Friday, April 27, 2012

Law Reform Commission of Saskatchewan Recommendations on the Privacy Act by Greg

The Law Reform Commission of Saskatchewan has released a report on the future of the Privacy Act, featuring four general recommendations.

First, the Commission concluded that the general tort of breach of privacy created by the Privacy Act should have a role to play in protecting privacy notwithstanding other means available to pursue the same end. In particular, the Commission compared the Privacy Act to more comprehensive "code" legislation as follows at p. 16:

The comprehensive code approach of legislation like The Freedom of Information and Protection of Privacy Act is desirable, but may lack the flexibility to deal with unexpected and novel circumstances. The Privacy Act may remain useful to fill gaps in the legislation.

Gaps are apt to exist for several reasons. Not all threats to privacy are likely to attract the kind of attention legislators have given to information gathering. New issues can be expected to arise more rapidly than legislators can react. As the British Columbia Law Institute observes:

Without a general civil remedy for violation of privacy, conduct that does not involve the misuse of personal information and that does not reach the level of criminality, but which is still offensively invasive, might not be subject to any legal sanction.

Second, the Commission proposed two noteworthy amendments to the elements of the tort of breach of privacy, both addressing the standard of knowledge of the defendant. Rather than requiring that a breach itself be "wilful", the Commission proposed that the cause of action include proof that the defendant (1) knew or ought to have known that the breach constituted a non-trivial violation of the privacy of the plaintiff; and (2) did not honestly and reasonably believe that some legal justification or excuse existed for the breach.

In effect, these amendments would allow for some liability in cases where evidence about the defendant's actual knowledge and intent is nonexistent or entirely neutral: in such a case the "ought to have known" standard under the first branch could apply, while the absence of an evidentiary basis to establish an honest and reasonable belief would allow the claim to succeed under the second. However, I do wonder whether the combination is more complicated than necessary - and in particular, whether actual or imputed knowledge that a breach is non-trivial should form a separate element of the tort.

Third, the Commission recommended a specific provision to the effect that activities in a public setting may nonetheless enjoy a reasonable expectation of privacy. This would serve as a useful clarification of the types of privacy interests intended to be covered, as past cases have offered conflicting conclusions as to what privacy interest (if any) exists outdoors or on common or public property.

Finally, the Commission proposed two additional listed examples of breaches of privacy. While these may serve to modernize the legislation, though, I wonder whether there could be any dispute that unauthorized access to or surveillance of a computer would already be captured by the general provision in section 2.

We should find out in the relatively near future whether the recommendations are met with some action to update the Privacy Act, and I'll be interested to see whether a set of amendments can spur the type of case-law evolution expected when the Privacy Act and its counterpart legislation elsewhere was passed decades ago.

This blog consists of general legal information only, and does not constitute the provision of legal advice to any person or organization. Please contact me at if you require legal advice related to a breach of privacy.

Leave a comment