What’s not to say about Sherman Estate?

We all know that the Supreme Court of Canada decided Sherman Estate v Donavan on June 11th. I just got to it today, and was surprised at its significance to information and privacy law beyond the open courts principle itself. Here is a quick note on its three most salient broader points.

The Court held that records filed in court by estate trustees seeking probate ought not to have been sealed given the presumption of openness that applies to all court proceedings. In doing so, however, it recognized for the first time that privacy alone (whether or not it encourages access to justice) could be “an important public interest” that warrants a departure from the presumption.

Point one – sensitive information is information linked to the biographical core

Most significantly, the Court said that not any privacy interest will qualify. Privacy is such a subjective, difficult and confused concept that many individuals with genuinely felt “sensibilities” must be precluded from claiming that their privacy interest weighs against the openness of a court proceeding. A privacy interest only qualifies as “an important public interest” if the information at stake is “sufficiently sensitive such that it can be said to strike at the biographical core of the individual.”

The biographical core is a concept first articulated in R v Plant in 1993 and has since been criticized by privacy advocates as a concept that limits privacy protection. Yet here it is, front and centre as the limitation on privacy that will now protect the transparency of our justice system. The Court links the biographical core to the protection of human dignity, as it explains in the following paragraph:

Violations of privacy that cause a loss of control over fundamental personal information about oneself are damaging to dignity because they erode one’s ability to present aspects of oneself to others in a selective manner (D. Matheson, “Dignity and Selective Self-Presentation”, in I. Kerr, V. Steeves and C. Lucock, eds., Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society (2009), 319, at pp. 327‑28; L. M. Austin, “Re-reading Westin” (2019), 20 Theor. Inq. L. 53, at pp. 66‑68; Eltis (2016), at p. 13). Dignity, used in this context, is a social concept that involves presenting core aspects of oneself to others in a considered and controlled manner (see generally Matheson, at pp. 327‑28; Austin, at pp. 66‑68). Dignity is eroded where individuals lose control over this core identity‑giving information about themselves, because a highly sensitive aspect of who they are that they did not consciously decide to share is now available to others and may shape how they are seen in public. This was even alluded to by La Forest J., dissenting but not on this point, in Dagg, where he referred to privacy as “[a]n expression of an individual’s unique personality or personhood” (para. 65). 

The term “fundamental personal information” used here is sure to be re-used by privacy defence counsel to deal with disputes about sensitivity. And although the Court stressed again and again that its reasoning was made for the open courts context, we need the authority. The concept of sensitivity is as confused as any aspect of privacy law. The Office of the Privacy Commissioner of Canada finds personal information to be sensitive in virtually every one of its reports. It has found home address information sensitive, for example, yet the Ontario Superior Court of Justice held that home address information doesn’t warrant common law privacy protection. Sherman Estate is going to be helpful to those of us who are striving for a clear and predictable boundary to privacy claims.

Point two – the concept of privacy is a mess

The Court has already said that privacy is “somewhat evanescent” (Dagg) and “protean” (Tessling), and has noted that scholars have criticized privacy as being a concept in “theoretical disarray” (Spencer). In Sherman Estate, the Court revisits this criticism and, for the first time, clearly applies it to limit the scope of privacy protection. It says:

Further, recognizing an important interest in privacy generally could prove to be too open‑ended and difficult to apply. Privacy is a complex and contextual concept (Dagg, at para. 67;see also B. McIsaac, K. Klein and S. Brown, The Law of Privacy in Canada (loose‑leaf), vol. 1, at pp. 1‑4;D. J. Solove, “Conceptualizing Privacy” (2002), 90 Cal. L. Rev. 1087, at p. 1090). Indeed, this Court has described the nature of limits of privacy as being in a state of “theoretical disarray” (R. v. Spencer2014 SCC 43, [2014] 2 S.C.R. 212, at para. 35). Much turns on the context in which privacy is invoked. I agree with the Toronto Star that a bald recognition of privacy as an important interest in the context of the test for discretionary limits on court openness, as the Trustees advance here, would invite considerable confusion. It would be difficult for courts to measure a serious risk to such an interest because of its multi-faceted nature.

This is another very important paragraph for privacy defence counsel. I have relied on the first chapter of Daniel Solove’s Understanding Privacy more than once in a factum as a means of inviting a conservative response to a novel privacy matter. Now we have clear Supreme Court of Canada authority on point.

Yes I am arguing against privacy protection, but it is because I deeply crave clarity. Organizations are faced all manner of novel and bold privacy claims, the merits of which are too difficult to assess. We need a clearly defined limit to what counts as a privacy interest worthy of legal protection, whatever it is. This is another reason Sherman Estate is good: the first step to healing is to admit you have a problem!

Point three – a step towards unification, and a half step back

This is why it is so disappointing that the Court keeps saying that privacy is in theoretical disarray without taking up the challenge of fixing the problem.

As I’ve explained, it repeatedly tied its reasoning to the open courts context, and although it took the novel step of relying on Charter jurisprudence to help with its delineation, the Court felt it necessary to make clear that a reasonable expectation of privacy protected by section 8 of the Charter is different.

I pause here to note that I refer to cases on s. 8 of the Charter above for the limited purpose of providing insight into types of information that are more or less personal and therefore deserving of public protection. If the impact on dignity as a result of disclosure is to be accurately measured, it is critical that the analysis differentiate between information in this way. Helpfully, one factor in determining whether an applicant’s subjective expectation of privacy is objectively reasonable in the s. 8 jurisprudence focuses on the degree to which information is private (see, e.g., R. v.Marakah2017 SCC 59, [2017] 2 S.C.R. 608, at para. 31Cole, at paras. 44‑46). But while these decisions may assist for this limited purpose, this is not to say that the remainder of the s. 8 analysis has any relevance to the application of the test for discretionary limits on court openness.

Privacy shouldn’t have a different meaning in the open courts context and the Charter context and the common law/civil context. Why should it? It’s a fundamental right is it not? Has all the talk about contextual significance caused us to be too conservative? Lazy, even? Certainly facts can be assessed in their proper context under a unified concept?

We have unified our reading of differently worded anti-discrimination statutes to provide for clear and strong law across the Country given the importance of human rights protection. I fail to see why we are so hesitant to unify our privacy law.

Sherman Estate is therefore a good decision in my eyes, but not great, and there is more work to be done.

Sherman Estate v. Donovan, 2021 SCC 25 (CanLII).

[This is a personal blog, and these are my views alone. They do not reflect the views of my firm or colleagues.]

What’s significant about the Loblaw report

I finally got around to reading the @PrivacyPrivee report of findings on Loblaw’s manner of authenticating those eligible for a gift card. The most significant (or at least enlightening) thing about the report is that the OPC held that residential address, date of birth, telephone number and e-mail address were, together, “sensitive.” It did so in assessing the adequacy of the contractual measures Loblaw used in retaining a service provider for processing purposes. It said:

  1. The contract also provided guarantees of confidentiality and security of personal information, and included a list of specific safeguard requirements, such as: (i) implementing measures to protect against compromise of its systems, networks and data files; (ii) encryption of personal information in transit and at rest; (iii) maintaining technical safeguards through patches, etc.; (iv) logging and alerts to monitor systems access; (v) limiting access to those who need it; (vi) training and supervision of employees to ensure compliance with security requirements; (vii) detailed incident response and notification requirements; (viii) Loblaw’s pre-approval of any third parties to whom JND wishes to share personal information, as well as a requirement for JND to ensure contractual protections that are at a minimum equivalent to those provided for by its contract with Loblaw; and (ix) to submit to oversight, monitoring, and audit by Loblaw of the security measures in place.
  2. As outlined above, the additional ID’s requested by the Program Administrator were collected through a secure channel (if online) or by mail, verified and then destroyed.
  3. In our view, given the limited, albeit sensitive, information that was shared with the Program Administrator, as well as the limited purposes and duration for which that information would be used, Loblaw’s detailed contractual requirements were sufficient to ensure a level of protection that was comparable to that which would be required under the Act. Therefore, in our view, Loblaw did not contravene Principle 4.1.3 of Schedule 1 of the Act.

Residential address, date of birth, telephone number and e-mail address is a set of basic personal information. In analyzing it, one must recall the “contact information” that the Ontario Superior Court of Justice said was not “private” enough to found a class action claim in Broutzas.

Don’t be misled, though. The OPC made its finding because Loblaw was engaged in authentication, and collected a data set precisely geared to that purpose. The potential harm – identity theft – was therefore real, supporting finding that the data set as a whole was sensitive. Context matters in privacy and data security. And organizations, guard carefully the data you use to identify your customers.

Case Report – LSAC allowed to substitute submission of photos for fingerprints

You may have heard about the federal Privacy Commissioner’s May 29th report on the Law School Admission Council’s practice of collecting fingerprints from LSAT test takers.  Her office recommended that LSAC cease the practice but allowed it to substitute a practice of collecting test takers’ photographs.

There are some notable findings in the report.  Namely:

  • the OPC rejected LSAC’s argument that it was engaged in educational rather than commercial activity, finding that its core activities provided a service to its member law schools;
  • the OPC held that fingerprints are more sensitive than voice prints and less sensitive than one’s photographic image; and
  • the OPC made another comment de-emphasizing the significance of cross-border transfers of personal information.

The report also highlights the difficulty of sustaining a collection practice based on deterrence alone.  The case for deterrence is often logically compelling, but proving that collecting information effectively deters misconduct is hard.  (For more on this theme, see the IPC/Ontario’s recent surveillance report.)  LSAC had not once used a fingerprint to identify whether fraudulent test since it started collecting them in the mid-1970, so it was difficult for the LSAC to justify its practice on any ground other than deterrence.  It also claimed that it simply wanted to assure its members that it was doing all it could to ensure the security of the test.  The OPC seemed to accept this purpose as legitimate, but not compelling enough to justify collection of fingerprints. The LSAC proposed collecting photographs as a step-down solution mid-way through the investigation, and the OPC held that this alternative would achieve the appropriate balance because images are “marginally” less sensitive.

Report of Findings:  Law School Admission Council Investigation (29 May 2008, OPC).