Court docket of Enchantment for British Columbia may acknowledge widespread regulation tort of breach of privateness

The evolution of Vicarious Liability for intentional torts - Lexology

In Tucci v Peoples Trust Company, 2020 BCCA 246 (“Tucci”), the British Columbia Court of Appeals has signaled that it may be prepared to recognize a common law tort for invasion of privacy. Since the British Columbia Privacy Act already provides for a tort of “willful” invasion of privacy, it is unclear what a common law tort would help protect the privacy interests of individuals unless the courts of British Columbia became a common law consider tort to be broader than the legal cause of action.

Facts and certification decision

We previously commented on the certification decision in Tucci. The facts are relatively simple. The Peoples Trust Company (“Peoples Trust”) – a nationwide regulated trust company – collected personal data from its customers. As a result of cyberattacks in 2013, hackers were able to obtain “a significant amount of personal information” about some customers. As a result, a class action lawsuit was initiated on behalf of the customers affected by the data breach.

The representative plaintiffs relied on a number of pleas in support of the claim, including a general law claim for invasion of privacy and, in particular, intrusion into seclusion. Plaintiffs have not relied on the tort of a breach of privacy under the British Columbia Privacy Act, which requires evidence of an intentional invasion of privacy. While the certifying judge refused to certify the British Columbia common law breach for failing to recognize that cause of action, the judge upheld a federal common law breach. The judge also upheld claims for breach of contract and negligence.

Analysis of the court of appeal on invasion of privacy under general law

The BC Court of Appeal’s analysis of invasion of privacy on common law issues depended on three analytical steps.

First of all, the Court had to determine whether the Federal Law on the Protection of Personal Data and Electronic Documents (“PIPEDA”) precludes a common law plea to enforce obligations under private law between private parties. Since Peoples Trust is a government regulated company, PIPEDA applies to that company. Peoples Trust argued that PIPEDA is a complete code and precludes the possibility of bringing common law actions related to the data breach. Any party with a claim enshrined in the data breach must fall back on the mechanisms contained in PIPEDA, argued Peoples Trust. The appeals court did not accept this argument. Rather, it took the view that, with respect to claims between private parties, there is nothing in PIPEDA that reflects the legislature’s intention to “abolish obligations under private law or the ability of injured parties to pursue common law causes”. In other words, the appellate court found that PIPEDA was not a complete code of conduct in relation to claims between private parties and that common law claims could be made.

Second, the appeals court looked at whether there was any particular federal customary law applicable to the present claims. This issue was important because British Columbia’s jurisprudence has determined in the past that there is no universally valid ground for invasion of privacy in British Columbia. The theme was formulated on the basis of federal common law as opposed to British Columbia to overcome this legal hurdle. However, the appeals court did not accept this approach. Rather, it was found that there is only one common law in Canada. This common law can only be replaced by valid legislation from a level of government that has the constitutional authority to do so. As noted above, the Court of Appeal found that PIPEDA was not superseding common law in this case. Furthermore, plaintiffs appear to have promised no other data protection law, including the British Columbia Privacy Act. Therefore these statutes were not applicable for the purposes of analysis. In fact, the appeals court held that Canada has only one common law and that there are no statutory provisions that would replace the common law.

Third, the appeals court made non-committal comments on whether common law recognizes or should recognize a right to invasion of privacy, including invasion of seclusion. The appellate court did not rule the matter as plaintiffs did not appeal against the certifying judge’s finding that there is no recognized tort for invasion of privacy in British Columbia, including invading seclusion. Instead, the appeals court suggested that it might be time for the court to review its previous case law on the matter. The Court of Appeal found that its previous case law suggesting that there is no customary tort for invasion of privacy was a “thin” one that included a “small analysis” of the issue and the applicants’ claims in all cases decided “Failed for several reasons”. The appeals court also suggested that recognition of a cause of action under common law for invasion of privacy reflects the increasingly critical role that personal data plays in people’s lives.

Ambiguities arise

It is unclear why the plaintiffs in Tucci failed to make a claim under the British Columbia Privacy Act. Plaintiffs may have believed that if the Peoples Trust was the target of a cyberattack and plaintiffs alleged that the intrusion was negligent rather than willful or willful, it would not be possible to determine an “intentional” invasion of privacy by Peoples Trust by People’s Trust.

The willingness of the British Columbia Court of Appeals to reconsider the existence of a customary tort for invasion of privacy in British Columbia raises questions about the extent of a customary tort of invasion of privacy when the tort adequately protects the privacy interests of individuals can. In examining a common law data breach, British Columbia courts may need to consider whether it is limited to the privacy interest protected by the Ontario-recognized solitary intrusion or whether it includes other privacy interests. British Columbia courts may also need to review whether data protection law “occupies the field” so that there is no scope for recognition of a tort under common law. If a tort is recognized in British Columbia, parties involved in national data protection lawsuits – both in British Columbia and in other courts – would need to consider both the tort and the common law suit in British Columbia the legal tort co-operates as common law and legal acts in other provinces.


Please enter your comment!
Please enter your name here