Teresa Scassa - Blog

Teresa Scassa and Anca Sattler, “Location-Based Services and Privacy”, forthcoming in (2011) Canadian Journal of Law and Technology

The last decade has seen a rapid growth in the number and variety of location-based services that are available to consumers. These include applications that permit users to call up a variety of different information about their current locations. Location-based services (LBS) also allow individuals to share their location with friends in a wide range of social networking contexts. Location-based services also permit information to be pushed automatically to users based on their location.

Many location-based services offer real benefits to users. Yet LBS raises inevitable user privacy concerns. In some applications, privacy issues will arise between individual users, where, for example, applications permit the tracking of movements of family members, co-workers or “friends”. Location-based services may also result in the collection of a new layer of personal information about consumers by private sector companies. Information about individuals and their movements has meaningful commercial value, and the potential for the collection, use and disclosure of this information is significant. Location-based services also raise the spectre of state surveillance of individual activity – either concurrent with an individual’s movements (tracking), or retrospectively, through searching records of individual patterns of movement.

In this paper we begin by describing location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. We consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues such services raise. We also explore some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations.

In a recent case, Jones v. Tsige, (2011 ONSC 1475) Justice Whittaker of the Ontario Superior Court granted a motion for summary judgment in law suit which the plaintiff had argued that the defendant had invaded her privacy when she accessed her personal banking information 174 times in a 4 year period.  The defendant argued that there was no such action at common law in the province of Ontario.
    The defendant worked for the Bank of Montreal (BMO). She allegedly accessed the plaintiff’s banking information because she was in a relationship with the plaintiff’s ex-husband and wanted to see if he was paying child support to the plaintiff.  The defendant’s actions were eventually noticed by her employer, which disciplined but did not fire her.  Jones then sued Tsige for damages for invasion of privacy and for breach of fiduciary duty.  Justice Whittaker found that no fiduciary duty was owed on the facts.  The dispute turned, then, on whether there was a recognized tort of invasion of privacy in Ontario.
    In reaching the decision that no such tort existed, Justice Whittaker mistakenly indicated that it would have been open to Jones to bring a complaint against Tsige under the Personal Information Protection and Electronic Documents Act (PIPEDA). While that statute might have permitted Jones to bring a complaint against BMO, the statute does not apply to “personal information that the individual collects, uses or discloses for personal or domestic purposes and does not collect, use or disclose for any other purpose.” Here, Tsige was apparently collecting the information for her own personal purposes. The decision is thus based on the erroneous view that Jones could have had the remedy she sought by bringing a complaint under PIPEDA, followed by an application to the Federal Court under s. 14 of that Act for a remedy which could include damages. 
    Justice Whittaker’s misunderstanding of PIPEDA and its scope seems central to the outcome of this case.  Later on, he comments that because of the other statutes that exist to address privacy issues, such as PIPEDA, there was no “legal vacuum that permits wrongs to go unrighted.” (at para 53) As noted above, however, PIPEDA only applies where information is collected, used and disclosed in the course of commercial activity, and it does not apply in a range of other circumstances, including private or domestic contexts.  Invasion of privacy tort cases in those provinces which have created statutory torts frequently arise precisely in the context of disputes between neighbours or family members. (For just a few examples, see: Watts v. Klaemt, Wasserman v. Hall, Lane v. Lane, and Nesbitt v. Neufeld).
Justice Whittaker goes on to note that “[s]tatutory schemes that govern privacy issues are, for the most part, carefully nuanced and designed to balance practical concerns and needs in an industry-specific fashion.” (at para 56) Once again, these comments seem oriented towards the private sector data protection context.  Provincial statutes that establish torts of invasion of privacy (in Newfoundland, Manitoba, Saskatchewan and B.C.) do not duplicate the territory covered by private sector data protection legislation. They create recourse where there is a wilful and intentional violation of a privacy right. 
In reaching his decision, Justice Whittaker also reviewed case law in Ontario on the issue of whether there is a tort of invasion of privacy.  He noted that such a cause of action appears to have been recognized in Saccone v. Orr, (1981) 19 C.C.L.T. 37 (Ont. Cty Ct.), although he distinguished this case by noting that in Saccone the plaintiff had demonstrated actual harm.  Both Somwar v. McDonald’s Restaurants of Canada Ltd and Nitsopoulos v. Wong are cases in which Ontario courts declined to dismiss actions for invasion of privacy on the basis that they did not disclose a reasonable cause of action. The courts in both cases considered that the existence of such a tort was at least arguable.  Justice Whittaker did not take note of Caltagirone v. Scozzari-Cloutier, [2007] O.J. No. 4003 (Ont. Small Claims), a decision which actually recognized the tort.
    In spite of case law suggesting that a tort of invasion of privacy might be emerging at common law, Justice Whittaker chose to consider himself bound by comments of the Ontario Court of Appeal decision in Euteneier v. Lee.  The plaintiff in that case sought damages under the Charter for police conduct related to a strip search. The damages she sought were linked to what she claimed was harm to her privacy and dignity interests.  The Court of Appeal observed that there was no “’free standing’ right to dignity or privacy under the Charter or at common law.” (at para 63)  Justice Whittaker interpreted this comment, decided in a case involving a very different context, to mean that there was no tort of invasion of privacy at common law. 
    The decision is disappointing not just for its failure to recognize a tort law recourse that seems ripe to emerge at common law, but also for the way in which it misrepresents the nature and extent of recourse currently available under data protection statutes.   The decision is currently under appeal.

Teresa Scassa, Theodore Chiasson, Michael Deturbide, Anne Uteck, An Analysis of Legal and Technological Privacy Implications of Radio Frequency Identification Technologies, April 28, 2005.  Report Prepared under the Contributions Program of the Office of the Privacy Commissioner of Canada.

Stephen Coughlan, Robert Currie, Hugh Kindred and Teresa Scassa, Global Reach, Local Grasp: Constructing Extraterritorial Jurisdiction in the Age of Globalization, Prepared for the Law Commission of Canada, May 31, 2006.

Teresa Scassa, Jennifer Chandler and Elizabeth Judge, “Intelligence Gathering and Identification of Data Privacy Issues Arising from the Deployment of Intelligent Transportation Systems Including Vehicle-Infrastructure Integration and Cooperation”, prepared for Transport Canada, March 31, 2009.

“Tort of Invasion of Privacy Recognized in Ontario”, (2007) 5 Can. Privacy L.Rev. 4-5.

“Routine Border Searches of Laptop Computers” (2008) 5:7 Can. Privacy L. Rev. 72-74.

“Resolving the tension between counterfeit and grey goods”, Lawyers Weekly, January 23, 2009, pp. 7, 11.

“Social Networking, Privacy and Civil Litigation: Recent Developments in Canadian Law”, forthcoming in (2011) 7:7 Can. Privacy L. Rev.

"Violence Against Women in Law Schools", (1992), 30 Alberta L.R. 809