The Law Keeps Pace: The Business Implications of the New Civil Privacy Claim for “Public Disclosure of Private Facts” in Doe 464533 v. D.
January 27, 2016
By David Fraser, Privacy Lawyer | Partner at McInnes Cooper,
Trent Skanes, Lawyer at McInnes Cooper
On January 21, 2016, the Ontario Superior Court of Justice dramatically expanded the scope of legal privacy protection – and the liability exposure for breaching it. For the first time, a Canadian court expressly recognized a new privacy-based legal claim: “public disclosure of private facts” or “breach of confidence” – and awarded real monetary compensation for it. The decision demonstrates the law’s ability to keep pace with new kinds of misconduct (especially where it cries out for a legal remedy, like cyberbullying). But it also increases the liability exposure for data breaches by businesses that are the custodians of sensitive personal information, particularly if they have it “in confidence” – which implicitly includes any information held under the Personal Information and Electronic Documents Act (PIPEDA). It’s now much easier for those whose privacy is breached by such businesses to sue – and to get potentially significant compensation.
Jane Doe’s ex-boyfriend (“Don”) posted on the internet an explicit sexual video of her without her knowledge or consent – a case of so-called “revenge porn”. The video was up for three (3) weeks then removed; there wasn’t any way to determine the number of times it was viewed or downloaded during that time. Ms. Doe sued Don and asked the Court for monetary compensation and punitive damages (a monetary award intended to punish the defendant ex-boyfriend) and for an order to stop him from such conduct in the future; Don didn’t have any legal counsel at the hearing. The Court said the case was about someone’s ability to sue for invasion of her privacy, and decided Ms. Doe could sue – and succeed.
Plugging the legal remedies gap. In today’s electronic and Internet age, privacy is easier to invade – but not less worthy of protection. And sharing personal and private communications and privately sharing intimate details are still essential life activities. If someone entrusted with them could intentionally share them via the internet without legal recourse, there would be a gap the law’s remedies – and there should be an available remedy in appropriate cases.
The new remedy: claim of public disclosure of private facts. The Court adopted a slightly modified, but still fitting, description of the new claim formulated in 1960 in the United States – long before the Internet, porn website or cyberbullying: someone who gives publicity to a matter concerning another’s private life is subject to liability to that other person for invasion of her if either the matter publicized – or, the Court added, the act of the publication – would be highly offensive to a reasonable person and is not of legitimate concern to the public. The key features of the claim are:
- Public disclosure. The disclosure of the private facts must be a public – not a private – disclosure.
- Private facts. The facts publicly disclosed must be private – not public – facts.
- Objectively offensive. The matter made public must be one that would be offensive and objectionable to a reasonable person of ordinary sensibilities.
Significant compensation. Since there was no guidance from other decisions because this claim was novel, it was appropriate to be guided by awards in sexual assault and sexual battery cases – and awarded Ms. Doe $100,000: $75,000 monetary damages (general and aggravated) plus punitive damages of $25,000. Read the Ontario Superior Court’s decision in Doe 464533 v. D., 2016 ONSC 541 here (PDF). Don didn’t have legal counsel at the court hearing, so there’s still a question of what arguments his legal counsel, if he had any, would have made against the recognition of the new claim and whether it would have succeeded. And unless Don appeals the decision, the development of this new legal claim won’t continue unless and until another case comes before another court. But the decision still demonstrates that the law is trying hard to keep up with reality and technology – and is, arguably, succeeding.
Incremental development. It incrementally develops the law in line with the Canadian Charter of Rights and Freedom’s fundamental value of privacy protection, building on the foundation the Ontario Court of Appeal laid in 2012 (Jones v. Tsige, 2012 ONCA 32). That case effectively adopted the first of four privacy-based civil claims; this one adopts the second (Canadian law already recognizes the third and fourth):
- Intrusion upon the plaintiff’s seclusion or solitude, or into his private affairs.
- Public disclosure of embarrassing private facts about the plaintiff.
- Publicity which places the plaintiff in a false light in the public eye.
- Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.
Cyberbullies get out your wallet. There are now fewer gaps in the law protecting privacy: it’s easier to sue for breach of privacy under either intrusion upon seclusion or, now, public disclosure of your private facts. This gives targets of privacy-intrusive behaviour – including of cyberbullying – a new legal weapon against the easy, instant publication and profileration of damaging social media and Internet content. The new tool isn’t a criminal, or even quasi-criminal, sanction, like the now ineffective NS Cyber-safety Act. But if the amount of the monetary award in this case – a substantial amount as far as legal cases go – is any indication, it will likely have a similar deterrent effect. To learn more about the fate of the NS Cyber-safety Act, read McInnes Cooper’s: The Bell Tolls for NS Cyber-Safety Act – NS Supreme Court Decides Act Is Unconstitutional here.
Businesses are also exposed. A less obvious – but equally real – effect of this decision and its tightening of the gap in privacy protection is on the liability exposure of businesses. Many businesses are custodians of sensitive personal information, especially if they hold it “in confidence” – and any information held under PIPEDA is implicitly held in confidence. Just as cyberbullies are now exposed liability for publicly disclosing private facts, so too are businesses exposed to liability for data breaches that publicly disclose private information of which they are the custodian. It remains to be seen how such a claim on this scale would play out, but not many businesses would want to be the guinea pig for how such a claim would go – or how much compensation a court would be willing to award for it. But now is a good time for these businesses to audit their date protection and security processes and procedures – and plug any gaps themselves.
Please contact your McInnes Cooper lawyer or any member of our McInnes Cooper Privacy Team to discuss this topic or any other legal issue.
McInnes Cooper has prepared this document for information only; it is not intended to be legal advice. You should consult McInnes Cooper about your unique circumstances before acting on this information. McInnes Cooper excludes all liability for anything contained in this document and any use you make of it.
© McInnes Cooper, 2016. All rights reserved. McInnes Cooper owns the copyright in this document. You may reproduce and distribute this document in its entirety as long as you do not alter the form or the content and you give McInnes Cooper credit for it. You must obtain McInnes Cooper’s consent for any other form of reproduction or distribution. Email us at email@example.com to request our consent.
- Share with others
- Stay informed with our legal updates by subscribing.