of Her Majesty’s government.”

The lack of reasons for the decision to order the release of the information is troubling not just because the issues are important and deserve some articulation. The lack of reasons could also be taken as an acceptance of the assertions advanced by the applicant. Among these is the assertion that “there can be no privacy interests in filing a requisition to view a public document. Nor can there be public policy reasons to provide anonymity to persons who do this.”

Both of these assertions deserve closer scrutiny, something which was not permitted by the ex parte nature of these proceedings. Although Manitoba’s Freedom of Information and Protection of Privacy Act does not apply to “information in a court record”, the names of individuals who have requested access to court documents from the Registrar do not constitute information in a court record. This is information collected by the Registrar regarding access to records under their custody. Under the FOIPP Act, a public body (here the Registrar) may only disclose the personal information it collects in limited circumstances. This would seem, from the outset, to counter the argument that there is no privacy interest in this information. The Registrar is a public body with an obligation to protect and limit disclosure of the personal information which it collects; citizens have an expectation that this obligation will be met in accordance with the terms of the law.

The assertion that there are no “public policy reasons to provide anonymity” to persons who file requisitions to view public documents is quite simply baseless. There is no question of anonymity; individuals are required to provide their name when they access the information. The name becomes part of a record maintained by the institution. The issue is whether other people have any entitlement to access this information. Keep in mind that this information is not about the court proceedings themselves and has nothing to do with the open courts principle. It is information about the personal or professional interest taken by individuals in different court proceedings. Quite apart from the Registrar’s obligation to protect the personal information which it collects from individuals in this manner, one might ask what public interest is served by making such lists presumptively public; and whether a greater public interest is served by protecting individuals from undue scrutiny about what they choose to read.

It would seem that the issue comes down to the same one that arises in Internet defamation suits: under what circumstances should a court order access to records in the hands of third parties in which there is a privacy interest. The test for a Norwich order sets some important guidelines in order to avoid abuse. Perhaps most significantly, it asks whether the applicant has provided sufficient evidence to establish that they have suffered a legal wrong for which they are seeking redress. In this case nothing in the applicant’s brief alleges a legal wrong has been committed, or that legal action is even contemplated by the applicant.

The result in this case is that a Minister of the Crown successfully persuaded a court in an ex parte application which featured no concrete legal arguments and provided no evidence of a legal wrong, to disclose the names of individuals who had sought access to public court records (something which we are all entitled to do under the open courts principle). Although the brief alleges that access to the divorce records had been sought by the unnamed individual for “retribution” against the Minister, the fact that the brief makes no argument about any actual legal proceedings in relation to which the names are sought itself raises the spectre of retribution. Although the issue is one that potentially affects all court records, in this case, the power imbalance between a Minister of the Crown and any citizens who may have chosen to access these records for their own purposes is quite stark. There are much bigger public policy issues at play here and the public interest was not well served by this court decision.

In its unanimous decision in Jones v. Tsige, 2012 ONCA 32, the Ontario Court of Appeal recognized at least one subset of a common law right of action for invasion of privacy. This subset, which the court calls the tort of “intrusion upon seclusion” is one of four privacy-related torts identified by U.S. law professor William L. Prosser in his article “Privacy”((1960), 48 Cal. L.R. 383 at 389), and adopted by the U.S. Restatement (Second of Torts) (2010). Its recognition in this case is described by Justice Sharpe as “an incremental step that is consistent with the role of this court to develop the common law in a manner consistent with the changing needs of society.”(at para 65).

Jones was the ex-spouse of Tsige’s current common law partner. Ostensibly out of a dispute with her partner, and questions about whether he was making child support payments, Jones began checking Tsige’s bank account information, to which she had access as an employee of Tsiges bank, the Bank of Montreal (BMO). The surreptitious checking of financial information occurred on at least 174 occasions over a 4 year period. After Jones voiced her suspicions to BMO, Tsige was confronted and admitted to the conduct and was disciplined by her employer. Jones brought a law suit against Tsige for invasion of privacy, seeking damages in the amount of $70,000 and punitive damages of $20,000. Her case was dismissed by summary judgment on the basis that there was no common law tort of invasion of privacy in Ontario. It was this decision which was appealed to the Court of Appeal.

The Court of Appeal outlined the four privacy-related torts identified by Prosser and adopted by the restatement:

1. Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.

2. Public disclosure of embarrassing private facts about the plaintiff.

3. Publicity which places the plaintiff in a false light in the public eye.

4. Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness. (reproduced at para. 18 of the Court of Appeal decision).

Justice Sharpe, writing for the unanimous court, noted that the tort of misappropriation of personality was already recognized in Ontario. Rather than recognize a broad tort of invasion of privacy, he chose, on these facts, merely to address the more limited tort of intrusion upon seclusion. Justice Sharpe noted that, in the Restatement, the tort of intrusion upon seclusion “includes physical intrusions into private places as well as listening or looking, with or without mechanical aids, into the plaintiff’s private affairs.” (at para 20).

Justice Sharpe reviewed prior case law from Ontario and noted that other courts had awarded damages for wrongs that involved privacy dimensions without explicitly recognizing a tort of invasion of privacy per se, or had at least declined to dismiss actions for invasion of privacy on the basis that the disclosed no reasonable cause of action. He also canvassed Charter privacy jurisprudence, noting that this case law “identifies privacy as being worthy of constitutional protection and integral to an individual’s relationship with the rest of society and the state.” (at para 39). He noted that “the common law should be developed in a manner consistent with Charter values” (at para 46), and that such an approach would favour the recognition of a right of action for intrusion upon seclusion.

Justice Sharpe next considered the relevance of various pieces of privacy legislation. The court below had expressed the view that the Personal Information Protection and Electronic Documents Act (PIPEDA), provided recourse for persons in the plaintiff’s position, and thus supported the view that the recognition of a tort action was unnecessary. Justice Sharpe corrected this erroneous view, noting that PIPEDA dealt with the information practices of “organizations” engaged in commercial activity, and did not address the particular circumstances that arose in this case (or that might arise in many others). Unfortunately, his reasons were not as complete as they might be on this point, and contain some misapprehensions of the nature and scope of PIPEDA. For example, Justice Sharpe erroneously refers to PIPEDA as “dealing with “organizations” subject to federal jurisdiction and does not speak to the existence of a civil cause of action in the province.” (at para 50). PIPEDA’s scope of application is much broader than just federally-regulated organizations; for example, it applies to all organizations in Ontario that engaged in “commercial activity”. Justice Sharpe also indicates that another reason that recourse under PIPEDA does not suffice is that it does not give a right to damages. This is not true; sections 12 and 14 of PIPEDA give complainants the option of seeking damages before the Federal Court once they have received a report of findings from the Commissioner. But Justice Sharpe is directly on point when he notes that PIPEDA would only have given Jones recourse against BMO, and not against Tsige. This is extremely important; PIPEDA’s scope of application (to organizations engaged in commercial activity) and its express exclusion of application to domestic contexts or where individuals are acting for private purposes (where so many truly egregious violations of privacy occur) mean that PIPEDA is only a very selective data protection tool and not a broad recourse for privacy invasive conduct.

Justice Sharpe also canvasses the four existing provincial statutes that create causes of action for invasion of privacy, as well as case law in the U.S. and commonwealth jurisdictions before arriving at the principles that should guide the newly minted tort in Ontario. He noted that the evolving case law supports the recognition of the new tort, and cited academic authority in support of this view. He then noted the importance of technological change as a driver for the recognition of privacy rights. He observed that “[a]s the facts of this case indicate, routinely kept electronic data bases render our most personal financial information vulnerable.” (at para 67). Similarly, health information databases pose risks, as to the innumerable other digital records we leave in our wake as we carry out our daily activities. He stated: “It is within the capacity of the common law to evolve to respond to the problem posed by the routine collection and aggregation of highly personal information that is readily accessible in electronic form.” (at para 68).

According to Justice Sharpe, the facts before him “cry out for a remedy”. Noting that Tsige’s actions were deliberate and sustained, as well as “shocking”, he observed that “the law of this province would be sadly deficient if we were required to send Jones away without a legal remedy.” (at para 69). He distilled the elements of the tort from the U.S. Restatement and summarized them in these terms:

The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. (at para 71)

However, he cautioned that “given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum.” (at para 71).

Justice Sharpe seems concerned that the tort must be narrowly drawn so as not to open any floodgates of litigation. He cautions that a claim for intrusion upon seclusion “will arise only for deliberate and significant invasions of personal privacy.” (at para 72) He also warns that “Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.” (at para 72) It is not clear that such an enumeration is ultimately helpful; while it does give some sense of the ambit of the tort he envisages, it may also lead overly cautious lower court judges to unduly restrain the parameters of a tort that may need to adapt and respond to our ever-shifting technological environment. Similarly, the standard of “highly offensive” is a tricky one, as is the perspective of the “reasonable” as opposed to the unusually privacy sensitive person.

Justice Sharpe is also sensitive to the need to balance privacy with other potentially competing interests, such as freedom of expression and freedom of the press. Thus, there is no absolute right of privacy, each case will require a contextual examination.

On the issue of damages, Justice Sharpe notes that it is not necessary to establish proof of loss (although it presumably would be open to a plaintiff to do so, had he or she incurred specific quantifiable losses associated with the invasive activity.) Where no proof of specific damages is advanced, Justice Sharpe, after an evaluation of damage awards in a series of cases, sets an upper limit of $20,000. He also distils the following criteria to provide guidance to courts in assessing where on the spectrum (from $0 to $20,000) a damage award should lie. A court should consider:

1. the nature, incidence and occasion of the defendant’s wrongful act;

2. the effect of the wrong on the plaintiff’s health, welfare, social, business or financial position;

3. any relationship, whether domestic or otherwise, between the parties;

4. any distress, annoyance or embarrassment suffered by the plaintiff arising from the wrong; and

5. the conduct of the parties both before and after the wrong, including any apology or offer of amends made by the defendant. (at para 87)

Aggravated or punitive damages awards are neither precluded nor encouraged, although Justice Sharpe notes that these would only be available in “exceptional cases calling for exceptional remedies.” (at para 88). On the facts before him, he settled on a damage award of $10,000, noting that although the actions were deliberate and repeated, the defendant had apologized and was genuinely remorseful. He also noted that she had not publicized the plaintiff’s financial information, and her actions caused no embarrassment or other public consequences. He declined to award punitive damages. Perhaps surprisingly, he did not award costs to either party, citing the novel issues raised by the case.

Teresa Scassa and Anca Sattler, “Location-Based Services and Privacy”, forthcoming in (2011) Canadian Journal of Law and Technology

The last decade has seen a rapid growth in the number and variety of location-based services that are available to consumers. These include applications that permit users to call up a variety of different information about their current locations. Location-based services (LBS) also allow individuals to share their location with friends in a wide range of social networking contexts. Location-based services also permit information to be pushed automatically to users based on their location.

Many location-based services offer real benefits to users. Yet LBS raises inevitable user privacy concerns. In some applications, privacy issues will arise between individual users, where, for example, applications permit the tracking of movements of family members, co-workers or “friends”. Location-based services may also result in the collection of a new layer of personal information about consumers by private sector companies. Information about individuals and their movements has meaningful commercial value, and the potential for the collection, use and disclosure of this information is significant. Location-based services also raise the spectre of state surveillance of individual activity – either concurrent with an individual’s movements (tracking), or retrospectively, through searching records of individual patterns of movement.

In this paper we begin by describing location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. We consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues such services raise. We also explore some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations.

In a recent case, Jones v. Tsige, (2011 ONSC 1475) Justice Whittaker of the Ontario Superior Court granted a motion for summary judgment in law suit which the plaintiff had argued that the defendant had invaded her privacy when she accessed her personal banking information 174 times in a 4 year period.  The defendant argued that there was no such action at common law in the province of Ontario.
    The defendant worked for the Bank of Montreal (BMO). She allegedly accessed the plaintiff’s banking information because she was in a relationship with the plaintiff’s ex-husband and wanted to see if he was paying child support to the plaintiff.  The defendant’s actions were eventually noticed by her employer, which disciplined but did not fire her.  Jones then sued Tsige for damages for invasion of privacy and for breach of fiduciary duty.  Justice Whittaker found that no fiduciary duty was owed on the facts.  The dispute turned, then, on whether there was a recognized tort of invasion of privacy in Ontario.
    In reaching the decision that no such tort existed, Justice Whittaker mistakenly indicated that it would have been open to Jones to bring a complaint against Tsige under the Personal Information Protection and Electronic Documents Act (PIPEDA). While that statute might have permitted Jones to bring a complaint against BMO, the statute does not apply to “personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” Here, Tsige was apparently collecting the information for her own personal purposes. The decision is thus based on the erroneous view that Jones could have had the remedy she sought by bringing a complaint under PIPEDA, followed by an application to the Federal Court under s. 14 of that Act for a remedy which could include damages. 
    Justice Whittaker’s misunderstanding of PIPEDA and its scope seems central to the outcome of this case.  Later on, he comments that because of the other statutes that exist to address privacy issues, such as PIPEDA, there was no “legal vacuum that permits wrongs to go unrighted.” (at para 53) As noted above, however, PIPEDA only applies where information is collected, used and disclosed in the course of commercial activity, and it does not apply in a range of other circumstances, including private or domestic contexts.  Invasion of privacy tort cases in those provinces which have created statutory torts frequently arise precisely in the context of disputes between neighbours or family members. (For just a few examples, see: Watts v. Klaemt, Wasserman v. Hall, Lane v. Lane, and Nesbitt v. Neufeld).
Justice Whittaker goes on to note that “[s]tatutory schemes that govern privacy issues are, for the most part, carefully nuanced and designed to balance practical concerns and needs in an industry-specific fashion.” (at para 56) Once again, these comments seem oriented towards the private sector data protection context.  Provincial statutes that establish torts of invasion of privacy (in Newfoundland, Manitoba, Saskatchewan and B.C.) do not duplicate the territory covered by private sector data protection legislation. They create recourse where there is a wilful and intentional violation of a privacy right. 
In reaching his decision, Justice Whittaker also reviewed case law in Ontario on the issue of whether there is a tort of invasion of privacy.  He noted that such a cause of action appears to have been recognized in Saccone v. Orr, (1981) 19 C.C.L.T. 37 (Ont. Cty Ct.), although he distinguished this case by noting that in Saccone the plaintiff had demonstrated actual harm.  Both Somwar v. McDonald’s Restaurants of Canada Ltd and Nitsopoulos v. Wong are cases in which Ontario courts declined to dismiss actions for invasion of privacy on the basis that they did not disclose a reasonable cause of action. The courts in both cases considered that the existence of such a tort was at least arguable.  Justice Whittaker did not take note of Caltagirone v. Scozzari-Cloutier, [2007] O.J. No. 4003 (Ont. Small Claims), a decision which actually recognized the tort.
    In spite of case law suggesting that a tort of invasion of privacy might be emerging at common law, Justice Whittaker chose to consider himself bound by comments of the Ontario Court of Appeal decision in Euteneier v. Lee.  The plaintiff in that case sought damages under the Charter for police conduct related to a strip search. The damages she sought were linked to what she claimed was harm to her privacy and dignity interests.  The Court of Appeal observed that there was no “’free standing’ right to dignity or privacy under the Charter or at common law.” (at para 63)  Justice Whittaker interpreted this comment, decided in a case involving a very different context, to mean that there was no tort of invasion of privacy at common law. 
    The decision is disappointing not just for its failure to recognize a tort law recourse that seems ripe to emerge at common law, but also for the way in which it misrepresents the nature and extent of recourse currently available under data protection statutes.   The decision is currently under appeal.

Teresa Scassa, Theodore Chiasson, Michael Deturbide, Anne Uteck, An Analysis of Legal and Technological Privacy Implications of Radio Frequency Identification Technologies, April 28, 2005.  Report Prepared under the Contributions Program of the Office of the Privacy Commissioner of Canada.

Stephen Coughlan, Robert Currie, Hugh Kindred and Teresa Scassa, Global Reach, Local Grasp: Constructing Extraterritorial Jurisdiction in the Age of Globalization, Prepared for the Law Commission of Canada, May 31, 2006.

Teresa Scassa, Jennifer Chandler and Elizabeth Judge, “Intelligence Gathering and Identification of Data Privacy Issues Arising from the Deployment of Intelligent Transportation Systems Including Vehicle-Infrastructure Integration and Cooperation”, prepared for Transport Canada, March 31, 2009.

“Tort of Invasion of Privacy Recognized in Ontario”, (2007) 5 Can. Privacy L.Rev. 4-5.

“Routine Border Searches of Laptop Computers” (2008) 5:7 Can. Privacy L. Rev. 72-74.

“Resolving the tension between counterfeit and grey goods”, Lawyers Weekly, January 23, 2009, pp. 7, 11.