Tuesday, February 25, 2014

Court agrees to protect plaintiffs' identities in invasion of privacy case against Health Canada

In a decision issued yesterday, the Federal Court ordered the the identity of plaintiffs in a putative class action against Health Canada should be protected to allow them to pursue their claim against the Government for the breach of privacy of members of the Medical Marihuana Access Program.

As blogged about last year, my firm filed a proposed class action lawsuit against Health Canada after it sent a mailing to approximately 40,000 people who are authorized to possess or grow marijuana under the program administered by Health Canada. (More info is here.)

Shortly after the breach occurred, lawsuits were filed in the federal courts by my firm, McInnes Cooper of Nova Scotia, and Branch McMaster of British Columbia. Sutts Strosberg of Ontario filed a lawsuit in the Ontario Superior Court. Each of these cases has a separate named plaintiff and all three of them were filed with the intent that they would be certified as class actions on behalf of all similarly affected participants in the MMAP.

The suit commenced by McInnes Cooper was filed on behalf of “John Doe”, a resident of Nova Scotia. The suit commenced by Sutts Strosberg was filed on behalf of “Suzie Jones”, a resident of Ontario. The case commenced by Branch McMaster was filed on behalf of an individual who chose to identify himself. The “John Doe” and “Suzie Jones” cases have been consolidated into one case in the Federal Court of Canada.

“John Doe” and “Suzie Jones” are pseudonyms for the proposed representative plaintiffs, so that the identities of those individuals would not become known. On February 20, 2014, a motion was heard in the Federal Court of Canada for an order of the court protecting the identities of “John Doe” and “Suzie Jones”. In most cases, parties to a legal action are required to name themselves and this information appears on the public record. Because the case against Health Canada is based on the disclosure of program members’ identities in association with the MMAP, requiring participants in these lawsuits to name themselves would further harm their privacy.

On February 25, 2013 we received the decision of the Court. The Court agreed that to deny the plaintiffs anonymity in the court proceeding would disclose the very information they seek to protect and exacerbate the damage and/or risk of harm that has already been caused by Health Canada’s mailing that identified them as a participant in the Program.

Government lawyers, on behalf of Health Canada, argued that this was a matter related solely to marihuana use and that the plaintiffs’ privacy should not be protected. Relying on newspaper articles and internet research, they argued that public opinion about marihuana use has changed to be more accepting. The Court rejected this evidence as irrelevant, explaining:

“What the Plaintiffs’ marijuana use discloses is their medical and health information. The Plaintiffs are patients, no simply “users”. Disclosing their identities discloses that a course of treatment has been prescribed by them by a medical doctor, and that they suffer from serious health conditions and symptoms. Identifying the Plaintiffs by name or information that discloses their personal identity also discloses that they have or are likely to have medical marihuana in their homes – something that Health Canada itself saw as a serious safety and security risk.

Accordingly, I am satisfied that in the within case of John Doe and Suzy Jones, without the protection they seek on this motion, the important issues they raise in their Amended Statement of Claim may not be determined in this forum, and that the issues they raise regarding patient rights, privacy and whether Health Canada owes a duty of care and has breached that duty and is liable are issues that are in the public interest to be determined. The Plaintiffs have requested only that their personal identity be protected and with minimum intrusion on the open court process.”

It's particularly gratifying that the Court acknowledged that this isn't just a matter of protecting the privacy of marihuana users, but more centrally concerns sensitive health information that was disclosed.

(Members of the proposed class can register and get more information at http://www.marijuanaclassaction.com).

Monday, February 17, 2014

Canadian government to appeal court decision chastising it for outsourcing spying on Canadians

Apparently the Canadian government plans to appeal a Federal Court decision that roundly chastised the Canadian Security Intelligence Service, the Communications Security Establishment of Canada and Department of Justice for misleading the Court in order to get warrants to have "Five Eyes" partners spy on Canadians outside of Canada. This is according to Star Phoenix and statements made during testimony before the Senate National Defence Committee.

See: Government appeals judge's ruling on 'outsourced' spying.

Friday, February 14, 2014

Ontario provincial health privacy law does not pre-empt invasion of privacy claim in tort

The Ontario Superior Court in Hopkins v. Kay, 2014 ONSC 321 (CanLII) has concluded that the Personal Health Information Protection Act does not pre-empt a claim for "intrusion upon seclusion" against a hospital and its employees for unlawfully perusing personal health records:

[29] While it is argued by counsel for the Hospital that Jones dealt with Federal privacy legislation (“PIPEDA”), it is equally clear to me that Sharpe J.A. conducted a review of other similar legislation and specifically referred in his decision to PHIPA. At paragraphs 47-51, however, and again at paragraphs 52-54, there can be no doubt that Sharpe J.A. was well aware of the provisions of PHIPA and the potential impact of recognizing a common law tort of breach of privacy. In dealing with whether or not the legislation had occupied the field, the comments of Justice Sharpe at paragraph 54 are particularly apropos when he states:
Significantly, however, no provincial legislation provides a precise definition of what constitutes an invasion of privacy. The courts and provinces with a statutory tort are left with more or less the same task as courts and provinces without such statutes. The nature of these acts does not indicate that we are faced with a situation where sensitive policy choices and decisions are best left to the legislature. To the contrary, existing provincial legislation indicates that when the legislatures have acted, they have simply proclaimed a sweeping right to privacy and left it to the courts to define the contours of that right.
[30] I am not satisfied from a review of Jones that it should be, as suggested by counsel for the Hospital, restricted to the facts of that case. Rather, I am of the view that the Court of Appeal in Jones has determined that the common law right to proceed with a claim, based on the tort of breach of privacy, as alleged in the plaintiff’s statement of claim is a claim that should be allowed to proceed. This is not a case that, in my view, is so plain and obvious that the court should strike out the claim. If the position of the Hospital is to be sustained, it will require a decision of the Court of Appeal, which as the British Columbia Court of Appeal has done, determines that there is no claim for breach of privacy and that the claim must rest on the provisions of PHIPA. The defendants’ motion is therefore dismissed with costs.

Thanks to Barry Sookman for pointing this case out ...

Wednesday, February 12, 2014

More details about Nova Scotia's first cyberbullying prevention order

Yesterday, I blogged about the first cyberbullying prevention order issued under Nova Scotia's Cyber-safety Act. (See: Canadian Privacy Law Blog: Nova Scotia court issues first cyberbullying prevention order.)

At that point, all I had to go on was the media reporting. Since then, I've managed to get my mitts on the Order of Justice Robertson, the brief filed by the Nova Scotia Director of Public Safety, the affidavit of Chief Paul, and the affidavit of CyberScan Unit enforcement officer Dana Bowden. No copy of actual decision or reasoning of the judge is available. Hopefully that will be released shortly.

In the past, I've been critical of the over-breadth of the Cyber-safety Act and its definition of cyberbullying that can capture legitimate speech that is protected by the Charter of Rights and Freedoms. Most of the reporting on this case focused on comments that were characterised as harassing. The crown attorney went even further:

Crown attorney Angela Jones told the court that the comments made by Prosper were “defamatory, vulgar, … abusive and obscene.”

[None of the comments that I saw met the legal definition of "obscene".]

However, the contents of the affidavit seem to tell a different tale. While certainly the communications that were alleged to have been made by the respondent were what I would call unpleasant, sometimes vulgar and certainly repeated, it also appears to be rooted in questions related to the management of the finances of the Pictou Island First Nation overseen by the complainant. I didn't see any attempt anywhere in the documents to do anything less than shut the respondent down completely. The CyberScan investigator met with the respondent and told him to stop all of his communications with the Chief, not to tone it down.

While this is the first such order, it's a bit disheartening that a statute with the potential to dramatically chill constitutionally protected speech doesn't seem to be applied in a manner to temper this overreach, as was the case when a constituent of Nova Scotia MLA Lenore Zahn was told by the CyberScan Unit to remove tweets that questioned her judgement.

Nova Scotia court issues first cyberbullying prevention order

A judge of the Nova Scotia Supreme Court has issued the first "Cyberbullying prevention order" under the province's Cyber-safety Act.

The case, as it has been reported, appears to be a classic case of online harassment where the victim reportedly received numerous threatening messages through Facebook. When the user was "blocked", he then repeatedly communicated with the victim's children conveying threatening messages. I haven't seen the actual order yet, but it reportedly orders him to stop "cyberbullying" and communicating with or about the victim.

One additional point that's worth pondering is that the respondent to the order, who did not appear, is in Ontario which may make enforcing this order under Nova Scotia's unique law a challenge.

From Global TV (the link will also take you to a video where I was interviewed):

Nova Scotia court issues first cyberbullying prevention order - Halifax | Globalnews.ca

HALIFAX – A Nova Scotia Supreme Court judge has imposed a cyberbullying prevention order on a man who was accused of using Facebook to post threatening and defamatory statements about the chief of a First Nation.

The order is the first imposed by a court under the province’s Cyber-safety Act and involves allegations made by Andrea Paul, chief of the Pictou Landing First Nation.

She alleges Christopher George Prosper posted abusive and obscene comments about her and her family on Facebook last year.

Paul says she contacted the province’s CyberSCAN unit, which is the first of its kind in the country to be tasked with investigating complaints of cyberbullying.

Judge Heather Robertson told a Halifax courtroom that she was satisfied this was a case of cyberbullying under the act, saying Prosper’s actions hurt Paul’s reputation and psychological well-being.

David Fraser, a privacy lawyer with the McInnes Cooper firm in Halifax, says Nova Scotia’s cyberbullying legislation is ultimately doomed to fail.

“There is … a very real possibility that this legislation could be used to chill charter-protected speech, the ability of individuals to express themselves, the ability of individuals to be critical of their government, of public officials,” he said.

Fraser believes the bill will be challenged in the near future.

The court order is imposed for one year and it says Prosper must remove all messages deemed to be cyberbullying, refrain from contacting Paul and stop cyberbullying.

Tuesday, February 11, 2014

Today we fight back against mass, suspicionless surveillance

Take action against mass, suspicionless surveillance. If you're from Canada, go here and tell your MP that this is an important issue that cannot be ignored: TheDayWeFightBack.Ca and then go here: Necessary and Proportionate - Take Action.

In the US, go here: TheDayWeFightBack.Org.

Monday, February 03, 2014

Parsing the newspeak of Canadian surveillance -- "private communications"

If you were watching today's testimony of John Forster, chief of the Communications Security Establishment Canada and Michel Coulombe of the Canadian Security and Intelligence Agency before the Senate national security and defence committee, you probably noticed the consistent denial that they were intercepting "private communications", in contrast to metadata. That phrase was repeated like a mantra. The origin seems to come from the Criminal Code, which contains the following ambiguous definition at Section 183.

"private communication” means any oral communication, or any telecommunication, that is made by an originator who is in Canada or is intended by the originator to be received by a person who is in Canada and that is made under circumstances in which it is reasonable for the originator to expect that it will not be intercepted by any person other than the person intended by the originator to receive it, and includes any radio-based telephone communication that is treated electronically or otherwise for the purpose of preventing intelligible reception by any person other than the person intended by the originator to receive it;

It would certainly appear that these witnesses were well coached to believe that "private communication" includes "metadata", which was dismissed as just "data about data". I'm not so convinced that "private communication" excludes signalling information or transmission data. First, the definition refers to "any oral communication" or "any telecommunication", not "any oral communication" or "any [oral] telecommunication". Words matter and -- in this case -- punctuation matters.

Any capturing of metadata is, in my view, capturing "private communications".

And the suggestion that capturing "metadata" is somehow innocuous flies in the face of reality. Who I call is my business. How often I call them is also my business. I have no problem if you can get a judge to issue a warrant, based on reasonable and probable grounds, to intercept it. But dragnet surveillance of innocent people is not acceptable in a free and democratic society.

(I'm afraid, given the recent revelations, that nobody will be able to say -- for any communication -- that it "is reasonable for the originator to expect that it will not be intercepted".)

Sunday, February 02, 2014

German TV interview with Edward Snowden (in English)

This is important to watch. And once you've watched the full half hour, consider why it was never broadcast in North America.