Newfoundland court recognizes intrusion upon seclusion tort

In somewhat strange circumstances, the Supreme Court of Newfoundland and Labrador has recognized the intrusion upon seclusion privacy tort.

The Court made its recognition in deciding a procedural motion in a Municipal Elections Act appeal by two City of Mount Pearl councillors who were sanctioned for not disclosing a conflict of interest. The alleged conflict arose out of their discussions with the Town’s former CAO while he was on administrative leave and the subject of a harassment investigation.

The City had discovered the conflict after it seized the CAO’s work iPad, which was still sending snippets of messages from the CAO’s personal Facebook Messenger account to the iPad’s home screen. Staff from IT saw the troubling messages, gave the iPad to the Clerk who saw more troubling messages, and the City eventually downloaded the messages for its use as evidence. At some point later, the messages were leaked to the CBC.

Whether the common law right of action for intrusion upon seclusion exists in Newfoundland had not yet been determined but was certified as a common issue in Hynes v. Western Regional Integrated Health Authority, 2014 NLTD(G) 137. Here, the Court held that the province has “a common law tort for intrusion upon seclusion” and that it “coexists with rights created under the [Newfoundland and Labrador] Privacy Act.”

Not surprisingly, in light of the Supreme Court of Canada decision in R v Cole, the Court found a privacy expectation that warranted protection, though its analysis on this point bleeds into its finding that the City’s actions were “highly offensive.” It went on to exclude the messages from the appeal record on the basis of its procedural power.

I might have thought this was a closer case than the outcome suggests, but privacy is such a subjective concept that it’s hard to predict how a judge will view a matter. It’s also another case about using a work computer to access content in a private cloud account, which apparently touches a judicial nerve.

Hindsight is 20/20, but as the judge said, the City could have stopped once it viewed the snippets and used the observations made by IT and the Clerk to request access from the CAO (who was presumably still employed and with a duty to cooperate and who faced a possible adverse inference). I would be concerned about the potential destruction of evidence – all stored in the CAO controlled account – but (unfortunately) the Court did not consider this factor.

Power v. Mount Pearl (City), 2022 NLSC 129 (CanLII).

Intrusion upon seclusion is an intentional tort – Ont CA

The Court of Appeal for Ontario has addressed an important point about the intentionality element in the intrusion upon seclusion tort.

The Court dismissed an appeal by a nurse who claimed her employer’s liability insurer had a duty to defend her from claims that arose out of her unauthorized access to patient information. The issue was whether policy language limiting coverage for “expected” or “intended” injury applied, which required the Court to analyze whether an allegation that one has committed the intrusion tort is an allegation of intentional conduct.

The Court said “yes,” and made clear that recklessness is a form of intentional conduct:

Although the Jones decision does not contain a definition of “reckless,” it places reckless conduct side-by-side with intentional or deliberate conduct. Jones adopted the Restatement’s formulation of the tort as involving an intentional intrusion. As well, the decision limited claims for intrusion upon seclusion only to “deliberate and significant intrusions of personal privacy”: Jones, at para. 72. One cannot tease from the discussion in Jones any support for the proposition advanced by Ms. Demme that Jones’ inclusion of a reckless act within the tort of intrusion upon seclusion could involve unintentional conduct.

The Court also articulated the precise state of mind that meets the intentionality element:

For that tort, the relevant intention is the defendant’s intention to access private patient records. If that is demonstrated, the nature of the tort is such that the intention to access the records amounts to an intention to cause injury.

The appellant had argued that she lacked the intent to cause injury and therefore ought to have been covered.

Demme v. Healthcare Insurance Reciprocal of Canada, 2022 ONCA 503 (CanLII).

What’s not to say about Sherman Estate?

We all know that the Supreme Court of Canada decided Sherman Estate v Donavan on June 11th. I just got to it today, and was surprised at its significance to information and privacy law beyond the open courts principle itself. Here is a quick note on its three most salient broader points.

The Court held that records filed in court by estate trustees seeking probate ought not to have been sealed given the presumption of openness that applies to all court proceedings. In doing so, however, it recognized for the first time that privacy alone (whether or not it encourages access to justice) could be “an important public interest” that warrants a departure from the presumption.

Point one – sensitive information is information linked to the biographical core

Most significantly, the Court said that not any privacy interest will qualify. Privacy is such a subjective, difficult and confused concept that many individuals with genuinely felt “sensibilities” must be precluded from claiming that their privacy interest weighs against the openness of a court proceeding. A privacy interest only qualifies as “an important public interest” if the information at stake is “sufficiently sensitive such that it can be said to strike at the biographical core of the individual.”

The biographical core is a concept first articulated in R v Plant in 1993 and has since been criticized by privacy advocates as a concept that limits privacy protection. Yet here it is, front and centre as the limitation on privacy that will now protect the transparency of our justice system. The Court links the biographical core to the protection of human dignity, as it explains in the following paragraph:

Violations of privacy that cause a loss of control over fundamental personal information about oneself are damaging to dignity because they erode one’s ability to present aspects of oneself to others in a selective manner (D. Matheson, “Dignity and Selective Self-Presentation”, in I. Kerr, V. Steeves and C. Lucock, eds., Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society (2009), 319, at pp. 327‑28; L. M. Austin, “Re-reading Westin” (2019), 20 Theor. Inq. L. 53, at pp. 66‑68; Eltis (2016), at p. 13). Dignity, used in this context, is a social concept that involves presenting core aspects of oneself to others in a considered and controlled manner (see generally Matheson, at pp. 327‑28; Austin, at pp. 66‑68). Dignity is eroded where individuals lose control over this core identity‑giving information about themselves, because a highly sensitive aspect of who they are that they did not consciously decide to share is now available to others and may shape how they are seen in public. This was even alluded to by La Forest J., dissenting but not on this point, in Dagg, where he referred to privacy as “[a]n expression of an individual’s unique personality or personhood” (para. 65).

The term “fundamental personal information” used here is sure to be re-used by privacy defence counsel to deal with disputes about sensitivity. And although the Court stressed again and again that its reasoning was made for the open courts context, we need the authority. The concept of sensitivity is as confused as any aspect of privacy law. The Office of the Privacy Commissioner of Canada finds personal information to be sensitive in virtually every one of its reports. It has found home address information sensitive, for example, yet the Ontario Superior Court of Justice held that home address information doesn’t warrant common law privacy protection. Sherman Estate is going to be helpful to those of us who are striving for a clear and predictable boundary to privacy claims.

Point two – the concept of privacy is a mess

The Court has already said that privacy is “somewhat evanescent” (Dagg) and “protean” (Tessling), and has noted that scholars have criticized privacy as being a concept in “theoretical disarray” (Spencer). In Sherman Estate, the Court revisits this criticism and, for the first time, clearly applies it to limit the scope of privacy protection. It says:

Further, recognizing an important interest in privacy generally could prove to be too open‑ended and difficult to apply. Privacy is a complex and contextual concept (Dagg, at para. 67;see also B. McIsaac, K. Klein and S. Brown, The Law of Privacy in Canada (loose‑leaf), vol. 1, at pp. 1‑4;D. J. Solove, “Conceptualizing Privacy” (2002), 90 Cal. L. Rev. 1087, at p. 1090). Indeed, this Court has described the nature of limits of privacy as being in a state of “theoretical disarray” (R. v. Spencer, 2014 SCC 43, [2014] 2 S.C.R. 212, at para. 35). Much turns on the context in which privacy is invoked. I agree with the Toronto Star that a bald recognition of privacy as an important interest in the context of the test for discretionary limits on court openness, as the Trustees advance here, would invite considerable confusion. It would be difficult for courts to measure a serious risk to such an interest because of its multi-faceted nature.

This is another very important paragraph for privacy defence counsel. I have relied on the first chapter of Daniel Solove’s Understanding Privacy more than once in a factum as a means of inviting a conservative response to a novel privacy matter. Now we have clear Supreme Court of Canada authority on point.

Yes I am arguing against privacy protection, but it is because I deeply crave clarity. Organizations are faced all manner of novel and bold privacy claims, the merits of which are too difficult to assess. We need a clearly defined limit to what counts as a privacy interest worthy of legal protection, whatever it is. This is another reason Sherman Estate is good: the first step to healing is to admit you have a problem!

Point three – a step towards unification, and a half step back

This is why it is so disappointing that the Court keeps saying that privacy is in theoretical disarray without taking up the challenge of fixing the problem.

As I’ve explained, it repeatedly tied its reasoning to the open courts context, and although it took the novel step of relying on Charter jurisprudence to help with its delineation, the Court felt it necessary to make clear that a reasonable expectation of privacy protected by section 8 of the Charter is different.

I pause here to note that I refer to cases on s. 8 of the Charter above for the limited purpose of providing insight into types of information that are more or less personal and therefore deserving of public protection. If the impact on dignity as a result of disclosure is to be accurately measured, it is critical that the analysis differentiate between information in this way. Helpfully, one factor in determining whether an applicant’s subjective expectation of privacy is objectively reasonable in the s. 8 jurisprudence focuses on the degree to which information is private (see, e.g., R. v.Marakah, 2017 SCC 59, [2017] 2 S.C.R. 608, at para. 31; Cole, at paras. 44‑46). But while these decisions may assist for this limited purpose, this is not to say that the remainder of the s. 8 analysis has any relevance to the application of the test for discretionary limits on court openness.

Privacy shouldn’t have a different meaning in the open courts context and the Charter context and the common law/civil context. Why should it? It’s a fundamental right is it not? Has all the talk about contextual significance caused us to be too conservative? Lazy, even? Certainly facts can be assessed in their proper context under a unified concept?

We have unified our reading of differently worded anti-discrimination statutes to provide for clear and strong law across the Country given the importance of human rights protection. I fail to see why we are so hesitant to unify our privacy law.

Sherman Estate is therefore a good decision in my eyes, but not great, and there is more work to be done.

Sherman Estate v. Donovan, 2021 SCC 25 (CanLII).

[This is a personal blog, and these are my views alone. They do not reflect the views of my firm or colleagues.]

Sask QB addresses willfulness requirement in a privacy claim

You might be surprised how often lawyers get sued for invading others’ privacy. On October 5th, the Saskatchewan Court of Queen’s Bench struck such a claim on the basis it disclosed no reasonable cause of action.

The defendant lawyer delivered a divorce petition and related documents to another law firm that had represented the plaintiff in the past, but the law firm was not authorized to receive the documents, and the applicable procedural rules called for personal service. The plaintiff pleaded a failure – i.e. that “the defendants failed to do their due diligence in ensuring McKercher LLP represented the plaintiff on the divorce matter.” The plaintiff said this failure caused a privacy violation given the documents contained information about the plaintiff’s income, property and the grounds for divorce.

Notwithstanding the disclosure of this information, the Court held that the the information disclosed by the plaintiff “was not the plaintiff’s to protect.” This is best viewed a finding based on context. The court punctuated the finding nicely by stating:

The point is this. Service of his wife’s petition on counsel who, as the plaintiff states, is a member of a firm with whom he has a solicitor-client relationship cannot reasonably be perceived to be a violation of his privacy.

The Court also held that the disclosure was not “willful,” as required by the Saskatchewan Privacy Act. Justice Klatt reviewed the law and said:

It is fair to say that there is no firm agreement across the country as to what “willfully” entails in the context of privacy legislation (see, for example, Agnew-Americano v Equifax Canada Co., 2019 ONSC 7110). However, I agree with Halvorson J.’s comments in Peters-Brown that “willfully” requires something more than the intentional commission of an act that has the result of violating privacy. In my view, it is more than recklessness, inadvertence or accident.

This narrow view is an authoritative statement on the law of Saskatchewan, though as noted, the requirement varies across Canada. In Ontario, privacy claims can be based on alleged recklessness (a concept with boundaries in the civil context that are still up for debate).

Kumar v Korpan, 2020 SKQB 256 (CanLII).

Privacy claim against documentary makers dismissed

On April 23rd, the Ontario Superior Court of Justice dismissed two privacy claims brought against the makers of a documentary – one based on the misappropriation of personality tort and the other based on the intrusion upon seclusion tort.

Wiseau (and others) brought the claims against the makers of a movie called Room Full of Spoons – a documentary about Wiseau and his own infamous movie, The Room. The Room has become notorious as one of the worst movies ever made. Room Full of Spoons disclosed Wiseau’s birthdate, birth name and place of birth, facts available to the public but not widely known, in part because Wiseau’s cultivation of mystery about his background.

Wiseau aggressively objected to the release of Room Full of Spoons, according to the Court, in part because he held a financial interest in a competing film. He obtained an injunction in 2017 that was held to have been improperly obtained, leaving Wiseau on the hook for $750,000 in damages.

In addition to making this damages order, Justice Schabas wrote a lengthy judgement that adresses fair dealing and related copyright issues, a passing off claim and various pre-trial and trial procedure issues. I’ll just address his disposition of the two privacy claims.

Justice Schabas dismissed the misappropriation of personality claim because Wiseau was a public figure who cultivated interest (and mystery) in his personality. The defendants’ use of Wiseau’s image to promote Room Full of Spoons (which was limited) was therefore not actionable. Justice Schabas followed Gould Estate, and held that use of Wiseau’s image served the purpose of contributing accurate information “to the public debate of political or social issues or of providing the free expression of creative talent” and was not primarily a means of “commercial exploitation.”

Justice Schabas dismissed the intrusion upon seclusion claim for reasons unrelated to the defendants’ right of expression, finding no “highly offensive” intrusion at all:

Wiseau has failed to make out the elements of the tort in this case. No personal details of the kind referred to in Jones v. Tsige were disclosed by the defendants. Rather, what was disclosed was Wiseau’s birthplace, his birthdate, and the name he was given at birth and had as a child in Poland. This information was available from public sources, which is how the defendants obtained and confirmed it. Wiseau may be sensitive about this information because he has cultivated an aura of mystery around it, but disclosure of these facts is not, objectively speaking, something which can be described as “highly offensive.”

The idea that Wiseau’s privacy claim could not be sustained because his information was publicly available is significant, though consistent with traditional notions of privacy and confidentiality.

Wiseau Studio, LLC et al. v. Harper et al., 2020 ONSC 2504 (CanLII).

No privacy breach for publishing information about a provincial offences conviction

Late last year the Ontario Superior Court of Justice issued judgement in a hard-fought dispute between residential neighbours. After an 11-day small claims court trial (!) the Court allowed one neighbour’s privacy breach claim and dismissed the other’s.

The Court allowed a claim against the defendants for directing surveillance cameras and motion-activated floodlights at the plaintiffs’ property as part of a deliberate campaign of harassment. It awarded each plaintiff $8,000, noting evidence of “significant stress and irritation.” The Court also awarded each plaintiff $500 on account of their exposure to “obstructive parking.”

The successful plaintiffs tended to the high road, at one point returning the defendants’ stray dog in an act of neighbourliness. They did, however, publicly post a document that detailed a Provincial Offences Act conviction of one of the defendants. (They said did so to give their prying-eyed neighbours “something to look at.”) The Court dismissed a counterclaim based on this publication, explaining:

Convictions and sentences imposed by courts of law are events which occur in public and are publicly-available information. The fact that some third party has posted such facts on the internet makes them all the more public. I am unable to accept the defence submission, unsupported by authority, that for Mr. Cecchin to find and post this information constitutes an actionable invasion of privacy. Such a conclusion would be inconsistent with the definition pronounced by Sharpe J.A. in Jones v. Tsige (2012), 2012 ONCA 32 (CanLII), 108 O.R. (3d) 241 (C.A.), at para. 70. The conviction and sentence cannot be viewed as Mr. Bradbury’s “private affairs or concerns”. Nor would a reasonable person regard the search for or publication of the outcome of legal proceedings as “highly offensive.”

In a similar vein, the Court dismissed a counter-claim that alleged the plaintiffs committed a privacy violation by writing a letter to other neighbours drawing their attention to the defendants’ non-compliance with municipal bylaws. It said that the claim was untenable as one that attacked, “an exercise of free speech, of local political action and participation in the municipal legal process.”

Cecchin v Lander, 2019 CanLII 131883 (ON SCSM).

Broutzas narrowed, privacy action certified, uncertainty abounds

On January 6th, Justice Morgan certified a class proceeding that was based on a nurse’s unauthorized access to very basic personal health information – patient status and allergy information – so she could obtain prescription drugs.

Although there were no damages to support a negligence claim, Justice Morgan held that the cause of action criterion for certification of a privacy breach claim was met because, “an infringement of privacy can be ‘highly offensive’ without being otherwise harmful in the sense of leading to substantial damages.” (IMHO, this is correct.)

In otherwise assessing the quality the nurse’s infringement, Justice Morgan distinguished Broutzas, in which Justice Perell declined to certify an action, in part, because the theft of address information from patients who had given birth at a hospital was not “highly offensive.” Justice Morgan said:

Counsel for the Plaintiff takes issue with this analysis. In the first place, he points out that the factual context of the Rouge Valley case is distinguishable from the case at bar in one important way: the patients/claimants in [Broutzas] were all in the hospital for the birth of a baby, which is perhaps the least confidential of reasons. Indeed, Perell J. recited the factual background of each patient making a claim in that case, and observed that one had announced their child’s birth and circulated photos of the new baby on social media, while another had done a Facebook posting in celebration of the birth of their new baby at the defendant hospital: Ibid, paras. 97, 106. As Plaintiff’s counsel here points out, the expectation of privacy in such circumstances is negligible.

Fair enough, but it’s nonetheless quite clear that not all judges value privacy the same way. The uncertainty in judge-made privacy law is palpable.

Stewart v. Demme, 2020 ONSC 83 (CanLII).

ONSC applies false light privacy tort, awards $300,000 in damages

Justice Kristjanson of the Ontario Superior Court of Justice has applied the tort of publicly placing a person in a false light in ordering an abusive husband to pay $300,000 in damages to his estranged spouse.

The defendant waged a campaign against the plaintiff in which, contrary to court orders, he published photos and videos of the couple’s two children to allege the plaintiff was a child abuser and criminal. He also targeted the plaintiff by e-mailing community members links to his content and directing various real-world publications via pamphleting and postering in the UK, where the plaintiff had sought shelter. The campaign was extreme, causing the plaintiff to become ill and fear for her safety.

Justice Kristjanson awarded $150,000 in punitive damages, $50,000 for intentional infliction of mental suffering and $100,000 for breach of privacy. The breach of privacy damages were based jointly on the public disclosure of embarrassing private facts tort and the tort that applies to publicity that places one in a false light. On the false light tort, Justice Kristjanson explained:

170      With these three torts all recognized in Ontario law, the remaining item in the “four-tort catalogue” of causes of action for invasion of privacy is the third, that is, publicity placing the plaintiff in a false light. I hold that this is the case in which this cause of action should be recognized. It is described in § 652E of the Restatement as follows:

Publicity Placing Person in False Light

One who gives publicity to a matter concerning another that places the other before the public in a false light is subject to liability to the other for invasion of his privacy, if

(a) the false light in which the other was placed would be highly offensive to a reasonable person, and

(b) the actor had knowledge of or acted in reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed.

171      I adopt this statement of the elements of the tort. I also note the clarification in the Restatement‘s commentary on this passage to the effect that, while the publicity giving rise to this cause of action will often be defamatory, defamation is not required. It is enough for the plaintiff to show that a reasonable person would find it highly offensive to be publicly misrepresented as they have been. The wrong is in publicly representing someone, not as worse than they are, but as other than they are. The value at stake is respect for a person’s privacy right to control the way they present themselves to the world.

172      It also bears noting this cause of action has much in common with the tort of public disclosure of private facts. They share the common elements of 1) publicity, which is 2) highly offensive to a reasonable person. The principal difference between the two is that public disclosure of private facts involves true statements, while “false light” publicity involves false or misleading claims. (Two further elements also distinguish the two causes of action: “false light” invasion of privacy requires that the defendant know or be reckless to the falsity of the information, while public disclosure of private facts involves a requirement that there be no legitimate public concern justifying the disclosure.)

173      It follows that one who subjects another to highly offensive publicity can be held responsible whether the publicity is true or false. This indeed, is precisely why the tort of publicity placing a person a false light should be recognized. It would be absurd if a defendant could escape liability for invasion of privacy simply because the statements they have made about another person are false.

174      Moreover, it is likely that in the course of creating publicity placing a person in a false light, the wrongdoer will happen to include true, but private, facts about the person whose privacy is invaded. In this case, for instance, the defendant has publicized falsehoods about the plaintiff, but he has also publicly aired private facts about her present living situation with the children and her parents (including videos of their home) and details of access visits which is a true, but private matter.

This is the first time the false light tort has been recognized in Canada. Justice Kristjanson said the $20,000 cap on damages recognized in Jones v Tsige “may not apply” to it, though also suggested a larger award was warranted on the facts.

Justice Kristjanson also issued a 33 paragraph order that provided for broad-ranging permanent injunctive relief and made the defendant’s right of access to his children dependent on compliance. (The trial of the plaintiff’s action proceeded together with a family law trial.)

Yenovkian v Gulian, 2019 CarswellOnt 21614, 2019 ONSC 7279.

What’s significant about the Loblaw report

I finally got around to reading the @PrivacyPrivee report of findings on Loblaw’s manner of authenticating those eligible for a gift card. The most significant (or at least enlightening) thing about the report is that the OPC held that residential address, date of birth, telephone number and e-mail address were, together, “sensitive.” It did so in assessing the adequacy of the contractual measures Loblaw used in retaining a service provider for processing purposes. It said:

The contract also provided guarantees of confidentiality and security of personal information, and included a list of specific safeguard requirements, such as: (i) implementing measures to protect against compromise of its systems, networks and data files; (ii) encryption of personal information in transit and at rest; (iii) maintaining technical safeguards through patches, etc.; (iv) logging and alerts to monitor systems access; (v) limiting access to those who need it; (vi) training and supervision of employees to ensure compliance with security requirements; (vii) detailed incident response and notification requirements; (viii) Loblaw’s pre-approval of any third parties to whom JND wishes to share personal information, as well as a requirement for JND to ensure contractual protections that are at a minimum equivalent to those provided for by its contract with Loblaw; and (ix) to submit to oversight, monitoring, and audit by Loblaw of the security measures in place.

As outlined above, the additional ID’s requested by the Program Administrator were collected through a secure channel (if online) or by mail, verified and then destroyed.

In our view, given the limited, albeit sensitive, information that was shared with the Program Administrator, as well as the limited purposes and duration for which that information would be used, Loblaw’s detailed contractual requirements were sufficient to ensure a level of protection that was comparable to that which would be required under the Act. Therefore, in our view, Loblaw did not contravene Principle 4.1.3 of Schedule 1 of the Act.

Residential address, date of birth, telephone number and e-mail address is a set of basic personal information. In analyzing it, one must recall the “contact information” that the Ontario Superior Court of Justice said was not “private” enough to found a class action claim in Broutzas.

Don’t be misled, though. The OPC made its finding because Loblaw was engaged in authentication, and collected a data set precisely geared to that purpose. The potential harm – identity theft – was therefore real, supporting finding that the data set as a whole was sensitive. Context matters in privacy and data security. And organizations, guard carefully the data you use to identify your customers.

No civil claim for misappropriated contact information says Ont SCJ

On October 25th the Ontario Superior Court of Justice dismissed certification motions in two actions that claimed damages for the misappropriation of contact information from a hospital information system. The information was taken and used to sell RESPs to the families of newborns.

Most significantly, the Court held there was no viable cause of action for intrusion upon seclusion because the information that was misappropriated did not support a breach that was serious enough to meet the standard established by the Court of Appeal for Ontario in Jones v Tsige. Justice Perell explained:

[151]      I generally agree with the Defendants’ arguments. It is plain and obvious in the case at bar that there is no tenable cause of action for intrusion on seclusion because there was no significant invasion of personal privacy and a reasonable person would not find the disclosure of contact information without the disclosure of medical, financial, or sensitive information, offensive or a cause for distress humiliation and anguish. The contact information that was the objective of the intrusion in the immediate case was not private, there was not a significant invasion of privacy, and the invasion of privacy was not highly offensive to an objective person.

[152]      In other words, in the immediate case, it is not the case that the disclosure of just contact information intrudes on the class members’ significant private affairs and concerns, and in the immediate case, it is not the case that the disclosure of contact information would be highly offensive to a reasonable person and cause her distress, humiliation, and anguish.

[153]      Generally speaking, there is no privacy in information in the public domain, and there is no reasonable expectation in contact information, which is in the public domain, being a private matter. Contact information is publicly available and is routinely and readily disclosed to strangers to confirm one’s identification, age, or address. People readily disclose their address and phone number to bank and store clerks, when booking train or plane tickets or when ordering a taxi or food delivery. Many people use their health cards for identification purposes. Save during the first trimester, the state of pregnancy, and the birth of child is rarely a purely private matter. The news of an anticipated birth and of a birth is typically shared and celebrated with family, friends, and colleagues and is often publicized. The case at bar is illustrative. All the proposed representative plaintiffs were not shy about sharing the news of the newborns.

Much will be said about this judgement. Here are some thoughts.

First. There’s an ambiguity . Justice Perell says there’s no reasonable expectation of privacy in the circumstances and the invasion is not “highly offensive.” How can there be an invasion if there’s no reasonable expectation of privacy? Reading the analysis as a whole, Justice Perell seems to be saying that there is an expectation of privacy (and a privacy breach), but not one that meets the “highly offensive” standard set in Jones v Tsige. This is a first.

Second. Justice Perell doesn’t use the “reasonable expectation of privacy” concept to delineate whether or not there has been an intrusion. I wish he did. For clarity’s sake, I’d like to see a merging of the REP doctrine developed in the Charter jurisprudence with the tort analysis. We’re talking about the same thing.

Third. Justice Perell was able to view the incident through a technical lens, analyzing each data element on its own and not in the broader context. Compare how he viewed the matter to the Toronto Star editors of this article. The difference is amazing.

Fourth. I don’t read paragraph 153 as endorsement of so-called “third-party doctrine.” Rather, it’s a very broad finding about the publicity of contact information. Contact information is too public in its quality to attract the protection of the common law, says Justice Perell. Compare this view to that of the Alberta OPIC, who has found that the loss of e-mail addresses alone (to a hacker, mind you) gives rise to a “real risk of significant harm.” Justice Perell’s finding (consistent with Jones v Tsige) suggests that the privacy statutes offer greater protection than the common law.

Fifth, I can’t help but think we’ll be litigating about what is and isn’t a breach of privacy for an eternity.

Broutzas v. Rouge Valley Health System, 2018 ONSC 6315 (CanLII).