Canadian consumers have a better set of legal tools to hold companies responsible for privacy breaches than their U.K. counterparts, judging by a recent ruling involving an internet search engine, Toronto lawyer and mediator Howard Winkler tells AdvocateDaily.com.
The CBC recently reported on the refusal of the High Court of England and Wales to certify a class action against the search engine giant over claims the company illegally accessed iPhone users’ internet history data.
Despite describing the company’s actions in bypassing privacy settings on smartphone users’ internet browsers as “wrongful, and a breach of duty” the British judge ruled the action could not proceed because the claimants had failed to prove any damages.
Winkler, principal and founder of Winkler Dispute Resolution, says members of the consumer coalition who brought the action may have had a better chance of success in Canadian courts.
“The situation in Ontario is much more favourable to plaintiffs under similar circumstances,” he says. “Here, there are avenues both in statute and the common law by which claimants can pursue remedies for privacy breaches.”
In fact, Winkler explains there are three main routes claimants could have taken in Canadian courts to hold search engines or other companies responsible for breaches, though he adds that nobody should expect a huge windfall.
“The damages aren’t considerable, so one has to think about whether they are worth pursuing,” Winkler says. “While there is some public interest in holding those responsible for breaches accountable, it’s possible that the only real winners are the lawyers.”
“There is a growing body of class-action lawsuits in Canada for breach of privacy, with at least six settlements of such cases,” Winkler says.
Typically, he says the settlements approved by the courts provide for a nominal amount to individual class members for wasted time and inconvenience, plus a further capped pool of money to fund claimants who can prove actual damages as a result of the breach.
“On the one hand, it’s not an avenue that’s likely to generate much money, but it does provide a mechanism whereby the wrongdoer can be held to account in court for the breach of privacy, while plaintiffs receive at least some compensation,” Winkler says.
When individuals complain to the Office of the Privacy Commissioner of Canada (IPC) about a potential breach of Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the IPC will render a report on the incident.
Regardless of the IPC’s decision, Winkler says the law allows for complainants to seek damages related to the alleged privacy breach in Federal Court for “humiliation.”
“The court doesn’t require proof of actual damages to make an award,” he says. “It’s more in the nature of symbolic or moral damages, which are awarded in part for deterrence against the wrongdoer.”
Winkler says damages awarded under PIPEDA are typically in the range of $2,500 to $5,000 but have gone as high as $20,000 in one extreme case where the court found the company’s behaviour “reprehensible.”
Ever since a landmark 2012 Court of Appeal decision, Ontarians have been able to sue under what is commonly known as a breach of privacy tort.
That decision, which recognized the existence of the tort of “intrusion upon seclusion” for the first time, concerned a bank employee who repeatedly accessed the account records of a colleague after becoming romantically involved with the woman’s former spouse.
“Damages in Ontario have gone as high as $20,000, and in exceptional circumstances, they could go much higher, such as where the conduct is egregious and relates to the disclosure of sexual content,” Winkler says.