Many class actions followed Ontario appeal court decision in Jones v. Tsige: Dentons lawyers
It has been 12 years since the Court of Appeal for Ontario recognized the tort of “intrusion upon seclusion” in its decision on Jones v. Tsige, opening the floodgate to class action litigation related to invasion of privacy.
However, lawyers Mike Schafler and Luca Lucarini at Dentons Canada LLP say they have increasingly seen courts narrow the scope of this tort in class action proceedings and are increasingly taking on a “gatekeeping role” in such cases.
Also, claims in these types of lawsuits are now “evolving” beyond data and third-party hacking incidents to address any alleged misuse of private information.
In a note they co-authored, the two lawyers say that courts have determined that a “database defendant” who is also a victim of a third party’s actions (to hack into a company’s client database, for example) is not an “intruder.”
Schafler says the courts “have made it clear that you can no longer sustain a claim of intrusion upon seclusion based on a third-party hack. The issue is that of the third party, not the corporation holding the data.” However, Schafler says the customer victim plaintiffs might make an argument that the corporation was negligent in its custody of the corporation. Still, that would then mean proving financial or other harm. “That’s difficult in a class action setting because you are getting into a lot of individual circumstances.”
What’s more, the two lawyers say, given that the class actions that have been launched have not been thoroughly tested outside of being certified, whether a claim for “intrusion upon seclusion” will be decided on its merits remains to be seen.
“What happened after the Jones decision was a real inclination to certify class proceedings based on the new tort,” says Lucarini. However, in more recent class action cases, courts are “increasingly finding” that there are many cases where, as Jones points out, the infractions “are not crying out for a remedy.” While there may have been a breach of privacy, “the nature of the intrusion was fleeting or carried out for some incidental purpose.”
Lucarini also notes that the public and the courts are increasingly comfortable with the idea that “not every incident affecting personal information is shocking or offensive” and that many people share their information voluntarily. “It’s now just considered part of life.”
Schafler points out that “there was a bit of a vacuum” in Canada before the Jones decision, as no real tort existed that addressed these privacy issues.”
The details of Jones v. Tsige involved two women who worked at different branches of the same bank, with Jones holding her primary account at her branch. The two did not know or work with each other. However, Tsige was in a relationship with Jones’ ex-husband. For about four years, Tsige used her work computer to access Jones’ bank accounts at least 174 times. The information displayed included transaction details and personal information, such as date of birth, marital status and address. Tsige did not publish, distribute or record the information in any way.
Jones became suspicious that Tsige was accessing her account and complained to the bank. When the bank confronted Tsige, she admitted she had looked at Jones’ banking information. She understood it was contrary to the bank’s code of business conduct and ethics and her professional responsibility. Tsige explained throughout the litigation that she was involved in a financial dispute with Jones’ ex and had accessed the accounts merely to confirm whether he was paying child support to Jones.
Jones sued for breach of privacy. The motion judge granted summary judgment and dismissed the claim for damages, ruling Ontario did not recognize a cause of action for invasion of privacy. The matter came before the Court of Appeal, which allowed the appeal and recognized the cause of action.
The Ontario appeal court considered Canadian jurisprudence and found that it had left open the possibility of a cause of action based on a tort of intrusion upon seclusion. The Court of Appeal specifically considered Charter jurisprudence and found that it had recognized an interest in “informational privacy.”
The Jones decision also pointed out that five provinces at the time (BC, Manitoba, Saskatchewan, Québec, Newfoundland and Labrador) had enacted open-ended legislation establishing a limited right of action for invasion of privacy.
As a result, the appeal court recognized the tort of intrusion upon seclusion, noting that common law has a duty to respond to the breakneck pace of technological change that could lead to an invasion of privacy.
The court found that Tsige’s actions had been “deliberate, prolonged and shocking” and that any person in Jones’ position would have been “profoundly disturbed.” Also, Ontario’s laws would be “sadly deficient” if plaintiff Jones had no legal remedy.
Schafler says that the Ontario appeal court in Jones leaned on what has happened in US law, which has recognized the tort of intrusion upon seclusion for many years. The decision incorporated elements of how American courts have dealt with the issue.
One example, he says, is how the Ontario appeal court looked at how the tort was dealt with south of the border to deem what elements were necessary to establish the tort in Canada, using three principles:
However, the appeal court expressly held that “proof of harm to a recognized economic interest is not an element of the cause of action” and that “given the intangible nature of the interest protected,” damages would ordinarily be measured by a “modest conventional sum.”
Schafler adds the court went on to note that a claim for intrusion upon seclusion would arise “only for deliberate and significant invasions of personal privacy” and that claims from those who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.
In the court’s view, Schafler said, based on previous academic literature, common law jurisprudence and relevant legislation, damages for intrusion upon seclusion were a species of symbolic or moral damages to be fixed at a maximum of $20,000.
Schafler says the decision makes it clear that “you don’t get to be nosy at my expense,” even if no harm resulted from the breach of privacy, even if there is no harm other than the moral injury of having your privacy violated. However, the damages should be moderate.
Still, the Jones case has prompted a slew of privacy class actions, with at least 40 actions launched since. Excluding six decisions approving certification for settlement or otherwise on consent, 18 have been certified to include the tort, while 17 have not been certified. Of those not granted certification, 11 refusals occurred in the last two years.
The tendency to certify in the first years after Jones established the tort came because the bar for certification is low, Lucarini says, and secondly, courts initially took the position that the tort was new and in need of development.
These two factors combined initially created an environment where many claims were certified. However, the paucity of decisions on the merits of those claims led to little substantive development of the doctrine.
More recently, however, courts have begun to scrutinize claims for intrusion upon seclusion more closely and exercise a gatekeeping function to weed out unmeritorious claims at the certification stage.
The courts have seen their duty as screening out “abusive” or “unmeritorious fishing expeditions.” They look at whether a claim raised the “legitimate possibility” that the proposed common issues could be answered in the plaintiff’s favour.
Schafler and Lucarini say the decisions after Jones illustrate the “increasing skepticism” of courts towards evidence advanced by plaintiffs in support of claims for intrusion upon seclusion.