Advertise

Developing a Tort of Privacy in the UK – Lessons from Canada

Developing a Tort of Privacy in the UK – Lessons from Canada

With the steady modernisation of the technology surrounding communication and dissemination of information, it is all too apparent that privacy is increasingly becoming an endangered species. Quite recently, a burgeoning social media economy and the proliferation of various forms of electronic transmission of information have changed the modes in which private information is obtained and disseminated.

In September 2011, the Court of Appeal in Ontario, Canada, went where no English court has gone before.

Platforms such as Facebook, Twitter and weblogs, as well as electronic banking, peer-to-peer sharing and cloud technology have exposed people to a more decentralised and less governable environment, where information about people’s private lives can often be obtained and communicated without breach of confidence. Despite this, in the case of Wainwright v Home Office,[1] English courts reiterated their position that a general tort for ‘invasion of privacy’ does not exist at English common law.

For many years, other common law jurisdictions followed suit in this reluctance to create a tort of privacy. Instead, they have relied on a patchwork of legislative regimes such as PIPEDA, Freedom of Information and Protection of Privacy Act (in Canada) and the Data Protection Act, EU Data     Protection Directive and various press regulatory codes in the UK.

Moreover, where such legislation fell short, the common law courts often tried to stretch existing remedies in torts such as trespass, assault and, most commonly, breach of confidence to cover breaches of privacy. Even leaving aside the conceptual difficulties such strategies introduce into the law, recent cases have revealed that this approach is no longer sufficient. It is against this backdrop that some have called for changes to the English law on privacy in order to protect individuals from unnecessary intrusions. However, many, including the English judges, are still unsure what this tort would look like and therefore remain reluctant to proceed.

In what follows, I will assess the current deficiencies of the English courts’ approach to privacy protection, and draw analogies from the landmark Canadian case of Jones v Tsige,[2] to show how the courts could move forward in creating a tort of privacy

Jones v Tsige and Canada’s recognition of privacy

In September 2011, the Court of Appeal in Ontario, Canada, went where no English court has gone before. For the first time, in the case of Jones v Tsige, it introduced a general common law tort of privacy, in relation to intrusion upon seclusion. Given the fact that this tort is a fairly recent development in Canada, and its elements are in its infancy and will need further elaboration, it remains to be seen whether its introduction will create conflicts with the legislative regimes already in place respecting privacy.

Legal uncertainties aside, however, one of the most salient features of this case, was how obvious the conclusion reached was. In Jones the Ontario appeals court departed from the current tradition of orthodoxy and judicial conservatism in this area, and refused to deny a tortious remedy on the basis that Canadian courts did not yet recognise a free standing, common law cause of action for invasion of privacy. As Sharpe JA stated in his judgment, the court was presented in this case with facts that cried out for a remedy.[3]

English courts currently protect privacy by subsuming actions under extant torts.

The Facts of Jones v Tsige

The facts of the case in Jones v Tsige are as follows. In 2009, it had eventually come to the attention of the appellant, Sandra Jones, that the respondent, Winnie Tsige, had been looking at Jones’ banking records while at work. Although the two ladies were not personally acquainted, they worked at different branches of the Bank of Montreal (BMO) and Tsige was in a common-law relationship with Jones’ ex-husband. Over the course of four years, Tsige had looked into Jones’ bank records a total of 174 times, in order to secretly gather information to aide herself in a financial dispute that she was involved in with the appellant’s ex-husband. On the facts of the case, the judge in the action had found that Jones was only entitled to summary judgment because Ontario law did not recognise the tort of ‘breach of privacy’, especially where Tsige had not distributed the private bank details of Jones. The action did not come under ‘wrongful disclosure’ as a result. He therefore dismissed Jones’ claim for damages. The main question of the subsequent appeal was: does Ontario law recognise a right to bring a civil action for damages for the invasion of personal privacy? In overturning the judge’s former ruling at first instance, the appeals court answered in the affirmative.

Defining the concept of privacy in English law

One of the most important facets of the decision in Jones v Tsige, is that the Canadian court of appeal managed to surmount the same initial obstacles faced by English courts in terms of introducing a general tort of privacy whose conceptual framework is precise enough to be useful. The initial obstacle to developing a tort of privacy is multifaceted, but the two most relevant features are (1) the mercurial nature of privacy and (2) the uncertainty of the scope of private interests that should be protected by a tort of invasion of privacy.

In the English case of Wainwright v Home Office, Hoffmann LJ stated that English law has so far been unwilling, perhaps unable, to formulate any high-level principle of privacy, which in turn grounds their hesitation to develop a tort of the same. [4] Within English law, privacy as a concept uniquely occupies a position between two competing convention rights, namely Articles 8 and 10 of the European Convention on Human Rights (ECHR). More problematically, the rights protected by the ECHR relate primarily to intrusions of privacy by government bodies, as opposed to intrusions by private individuals, as in the case of Jones.

English courts currently protect privacy by subsuming actions under extant torts. Most notably, in the case of Douglas v Hello! (No 1), [5] the English courts ostensibly tried to get around the discrepancy between modern privacy breaches and the established law on breach of confidence ([6]) by stretching the latter to include breaches where no prior relationship of confidence existed between the parties.[7]

The courts tried to circumvent this difficulty by suggesting that in order to find the new rules for the English law of breach of confidence, we now had to look in the jurisprudence of Articles 8 and 10 of the ECHR (per Buxton LJ in McKennitt v Ash).[8] Notably, the ECtHR ruled (for the first time) in Von Hannover, that the right:[9]

…to privacy afforded by Article 8 of the European Convention on Human Rights should not only protect an individual against interference by public authorities, but also against interference by private persons or institutions, including the mass media.

In this precedent case, the ECtHR allowed for the extension of article 8 to actions between private citizens, suggesting that governments were required to ensure the privacy was protected within this realm.[10]

The limitations of the UK’s approach to privacy

The interpolation of Article 8 into the English law of breach of confidence has allowed the courts to artificially extend the tort to cover instances where no relationship of trust or confidence existed between the parties and where both parties were private individuals. The new test now used to determine breach of confidence, as reiterated in Campbell v Mirror Group Newspapers Ltd is whether the information disclosed was of a confidential nature and whether there was a reasonable expectation of privacy.[11] Here, the English House of Lords drew attention to the distinction between identifying whether information is private and identifying whether it is proportionate to prevent disclosure of such information, having regard to the competing Convention right of freedom of expression (Article 10).[12]

This was especially problematic where neither a breach of confidence, nor the dissemination of private information had occurred.

However, again, in all its current efforts to accommodate breach of privacy, the forgoing only applies where there is information that has been disclosed to third parties, not where someone has accessed information belonging to another, which they had no lawful right to obtain in the first place. Warren and Brandeis foreboded the inadequacy of limiting privacy to ‘wrongful disclosure cases’, in their seminal paper The Right to Privacy.[13] This was especially problematic where neither a breach of confidence, nor the dissemination of private information had occurred. They argued that the doctrine of confidence as initially conceived was sufficient to guard against personal intrusion, back in the days when the abuse to be guarded against could rarely have arisen without violating a contract or a special confidence. However, due to modern devices and technology affording abundant opportunities for the perpetration of such breaches without any participation by the injured party ‘the protection granted by the law must be placed upon a broader foundation.'[14] The broader foundation referred to here is a general a tort of privacy, whether developed by law or legislation. However, this foundation is nowhere to be found in English law at the present date, and the lacuna still leaves people in situations such as Jones’ exposed in a fundamental way.

A conceptual way forward for privacy in Jones v Tsige

In trying to bridge the definitional lacuna regarding individuals’ privacy, and by corollary, those aspects the public had a duty not to intrude upon, the court in Jones made some headway in the problem stated above by drawing upon the American model to help define the three elements of the tort. Intrusion upon a person’s seclusion was used as the conceptual basis for privacy in this case. Sharpe JA cited Professor Prosser’s delineation of the four elements comprising an ‘intrusion upon privacy’:

Generally speaking, to make out cause of action for intrusion upon seclusion, a plaintiff must show:[15]

  1. An unauthorized intrusion
  2. That the intrusion was highly offensive to the reasonable person
  3. The matter intruded upon was private, and
  4. The intrusion caused anguish and suffering.

More broadly, the Canadian Departments of Communications and Justice have previously posited three pillars of privacy, under which ‘intrusion upon seclusion’ is subsumed. They are: (i) Privacy of the person (ii) Territorial Privacy (iii) Privacy of information.[16]

Like Prosser, American tort law has previously explored the foundational basis on which ‘intrusion upon seclusion’ is based. It cites four instances of intrusion where a breach of privacy would occur, (including unlawful searches, telephone tapping, long-distance photography and telephone harassment):[17]

    1. Public disclosure of private facts.
    2. Publicity putting the plaintiff in a false light.
    3. Appropriation, for the defendant’s advantage, of the plaintiff’s name or likeness.
[18]

From this preliminary guidance, it is apparent that privacy, as defined by ‘intrusion upon seclusion’ is not an entirely difficult term to circumscribe. English courts are therefore not truly at a conceptual impasse respecting the definition of privacy. Much scholarly work and foreign precedent is now available, should the courts be ready to move forward in defining a tort of privacy.

In his judgment in Jones, Sharpe JA was apt to acknowledge that ‘routinely kept electronic databases render our most personal financial information vulnerable.'[19] However, accessing an individual’s bank account for private purposes in fact falls outside of the current privacy framework endorsed within English law. Individuals who had their privacy violated in this way, would have little recourse unless the information was subsequently disseminated or used for fraudulent purposes.

English courts are therefore not truly at a conceptual impasse respecting the definition of privacy

English courts currently only focus the right to control the dissemination of information about one’s private life as opposed to prevention of intrusion in the first place.[20] However, departing from this approach, in Jones, the ‘deliberate, prolonged and shocking intrusion’ on the appellant’s privacy was enough to form part of the basis for a claim in privacy.

A new tort of privacy

Building upon the foundation of Canadian case law and scholarly work formulating a new tort of privacy, Sharpe JA listed the elements of the tort as follows:

    1. The intentional (or reckless) intrusion upon the seclusion of a person’s private affairs.
    2. The intrusion must be without lawful justification.
    3. And a reasonable person would regard the invasion as highly offensive causing distress, humiliation or anguish.[21]

If these three elements and conditions are met, the intrusion may be actionable, and damages would be measured by a conventional sum.

Per Sharpe JA:

Any person in Jones’ position would be profoundly disturbed by the significant intrusion into her highly personal information…and the law of the province would be sadly deficient if we were required to send Jones away without a legal remedy.[22]

This seemed like the most logical and reasonable conclusion to reach and one that considered all the pertinent facts surrounding the changing contexts in which privacy now exists. Breach of territorial integrity and intrusion upon seclusion are no longer the preserve of trespass or confidence and it makes little sense to continue trying to stretch these remedies to accommodate instances of privacy breaches. Rather, like Canada, English courts should begin to acknowledge that an entirely independent set of interests, such as electronic records of personal data and offensive digital images, are in need of protection by a high level tort of privacy, one that establishes a clear duty between citizens to take care not to intrude upon protection of such interests.

Conclusion

The preceding judgment in the case of Jones was reached with little difficulty and without having to radically redefine any precepts of the law on privacy and data protection. In fact, its premise seems quite obvious and reasonable. It is the most logical and practical response to the exponential acceleration of technological implements, which leave individuals vulnerable to new forms of privacy invasions. In modern times, invasions of privacy do not often involve en masse dissemination (as is the case of peer-to-peer sharing) or even any dissemination at all, as in the instance of hacking and unauthorized access to electronic records.

However, it is arguable that given how far we have advanced, the law has failed to keep pace with technological changes that pose a novel threat to privacy rights, ones that have been protected for hundreds of years by the common law under various guises.[23] In this regard, the Canadian court has made the right move in developing a tort for invasion of privacy, independent of third party disclosure. It recognises that people have a right to the integrity of their readily available (electronic) information. It also acknowledges that such information should not be accessed by unauthorised individuals without sanction, such as the case of Jones v Tsige. Given the expansion of access in the electronic age in which we live in, and how readily we store personal information on servers that can be ‘hacked’ or breached by unlicensed people, it is time that English courts also followed suit, and took a step in the right direction to protect individuals from illegitimate invasions of privacy.

Nina Anana reads law at King’s College London and has an interest in human rights, privacy and surveillance, legal theory and comparative legal studies. She currently divides her time between Canada and the UK, and in her spare time, enjoys creative writing, painting and traveling.

  • [1] [2003] UKHL 53, 17

    [2] 2012 ONCA 32 (CanLII)

    [3] 2012 ONCA 32 (CanLII), 69

    [4] [2002] EWHC 137 (QB), 63

    [5] [2001] 2 WLR 992

    [6] Coco v A N Clark (Engineers) Ltd ; [1969] RPC 41

    [7] Markesinis, B, O’Cinneide, C, Fedtke, J, Hunter-Henin, M, (2004), Concerns and Ideas About the Developing English Law of Privacy (and how knowledge of foreign law might help), The American Journal of Comparative Law, Vol. 52, No. 1, Winter, pp. 9

    [8] 2008] EWHC 1777 (QB), p. 9

    [9] von Hannover v. Germany No. 2 (application no. 40660/08), p. 42

    [10] ibid

    [11] [2004] UKHL 22

    [12] [2005] EWCA Civ 595, p. 80

    [13] Warren, S and Brandeis, L, (1980), The Right to Privacy, Harvard Law Review, Vol. 4, No 5, December, pp. 207

    [14] ibid

    [15] 2012 ONCA 32 (CanLII), at 56; also See William Prosser, Law of Torts, 4th ed. (West Publishing Company, 1971) at p. 808-12

    [16] Mulheron, R (2006), A Potential Framework for Privacy? A Reply to Hello!, Modern Law Review, Vol. 69, No. 5, September, pp. 679-713; pg. 699

    [17] ibid, 699

    [18] ibid

    [19] 2012 ONCA 32 (CanLII), at 67

    [20] ibid, 61

    [21] ibid, 69

    [22] ibid, 71

    [23] ibid, 68

Exclusive email insights, members-only careers events, insider tips and more.