Did We Get The Right Privacy Tort?
Note from the Editor:
The upcoming IAPP Canada Privacy Symposium will feature insights from some of the nation's top privacy experts and officials. Among several topics, the breakout session Trendspotting: Privacy Litigation in 2013 will offer insight into current and evolving trends in Canadian privacy law.
As Canadian privacy professionals will know, 2012 saw a significant development in Canadian tort law with respect to privacy. While some lower courts have recognized an “invasion of privacy” tort or said there might be one, higher courts refused to countenance the existence of such a tort until the Ontario Court of Appeal did so in Jones v. Tsige.
In Jones, the court recognized the tort of “intrusion upon seclusion”—one of the four types of torts catalogued by William Prosser in his famous 1960 article. As defined by the Ontario Court of Appeal, the tort has three specific elements: (i) intentional or reckless conduct on the part of the defendant that (ii) resulted, without lawful justification, in an invasion of the plaintiff's private affairs (iii) such that a reasonable person would regard the invasion as “highly offensive,” causing distress, humiliation or anguish. The “reasonable person” test is intended to avoid claims based on the plaintiff’s subjective sensitivity or concern.
Looking at American tort law and Canadian Charter cases, one can see this test being eventually based on a totality of the circumstances. This means an examination of “means” and “purpose” and suggests courts will engage in some type of balancing exercise. All good, but, in this day and age, is this tort of intrusion upon seclusion enough?
I pose this question because our ability to prevent the misuse of information about ourselves is getting harder—even with privacy statutes. We live in a world where “surreptitious genetic testing” and “revenge porn” are not TV plotlines and where the latest thing to be hyped is “Big Data.” Just when you think we’ve got it all figured out, another disruptive technology will come along.
In terms of privacy protection, the concept of “highly offensive” may be troubling for courts looking to apply Jones. Don’t take my word on it. Lord Nicholls of the UK’s House of Lords, in the 2004 case of Campbell v. MGN Limited, addressed the use of “highly offensive”:
“This particular formulation should be used with care, for two reasons. First, the 'highly offensive' phrase is suggestive of a stricter test of private information than a reasonable expectation of privacy. Second, the 'highly offensive' formulation can all-too-easily bring into account, when deciding whether the disclosed information was private, considerations which go more properly to issues of proportionality, for instance, the degree of intrusion into private life and the extent to which publication was a matter of proper public concern. This could be a recipe for confusion.”
Complicating matters is the fact that different generations appear to have different notions of privacy and that may eventually play into what constitutes a “reasonable expectation of privacy” since societal values form a foundation for an “objective” standard.
The House of Lords went in a different direction—one based, in part, on an aspect of UK Human Rights Act and, in part, on previous common law cases involving the tort of “breach of confidence.” The result was the recognition of the tort “misuse of private information.” As defined in Campbell and the 2008 case of Murry v Big Pictures (UK) Ltd, a misuse of private information occurs if (i) the plaintiff can prove that they had a “reasonable expectation of privacy” in relation to the information, and (ii) the defendant cannot prove there was a justification for the disclosure of the information—for example, an overriding “public interest.”
While Jones certainly advances Canadian privacy law, and leaving aside whatever may happen in the advancement of privacy statutes, it’s not clear that the tort of intrusion upon seclusion will be enough to deal with privacy in the 21st century. Please keep in mind that today we have greater private and public surveillance, easier access to collection technologies, the content delivery vehicle that is the Internet and, with more and more data breaches reported, an apparent inability to protect data. Instead of the focus being on collection through “intrusion upon seclusion,” we may wish to think about shifting the focus to the “use” of personal information. If tort law is going to be another tool to protect privacy, we may yet need a new and different tort.
About the Author
Michael Power is a lawyer and consultant providing legal, policy and governance advice to public- and private-sector organizations in Canada, the U.S. and Europe. He is the author of Halsbury’s Laws of Canada—Access to Information and Privacy and co-author of Sailing in Dangerous Waters: A Director’s Guide to Data Governance published by the American Bar Association. His latest book, The Law Of Privacy, will be published by LexisNexis in June 2013. He is a member of the Law Society of Upper Canada and the Nova Scotia Barristers’ Society and currently serves as an Adjunct Professor at Osgoode Hall Law School.