Monday, January 23, 2012

US Supreme Court Justice reconsiders "third party doctrine"

I linked earlier today to the important case of US v Jones (US Supreme Court says cops need a warrant to GPS track a vehicle). It's an important case, but I think it is worth noting Justice Sotomayor calls the "third party doctrine" into question. It is an aside and not the opinion of the Court, but hopefully is the first of many reconsiderations of this deplorable and outdated legal theory that states you lose any expectation of privacy if your personal information is in the hands of any third party.

Here is her discussion of this point:

More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U. S., at 742; United States v. Miller, 425 U. S. 435, 443 (1976). This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks. People disclose the phone numbers that they dial or text to their cellu- lar providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medi- cations they purchase to online retailers. Perhaps, as JUSTICE ALITO notes, some people may find the “tradeoff” of privacy for convenience “worthwhile,” or come to accept this “diminution of privacy” as “inevitable,” post, at 10, and perhaps not. I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year. But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy. I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection. See Smith, 442 U. S., at 749 (Marshall, J., dissenting) (“Privacy is not a discrete commodity, possessed absolutely or not at all. Those who disclose certain facts to a bank or phone company for a limited business purpose need not assume that this information will be released to other persons for other purposes”); see also Katz, 389 U. S., at 351–352 (“[W]hat [a person] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected”). Resolution of these difficult questions in this case is unnecessary, however, because the Government’s physical intrusion on Jones’ Jeep supplies a narrower basis for decision. I therefore join the majority’s opinion.

For some discussion of this, check out A Supreme Court Justice's Radical Proposal Regarding The Privacy of Your Google Searches, Facebook Account & Phone Records - Forbes.

US Supreme Court says cops need a warrant to GPS track a vehicle

The US Supreme Court has just released its unanimous decision in US v Jones [PDF], in which the Court held that law enforcement need either a warrant or the owner's permission to attach a GPS tracking device on a vehicle. This is an important decision and the fact that it was unanimous is encouraging.

See also: High Court - Warrant Needed for GPS Tracking - NYTimes.com

Wednesday, January 18, 2012

Ontario recognizes tort of invasion of privacy

A unanimous panel of the Ontario Court of Appeal has just released its decision in Jones v Tsige, 2012 ONCA 32. The court has recognized that there is a tort of invasion of privacy in Ontario. The decision can be found here: Jones v. Tsige, 2012 ONCA 32, but here is the gist of the tort:

2. Defining the tort of intrusion upon seclusion

a) Introduction

[65] In my view, it is appropriate for this court to confirm the existence of a right of action for intrusion upon seclusion. Recognition of such a cause of action would amount to an incremental step that is consistent with the role of this court to develop the common law in a manner consistent with the changing needs of society.

b) Rationale

[66] The case law, while certainly far from conclusive, supports the existence of such a cause of action. Privacy has long been recognized as an important underlying and animating value of various traditional causes of action to protect personal and territorial privacy. Charter jurisprudence recognizes privacy as a fundamental value in our law and specifically identifies, as worthy of protection, a right to informational privacy that is distinct from personal and territorial privacy. The right to informational privacy closely tracks the same interest that would be protected by a cause of action for intrusion upon seclusion. Many legal scholars and writers who have considered the issue support recognition of a right of action for breach of privacy: see e.g. P. Winfield, “Privacy” (1931), 47 L.Q.R. 23; D. Gibson, “Common Law Protection of Privacy: What to do Until the Legislators Arrive” in Lewis Klar (ed.), Studies in Canadian Tort Law (Toronto: Butterworths, 1977) 343; Robyn M. Ryan Bell, “Tort of Invasion of Privacy – Has its Time Finally Come?” in Todd Archibald & Michael Cochrane, Annual Review of Civil Litigation (Toronto: Thomson Carswell, 2005) 225; Peter Burns, “The Law and Privacy: the Canadian Experience” (1976), 54 Can. Bar Rev. 1; John D.R. Craig, “Invasion of Privacy and Charter Values: The Common Law Tort Awakens” (1997), 52 McGill L.J. 355.

[67] For over one hundred years, technological change has motivated the legal protection of the individual’s right to privacy. In modern times, the pace of technological change has accelerated exponentially. Legal scholars such as Peter Burns have written of “the pressing need to preserve ‘privacy’ which is being threatened by science and technology to the point of surrender”: “The Law and Privacy: the Canadian Experience” at p. 1. See also Alan Westin, Privacy and Freedom (New York: Atheneum, 1967). The internet and digital technology have brought an enormous change in the way we communicate and in our capacity to capture, store and retrieve information. As the facts of this case indicate, routinely kept electronic data bases render our most personal financial information vulnerable. Sensitive information as to our health is similarly available, as are records of the books we have borrowed or bought, the movies we have rented or downloaded, where we have shopped, where we have travelled, and the nature of our communications by cell phone, e-mail or text message.

[68] It is within the capacity of the common law to evolve to respond to the problem posed by the routine collection and aggregation of highly personal information that is readily accessible in electronic form. Technological change poses a novel threat to a right of privacy that has been protected for hundreds of years by the common law under various guises and that, since 1982 and the Charter, has been recognized as a right that is integral to our social and political order.

[69] Finally, and most importantly, we are presented in this case with facts that cry out for a remedy. While Tsige is apologetic and contrite, her actions were deliberate, prolonged and shocking. Any person in Jones’ position would be profoundly disturbed by the significant intrusion into her highly personal information. The discipline administered by Tsige’s employer was governed by the principles of employment law and the interests of the employer and did not respond directly to the wrong that had been done to Jones. In my view, the law of this province would be sadly deficient if we were required to send Jones away without a legal remedy.

c) Elements

[70] I would essentially adopt as the elements of the action for intrusion upon seclusion the Restatement (Second) of Torts (2010) formulation which, for the sake of convenience, I repeat here:

One who intentionally intrudes, physically or otherwise, upon the seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the invasion would be highly offensive to a reasonable person.

[71] The key features of this cause of action are, first, that the defendant’s conduct must be intentional, within which I would include reckless; second that the defendant must have invaded, without lawful justification, the plaintiff’s private affairs or concerns; and third, that a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish. However, proof of harm to a recognized economic interest is not an element of the cause of action. I return below to the question of damages, but state here that I believe it important to emphasize that given the intangible nature of the interest protected, damages for intrusion upon seclusion will ordinarily be measured by a modest conventional sum.

d) Limitations

[72] These elements make it clear that recognizing this cause of action will not open the floodgates. A claim for intrusion upon seclusion will arise only for deliberate and significant invasions of personal privacy. Claims from individuals who are sensitive or unusually concerned about their privacy are excluded: it is only intrusions into matters such as one’s financial or health records, sexual practices and orientation, employment, diary or private correspondence that, viewed objectively on the reasonable person standard, can be described as highly offensive.

[73] Finally, claims for the protection of privacy may give rise to competing claims. Foremost are claims for the protection of freedom of expression and freedom of the press. As we are not confronted with such a competing claim here, I need not consider the issue in detail. Suffice it to say, no right to privacy can be absolute and many claims for the protection of privacy will have to be reconciled with, and even yield to, such competing claims. A useful analogy may be found in the Supreme Court of Canada’s elaboration of the common law of defamation in Grant v. Torstar where the court held, at para. 65, that “[w]hen proper weight is given to the constitutional value of free expression on matters of public interest, the balance tips in favour of broadening the defences available to those who communicate facts it is in the public’s interest to know.”

Police coming up empty with justification for "lawful access"

Perhaps not surprising to those who have covered this issue for the past number of years, the special interest groups representing law enforcement are scrambling to come up with examples of why "lawful access" is necessary and their inquiries are drawing blanks. Check it out: Police: No ‘good examples’ of why we need Lawful Access - Jesse Brown - Macleans.ca and Police ‘scrambling’ to justify lawful access laws | FP Tech Desk | Financial Post.

Wednesday, January 11, 2012

Geist: Are Canada’s digital laws unconstitutional?

Michael Geist's regular column in the Toronto Star is very interesting this week. It highlights that the recent decision of the Canadian Supreme Court regarding a single, national securities regulator throws into question the constitutionality of other federal laws that depend on the "general trade and commerce" power of the Canadian constitution, such as PIPEDA and the new anti-spam law. Geist predicts, rightly I think, that the Privacy Commissioner of Canada will likely face a constitutional challenge to her jurisdiction if she proceeds aggressively for order-making powers.

Check it out: Geist: Are Canada’s digital laws unconstitutional?.