Privacy and access to information Following the Australian Law Reform Commission’s inquiry on the effectiveness of the Privacy Act 1988 (Cth), the federal government released an Issues Paper1 that invited public consideration of whether a statutory cause of action for invasion of privacy should be introduced in Australian law. To foster discussion, the paper presented the state of the law in comparable common law jurisdictions, including Canada. Because the right to privacy in Canadian law is a complex product of common law and both federal and state (provincial) legislation, the paper could only touch upon certain aspects of it. This article purports to give a more complete overview of the causes of action for breach of privacy under Canadian law.
The right to privacy in federal law
At the federal level, the right to privacy is enshrined in the Charter of Rights and Freedoms,2 a bill of rights which forms part of the Constitution of Canada and guarantees a number of freedoms and liberties from interference of the state. The right to privacy is derived from s 8 of the charter, it provides that everyone has a right to be secure from unreasonable search or seizure. Canadian courts have found that this right, which has traditionally been used to protect individuals from an invasion of their property rights, also protects an individual’s “reasonable expectation of privacy”.3 While there are no notable cases where damages have been awarded for a violation of this right, the constitutional protection awarded to the right to privacy has nevertheless influenced the development of the common law on this matter.
Two federally-enacted statutes also govern the protection of privacy: the Privacy Act 1985 (CA), which concerns the collection, use and disclosure of personal information by government institutions, and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to the private sector. While PIPEDA does not provide for a statutory right of action for breach of privacy per se, it confers upon the Privacy Commissioner of Canada the power to receive all complaints pertaining to breach of privacy in the private sector, to conduct investigations, issue reports on her findings and file for Court hearings. Upon reception of the Privacy Commissioner’s report, a complainant may apply to the Federal Court for damages.4
The right to privacy at the provincial level
Statutory Causes of Action
Four of the ten Canadian provinces have adopted statutes which have created the tort of invasion of privacy: British Columbia,5 Manitoba,6 Newfoundland and Labrador7 and Saskatchewan.8 In these four provinces, an individual has a valid cause of action against any person who violates his or her right to privacy even if no real damages can be proven. Except for Manitoba’s, these statutes require proof that the defendant acted wilfully and without a claim of right. The four statutes also enumerate various facts which, when put in evidence, create a prima facie presumption that the tort was committed, such as eavesdropping or the unauthorised use of another person’s documents. As highlighted in the Issues Paper, the four Acts also provide for exceptions or defences to the cause of action (eg when the plaintiff had consented to the act). While the jurisprudence which derives from these four Acts is still scarce, courts appear to be willing to award significant punitive damages.9
Alberta10 and in British Columbia (B.C.)11 have also enacted legislation pertaining specifically to privacy and personal information protection in the private sector. As their federal counterpart, PIPEDA, neither of these statutes provide for a direct statutory right of action for breach of the right to privacy. In both cases, an individual first needs to file a complaint with its provincial Privacy Commissioner. The latter will then review the complaint, conduct an inquiry and make an order. It is only when the order rendered by the Commissioner has became final, as a result of there being no further right of appeal, that the individual affected by the order has a cause of action against the organisation for damages.
In Québec, where private law follows the civil law tradition, the right to privacy is protected by several provisions of the Civil Code of Québec12 and by the Charter of Human Rights and Freedoms. The latter is often said to have a “quasiconstitutional” status since no laws adopted by the Québec National Assembly can derogate from the fundamental freedoms and rights it protects, unless it expressly states so.13 A breach of the rights to privacy provided in the Civil Code and in the Québec Charter can lead to the award of both monetary, non-monetary damages (such as inconvenience stress, embarrassment) and punitive damages. Like Alberta and B.C., Québec has also adopted a statute protecting the collection, disclosure and use of one’s personal information by a private organisation.14
Common law Tort of Invasion of Privacy
As noted in the Issues Paper, there was, until very recently, no common law cause of action for invasion of privacy in Canadian law. However, on, the Court of Appeal for the province of Ontario unanimously recognised the tort of intrusion upon seclusion in 18 January 2012 in its judgment Jones v Tsige.15
The elements of this cause of action are as follows:
- The defendant’s conduct must be intentional;
- The defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and
- A reasonable person would regard the invasion as highly offensive, causing distress, humiliation or anguish.
Since this decision was rendered by an appellate court, it should be expected to influence the development of the common law throughout the other Canadian common law jurisdictions. For an in depth look at the decision, see the following article “Coming here? The Canadian privacy tort: Jones v Tsige  ONCA 32 (CA)” by Bruce Arnold.16
This story was first published in issue (2012) 8(5) of the Privacy Law Bulletin by LexisNexis.