The Ontario Court of Appeal has opened a Pandora’s box by recognizing a privacy tort of “intrusion upon seclusion,” says one intellectual property lawyer.
In Jones v. Tsige, Sandra Jones and Winnie Tsige worked at different branches of the Bank of Montréal but did not know each other. Tsige began a relationship with Jones’ former husband and over a period of four years, Tsige accessed Jones’ personal bank accounts 174 times. Jones sued Tsige for invasion of privacy and breach of fiduciary duty, and sought $20,000 in damages.
The Ontario Superior Court dismissed Jones’ claim because there was no law in Ontario that recognized a tort of invasion of privacy prior to the Court of Appeal’s ruling.
By accepting this new “intrusion upon seclusion” tort into Ontario law, Mark Hayes, of Hayes eLaw LLP, says the court has opened the floodgates for all kinds of invasion of privacy cases that were not previously recognized.
The court set several restrictions on the extent of this new tort. “The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish,” Justice Robert Sharpe wrote in the ruling.
But Hayes says the court didn’t set any parameters for what constitutes reckless behaviour. “There isn’t any really good guidance as to what reckless behaviour is going to mean within this context,” he says. “You can be sure that for a period of time — and it could be a couple of years, it could be a couple of decades —there’s going to be uncertainty about the extent of the recklessness that is required.”
Outlining another limitation, Sharpe wrote: “A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.”
This is also a contentious issue, says Hayes, as sensitivity is usually determined on a case-by-case basis. “In the privacy area, we’ve been trying to work with this concept of sensitive information for well over a decade because it’s used in all of the information privacy statutes in Canada. What we’ve found is that it’s a very pliable concept, and so, sensitivity of information can change depending on the individual, depending on the context.”
The court also placed a $20,000 limit on the damages to be awarded to any individual under this new tort. In this case, Jones was awarded damages of $10,000.
Although a $20,000 cap seems relatively low, Hayes says it opens the floodgates for privacy class actions seeking a much higher amount. “What’s going to happen is you’re going to have claims that are being brought in respect of organizations or individuals who are alleged to have committed this tort against hundreds, thousands, tens of thousands, millions of people through data breaches, through investigations, through other things, and class action lawyers will be then asserting claims on the basis of $20,000 for each of those people.”
Overall, Hayes says the limits set by the court aren’t clearly definitive. “The difficulty is that the limits that the court tried to put on [the tort] I think ask more questions than they answer.”