In the latest chapter in the evolving area of privacy class actions, the BC Supreme Court has concluded that the tort of intrusion upon seclusion still does not exist in British Columbia, despite recent musings by the Court of Appeal about whether it should reconsider the existence of a common law privacy tort.

In Campbell v. Capital One Financial Corporation, 2022 BCSC 928 the BC Supreme Court certified a class proceeding against Capital One related to a data breach on narrower terms than those sought by the plaintiff. The court found that some of the pleaded causes of action (including intrusion upon seclusion) were bound to fail while others (negligence, breach of contract and breach of consumer protection laws) should be certified. The decision is consistent with the restrained approach that Canadian courts have taken to the certification of privacy class actions in recent months, as we reported in March and April of this year.

Campbell is also notable for its treatment of multi-jurisdictional class action issues. The BC court certified a class action arising from a data breach after Ontario’s courts refused to certify a class action arising from the same data breach. And the BC court provided guidance on the issues that arise when a plaintiff wants to include Quebec residents in a class action.

The Decision

In 2019, a hacker breached Capital One’s database containing the confidential personal and financial information of customers. The data breach affected approximately six million Canadians. Class actions followed in British Columbia, Ontario and Quebec. The Ontario plaintiff’s motion for certification was denied late last year (Del Giudice v. Thompson, 2021 ONSC 5379) and the Quebec action remains at the pre-certification stage. We address the court’s approach to the Ontario and Quebec proceedings in the next section.

In Campbell the plaintiff sought certification of common issues relating to the tort of intrusion upon seclusion—a cause of action that exists in Ontario. As previously reported, while BC courts have consistently held that the tort of intrusion upon seclusion does not exist in British Columbia, the BC Court of Appeal recently suggested that the existence and scope of the tort may be ripe for reconsideration (see Tucci v. Peoples Trust Company, 2020 BCCA 246 at paras. 66-67). The plaintiff pointed to this commentary in arguing that his claims for intrusion upon seclusion were not bound to fail.

The court disagreed, concluding that Tucci was no reason to depart from the established line of cases that bar claims in intrusion upon seclusion. The court concluded that only the Court of Appeal could recognize the existence of intrusion upon seclusion in BC. Further, the court found that it was not even clear that a plaintiff had a claim in intrusion upon seclusion in Ontario against the custodian of a database following a data breach. Ultimately, the chambers judge concluded, “the possibility that the law may change is an insufficient basis for certification” (para. 103).

The court also made other findings that may be useful to defendants facing data breach litigation:

  • Incorporation of Referenced Documents: the court found that several Capital One polices and terms of use documents were incorporated into the notice of civil claim by reference, including the cardholder agreement and the privacy policy. The court concluded that any pleaded material facts that were inconsistent with a plain reading of those documents could be disregarded as incapable of proof.
  • Rejection of disgorgement claims: the court concluded that the plaintiff’s claim for disgorgement was bound to fail, because the plaintiff had not pleaded “any material facts that are capable of establishing that the class has any legitimate interest in Capital One’s profit-making activity” (para. 83).
  • Rejection of claims for breach of duty of honest performance: the court concluded that the plaintiff’s claim for breach of the contractual duty of honest performance was bound to fail. The plaintiff had not pleaded any material facts that, if proven, would establish that Capital One engaged in “active dishonesty” (e., lied to or knowingly misled cardholders). Without those allegations, a claim for breach of the duty of honest performance is bound to fail.

Approach to Quebec and Ontario Proceedings

Campbell is also noteworthy for its approach to parallel actions brought in Ontario and Quebec.

In granting certification, the court declined to follow the decision of the Ontario Superior Court in the Del Giudice action, which related to the same data breach. In justifying the divergent results, the court in Campbell noted that the case theory in Del Giudice was “broader and more complex” (para. 33). At least in part, the different results in Ontario and British Columbia appear to be attributable to strategic and procedural decisions made by the Ontario plaintiff. In Del Giudice, for example, Perell J. concluded that all of the causes of action pleaded by the plaintiff were bound to fail, though he observed that the plaintiff could have advanced a certifiable breach of contract theory (para. 259).

The court in Campbell also narrowed the proposed class definition to exclude Quebec residents, finding that the interests of Quebec residents would be better served through a parallel action brought in Quebec. The proposed Quebec class action advances a similar theory of liability, on behalf of Quebec residents and pursuant to Quebec civil law. In excluding the Quebec residents from the class definition, the court emphasized that class counsel seeking certification of multijurisdictional class actions bear a burden to address the “distinctive nature of Quebec law” in their pleadings and submissions (para. 46).