BCCA finds statutory right of access to personal health information too broad

On April 24th, the Court of Appeal for British Columbia held that section 96(1) of the British Columbia Child, Family and Community Service Act infringes the Charter right against unreasonable search and seizure.

Section 96(1) gives British Columbia directors of child protection a right of access to information in the custody or control of public bodies, including health care bodies. Although for child protection purposes in the main, section 96(1) is worded broadly as follows:

96 (1)   A director has the right to any information that

(a)     is in the custody or control of a public body as defined in the Freedom of Information and Protection of Privacy Act, and

(b)     is necessary to enable the director to exercise [their] powers or perform [their] duties or functions under this Act.

The Court held that “necessity,” in particular given section 96(1)’s child protection purpose, imposes only a limited restriction – confining the right of access to “any information in the custody or control of a public body that the ‘“’Director considers necessary.'”

Interpreted as such, and based on a balancing of parents’ interest in informational privacy against the competing state interest in protecting children from harm, the Court held that section 96(1) was unreasonable.

The Court held that the application judge erred by focusing to heavily on the manner of intrusion – which does not invite an intrusion upon the body, entry into a private dwelling or ongoing surveillance – without giving due weight to the sensitivity of the information at issue. It said:

In applying the second Goodwin factor, a judge must consider not only the extent to which a particular methodology directly engages with the target of the search or seizure and interferes with their bodily integrity or personal surroundings, but the impact of the state action on their reasonable expectations of privacy in light of the nature of the items or information involved. In his earlier-cited article, Professor Penney describes the intrusiveness analysis in this manner: it is an assessment of the “degree to which [the search or seizure] discloses intimate personal information or compromises dignity, autonomy, or bodily integrity”: at p. 96, emphasis added. I agree.

The Court also held that the application judge erred in finding that section 96(1) has sufficient safeguards. Importantly, it said that prior judicial authorization or prior notice is not required to meet section 8’s standard of reasonableness, but held that section 96(1) lacks other features that renders it unreasonable. The Court (oddly) criticized the clarity of section 96(1) and suggested that the province replace the necessity requirement with a reasonableness requirement (?). More plainly, the Court said that the province must at least provide for after the fact notice and a meaningful oversight mechanism.

The Court declared section 96(1) to be of no force an effect to the extent that it authorizes the production of personal information, suspended the declaration for 12 months and ordered that the declaration be prospective only.

T.L. v. British Columbia (Attorney General), 2023 BCCA 167 (CanLII).

Hat tip to Ian Mackenzie.

No Charter-protected expectation of privacy in vehicle operation data

On July 20th, the Court of Appeal for Saskatchewan held that an accused person who drove his pickup truck through a highway intersection and stuck a semi-truck did not have a reasonable expectation of privacy that precluded the police from seizing a control module and its data from his vehicle before it was towed away.

The accident was horrible. There were six people in the truck with the accused, three of whom died, two of whom were children. The police charged the accused with dangerous driving and criminal negligence, and the prosecution relied on evidence retrieved from the wrecked pickup truck at the scene of the accident. Specifically, the police seized the truck’s Airbag Control Module (ACM) from under the driver’s seat. The ACM contained an Event Data Recorder (EDR) with data about the vehicle’s operation during the five seconds before impact in tenth of a second intervals – specifically, speed, accelerator pedal (% full), manifold pressure and service brake (on/off), seatbelt pretensioner readings, airbag deployment readings.

There are competing lines of Canadian jurisprudence regarding the warrantless seizure of on board vehicle computers and their data. The leading Ontario case is Hamilton, a Ontario Superior Court of Justice case that recognizes a reasonable expectation of (informational) privacy. In Yogeswaran, though, the Ontario Superior Court of Justice held that the territorial privacy interest in one’s vehicle is enough to preclude police search and seizure without prior judicial authorization.

Conversely, in Fedan, the Court of Appeal for British Columbia held that one’s territorial privacy interest in their vehicle is extinguished when the vehicle is seized and that EDR data is not associated with a strong enough informational privacy interest to warrant Charter protection.

The Court of Appeal for Saskatchewan followed Fedan. It reasoned that the accused’s truck, being totally destroyed on the side of a public roadway, was in the total control of the police whether or not it was yet to be formally seized based on section 489(2) of the Criminal Code. It concluded:

…the claim to a territorial privacy interest by Mr. Major in that component of his vehicle is weak. While a warrant could have been obtained, that does not mean one was required. I find that the state of the vehicle, Mr. Major’s loss of control over it, the nature of the ACM as a mechanical safety component installed by the manufacturer, and the focused task by Cpl. Green in locating and removing only it, do not support the continued existence of an objectively reasonable territorial privacy interest at the point when the vehicle was entered

Regarding informational privacy, the Court made the point that not all digital evidence is equally sensitive or revealing of one’s “biographical core.” EDR data of the kind at issue is limited to data about the operation of a vehicle immediately before an accident, and provides no “longer-term information about the driving habits of the owner or operator of a vehicle.” The Court concluded:

After considering the two lines of cases regarding EDR data, I find myself in substantial agreement with the reasoning from Fedan for the characterization of the data stored in the EDR. As in Fedan, the data here “contained no intimate details of the driver’s biographical core, lifestyle or personal choices, or information that could be said to directly compromise his ‘dignity, integrity and autonomy’” (at para 82, quoting Plant at 293). It revealed no personal identifiers or details at all. It was not invasive of Mr. Major’s personal life. The anonymous driving data disclosed virtually nothing about the lifestyle or private decisions of the operator of the Dodge Ram pickup. It is hard to conceive that Mr. Major intended to keep his manner of driving private, given that the other occupants of the vehicle – which included an adult employee – and complete strangers, who were contemporaneously using the public roadways or adjacent to it, could readily observe him. His highly regulated driving behaviour was “exposed to the public” (Tessling at para 47), although not to the precise degree with which the limited EDR data, as interpreted by the Bosch CDR software, purports to do. While it is only a small point, I further observe that a police officer on traffic patrol would have been entitled to capture Mr. Major’s precise speed on their speed detection equipment without raising any privacy concerns.

R v Major, 2022 SKCA 80 (CanLII).

Appellate court’s decision on teachers’ privacy rights in Ontario

I’ve stuck my neck out in the BLG Insights article linked below in saying that the Court of Appeal for Ontario got a recent school search case wrong. Privacy claims are unpredictable, and can hook on ideas held by decision-makers in a way that impedes common sense outcomes. This is one of those cases in my view, and does harm to security and safety on a number of levels.

Practically, Ontario organizations ought to be addressing the very subject matter of this case in preparation for an October legislative change that will require workplace monitoring policies. The new legislation doesn’t change the right to “monitor,” but organizations shouldn’t view their policies as neutral. Rather, advocacy in support of several essential organizational interests should be embedded in that policy so clear need for balance is established from the start.

https://www.blg.com/en/insights/2022/07/appellate-courts-decision-on-teachers-privacy-rights-in-ontario

ABCA says no reasonable expectation of privacy in IP addresses

On June 13th, a majority of the Court of Appeal of Alberta held that an IP address alone is not subject to a reasonable expectation of privacy such that it is protected by section 8 of the Charter.

The police had identified a series of fraudulent online transactions and asked a credit card processor for the matching IP addresses. The processor provided the police with two IP addresses, and the police then obtained a production order to require Telus to identify the two Telus subscribers. Unlike in the leading Supreme Court of Canada case R v Spencer, the police sought prior judicial authorization to identify the subscribers. Did they do wrong, however, by obtaining the IP addresses first?

The majority said “no,” and relied on the protection granted by Spencer in finding that there was no reasonable expectation of privacy in the IP addresses alone.

In Spencer, police obtained, without judicial authorization, the IP address and its subscriber data. Thus, without a court order, the police believed the following: Matthew Spencer was using the internet to download child pornography at a specifically named address. By contrast, the police here obtained, without judicial authorization, only IP addresses. Based on this abstract information, police believed a person who committed fraud used the IP addresses. They did not know who. They only knew the IP addresses belonged to TELUS and they ascertained this information through a publicly available internet lookup site. To get the name and address of the subscriber, they lawfully served TELUS with a production order. Thus, without a court order, they believed only this: an unknown person using a known IP address was committing fraud from an unknown address.
…
An IP address does not tell police where the IP address is being used or, for that matter, who is using it. Nor is there a publicly available resource from which the police can learn this or other subscriber data. To get the core biographical information such as an address, name, and phone number of the user, the police must obtain and serve a production order on the ISP in accordance with Spencer. That is what the police did here.

The dissenting judge held that, notwithstanding Spencer, IP addresses have investigative value as “digital breadcrumbs” and could be used to discover the identity of an unknown internet user. She held that – from a normative perspective – the Charter ought to apply to the police process of gathering electronic evidence right from the beginning.

R v Bykovets, 2022 ABCA 208 (CanLII).

Man CA – Police can identify driver of rental car via agency

On April 15th, the Court of Appeal for Manitoba held that an accused had no reasonable expectation of privacy in information that a rental car agency provided to the police without a warrant.

The police were investigating a fatal shooting. The shooter was in a rental car that belonged to a specific agency, they knew. When the police asked, the agency identified the co-accused as the renter and the accused as an authorized driver. It also provided their cell phone numbers, drivers license numbers and credit card numbers.

The Supreme Court of Canada decision in Spencer dictates that the PIPEDA allowance for volunteering information to the police does not vitiate one’s expectation of privacy for the purpose of Charter analysis. The Court of Appeal acknowledged this, and as in Spencer, it also held that contract language allowing for the disclosure of personal information as “required or permitted by law” was “of no real assistance.”

However, the Court of Appeal distinguished Spencer on other grounds. Its decision turns on the following key factors:

the rental agreement allowed the agency share information with law enforcement “to take action regarding illegal activities or violations of terms of service”
section 22 of the Manitoba Highway Traffic Act requires agencies to keep a registry of renters that is open to public inspection (even though the registry is to include “particular’s of the [renter’s] drivers license”)
the overall context – i.e., that driving is a highly regulated activity, with one’s identity as an operator of a vehicle being something that is widely known and ought to be widely knowable

Privacy advocates will take issue with the Court’s reliance on the rental agreement term, though the case does rest on two other significant factors, including a provision of Manitoba law that the accused did not challenge. On a quick look, I see that Saskatchewan has the same provision.

R v Telfer, 2021 MBCA 38 (CanLII).

PEICA finds no “search” in interviewing a hacker informant

The headline is sensational, but it aptly describes the issue that the Prince Edward Island Court of Appeal recently addressed in R v Molyneaux. The Court held that the police did not conduct a search (governed by section 8 of the Charter) by interviewing an informant about what she saw when she surreptitiously viewed the accused’s phone.

The police charged the accused with child pornography offences. There was a separate dispute about the seizure of images from the accused’s phone, but the Court of Appeal dealt with the informant’s statement alone. The informant attended the police station for an interview, and told the police that she had viewed numerous pornographic pictures of her child when browsing the accused’s phone. The defence argued that the police conducted a search into the phone by conducting this interview. It relied, in part, on cases that have precluded the police from obtaining private information from commercial actors – namely, R. v. Spencer, 2014 SCC 43 and R. v. Orlandis-Habsburgo, 2017 ONCA 649.

The Court rejected the defence argument, explaining:

Society’s conception of the proper relationship between the investigative branches of the state and the individual surely must allow the police to speak to a witness without prior judicial authorization.

I do not believe that the subject matter of the “search” was Molyneaux’s cell phone or the contents thereof. The police were seeking information that might reveal whether or not a crime occurred, and if so, whether or not they should pursue further investigation. The subject of the search was K.’s memory of what she saw the morning of December 31, 2017.

The Court distinguished Spencer and Orlandis-Habsburgo as matters arising out of the commercial context, in which expectations differ.

R v Molyneaux, 2020 PECA 2 (CanLII).

Ont CA – reasonable expectation of privacy turns on potential for secondary use

The Court of Appeal for Ontario issued a judgement yesterday that highlights the potential for secondary use of collected data as a factor that weighs in favour of privacy protection.

The police swabbed the door handle of a car that was parked in public to test for cocaine residue. The Court found a reasonable expectation of privacy that rendered the search – which was done without judicial authorization – unlawful.

While holding that physical contact with the car was “a factor,” the Court de-emphasized the significance of physical contact with a chattel:

Too narrow a focus on whether there was a trespass to a chattel, and the extent of interference with use of that chattel, could obscure the privacy interests at stake, as here, where the trial judge focused on the fact that the taking of the swabs had no impact on the appellant’s use of the car and was not known to him.

Compare this to the United States Supreme Court finding in United States v Jones, in which a majority held that the trespass committed by police who install a GPS tracking device on a vehicle is the trigger to constitutional privacy protection.

The Court of Appeal for Ontario’s analysis rested more heavily on the potential for using the swab sample for purposes more intrusive than testing for cocaine residue:

These swabs presumably revealed whether the appellant had handled cocaine. I also agree with the observations in Wong, at para. 27, that privacy concerns are heightened because the swabs may also provide DNA samples for analysis by police, even if that is not why they were initially collected, or what they were used for. Patrick concerned police searches of a suspect’s curb-side garbage. Though the police were searching for evidence of drug offences, the potential for collection of DNA was also relevant to the privacy analysis: see para. 30. The court also expressed scepticism of the notion that privacy concerns are diminished because the search was targeted at contraband: see Patrick, at para. 32; see also A.M., at para. 73.

Search methodologies can be so targeted as to become defensible. The Supreme Court of Canada’s Tessling case, for example, suggests that capturing a heat signature emanating from a residence is unobtrusive because it reveals criminal activity in the house – an illegal grow op – and not much else. The majority in Tessling expressly said that a search should not be judged based on “theoretical” secondary uses. In this case, the potential for secondary use was real.

Hat tip to Fred Schumann of Stockwoods.

R. v. Wawrykiewycz, 2020 ONCA 269.

Ont CA says bag search unlawful, order $500 in damages

On April 16th, the Court of Appeal for Ontario held that the Toronto Police breached sections 2(b), 8 and 9 of the Charter by enforcing a “condition of entry” to a public park because they were not properly authorized to establish the condition.

The City of Toronto had authorized the police to act as its agents “for the purpose of administering the Trespass to Property Act.” Acting under this authority, the police decided to search bags (and all other things in which weapons could be concealed) possessed by those attending a G20 protest at Allan Gardens. The appellant took issue with the legality of this “condition of entry.” The police restrained him when he refused to comply, searched his bag and confiscated a pair of swim goggles. You can see a video of the altercation here.

The Court of Appeal decision turned on text of the grant of authorization, which the Court held was too narrow given the Trespass to Property Act only provides property owners and occupiers with “a suite of enforcement powers” and not a power to create restrictions on access to property. It said, “The jurisprudence consistently takes a rigorous approach when interpreting the sources of legal authority relied upon by government to encroach upon the liberty of the subject.”

The Court ordered the police to pay $500 in damages. It said the appellant (who drew attention to his fate during the altercation and afterwards) did not establish any reputational or other personal loss. The Court also noted that the police acted in good faith with a view to the safety of the public.

Stewart v Toronto (Police Services Board), 2020 ONCA 255 (CanLII).

NSCA says no expectation of privacy in address information

On January 28th the Nova Scotia Court of Appeal dismissed a privacy breach allegation that was based on a municipality’s admitted disclosure of address information to a related service commission so the service commission could bill for certain statutorily mandated charges. The Court held there was no reasonable expectation of privacy in the information disclosed, reasoning as follows:

Mr. Banfield’s information was not confidential, secret or anonymous. Neither did it offer a glimpse into Mr. Banfield’s intimate, personal or sensitive activities. Nor did it involve the investigation of a potential offence. Rather, it enabled a regulated public utility to invoice Mr. Banfield with rates approved under statutory authority for a legally authorized service that, in fact, Mr. Banfield received.

Banfield v. Nova Scotia (Utility and Review Board), 2020 NSCA 6 (CanLII).

Jones, Marakah and corporate information systems

There has been significant discussion of the Supreme Court of Canada’s decisions in R v Jones and R v Marakah – cases in which the Court recognized a reasonable expectation of privacy in text messages that police obtained from others. In Jones, the police obtained messages from a telecom company and in Marakah the police obtained messages from a recipient’s phone.

At their broadest, Jones and Marakah are clearer than ever recognition that the Charter protects digital communications although digital communications are not easily controlled or kept secret. Justice Cote said it well in Jones:

Here, as in Spencer and TELUS, the only way to retain control over the subject matter of the search vis-à-vis the service provider was to make no use of its services at all. That choice is not a meaningful one. Focusing on the fact that Mr. Jones relinquished direct control vis-à-vis the service provider is accordingly difficult to reconcile with a purposive approach to s. 8. Canadians are not required to become digital recluses in order to maintain some semblance of privacy in their lives.

Recognizing this particular, highly-normative basis for Jones and Marakah is essential to properly understanding what these cases might mean for rights and entitlements of organizations that hold the digital information of others – including employers who hold the digital information of their employees. In contrast to the above statement, the Supreme Court of Canada has already recognized that employees have a meaningful choice as to whether they use a work system for their private dealings . In R v Cole, Justice Fish said the following about employee Cole’s choice:

In this case, the operational realities of Mr. Cole’s workplace weigh both for and against the existence of a reasonable expectation of privacy. For, because written policy and actual practice permitted Mr. Cole to use his work-issued laptop for personal purposes. Against, because both policy and technological reality deprived him of exclusive control over — and access to — the personal information he chose to record on it.

Jones and Marakah do not detract from this statement and, if anything, invite the law to develop in a way that gives even greater emphasis to employee choice and its impact on privacy and corporate data security. Corporate data security is all about choosing the right medium – the right tool – for the purpose. Our right as citizens to text without state interference is quite a different thing.

R. v. Jones, 2017 SCC 60 (CanLII).

R. v. Marakah, 2017 SCC 59 (CanLII).