Personal Information and the Protection of Privacy 1995

II. LEGAL CONTEXT

Not surprisingly, the legal definition of privacy has evolved through time. In a 1888 textbook, Judge Thomas Cooley used the expression "the right to be let alone" in the context of immunity from the threat of physical harm.(9) This expression was quickly taken up in a 1890 article by two jurists concerned about the invasion of privacy that could be caused by photographic images.(10) In a now-famous article in 1890, Samuel Warren and Louis Brandeis argued for the creation of a general right of privacy that would give an individual a right to prevent the unauthorized use of private matters by the press. The authors foresaw that new technologies, such as the telephone and photography, would bring more violations of the right to be let alone, and they concluded that privacy protection required better legal protection. They also foresaw that private individuals would apply to the courts to prevent the sale and publication of photographs without their authorization.

Their prediction was quickly confirmed in 1902 when a New York Court held that the use of a photograph in an advertisement without the consent of the subject was actionable.(11) New York State then became the first of many jurisdictions to adopt privacy laws prohibiting the unauthorized use of photographic images for commercial purposes.(12)

In 1967, a more modern and more comprehensive definition of the right to privacy was proposed by professor Alan Westin, and it has since received general acceptance and has even been accepted by both the Supreme Court of Canada(13) and the United States Supreme Court.(14) The right to privacy is the "claim of individuals, groups and institutions to determine for themselves when, how and to what extent information about them is communicated to others."(15) In other words, privacy would be the "the right to exercise some measure of control over information about oneself."

In Canada, the right to be let alone is reflected in our laws in two ways. First, at the constitutional level, the Canadian Charter of Rights and Freedoms, while it does not contain an express right of privacy, does guard against unreasonable invasions of privacy. As the Supreme Court of Canada recognized in a 1990 decision, the primary value served by section 8 of the Charter (the right to be secure from unreasonable search or seizure) is privacy.(16) The Supreme Court has thus established a constitutional right to privacy, (17) although exclusively in the criminal law context, with respect to the seizure of bodily fluids (18) and the electronic surveillance of individuals;(19) it seems more reluctant to do so with respect to personal information stored in data banks.(20) Since other decisions by the Court have interpreted section 8 in a more relaxed fashion in relation to administrative law, the level of constitutional protection given to personal information may in fact be limited.(21)

Section 7 of the Charter may also contain a residual right of privacy, but this remains essentially an untested theory,(22) since the Supreme Court seems reluctant to make more than vague pronouncement on the matter. In any case, the Charter is essentially an instrument for checking the powers of governments over the individual, so this constitutional right to privacy would apply only to state action and not to private conduct. (23)

On the other hand, some common law provinces have adopted legislation establishing a tort liability for invasion of privacy. These provinces are British Columbia,(24) Saskatchewan, (25)Manitoba(26) and Newfoundland(27). The provincial Privacy Acts creating a tort have not generated much judicial consideration(28), however, and they have been difficult to enforce.(29)

In Quebec, privacy rights are protected at three different levels. First, section 5 of the Charter of Human Rights and Freedoms(30), an Act of a quasi-constitutional nature, recognizes a broad right of privacy by stating that "every person has a right to respect for his private life," and it further provides for a right to compensation for a prejudice resulting from an interference with that right. The Civil Code(31) then complements the Quebec Charter by defining what constitutes an invasion of privacy and limiting the right of persons to collect, use and disclose personal information on another person. Both statutes are binding on public and private entities, as well as on individuals, and both provide a right of action to persons whose privacy rights have been infringed. (The third level of privacy protection, comprehensive data-protection, is discussed below.)

In the late 1980s and early 1990s, the Uniform Law Conference of Canada began work to adopt a Uniform Protection of Privacy Act that would have recognized a tort of invasion of privacy. The Act was adopted by the Conference in 1994.(32)

The definition of the right of privacy as the right to exercise some measure of control over information about oneself has led most countries of Western Europe(33) to adopt what is now referred to as data protection legislation. With respect to the public sector at least, the United States(34) and Canada have done so as well.

In Canada, the federal Privacy Act (35), enacted in 1982 and replacing Part IV of the Canadian Human Rights Act(36), governs the collection, use, disclosure, retention and disposal of personal information by federal government institutions, which includes all federal departments, most federal agencies and some federal Crown Corporations. The Privacy Act is not the only statute protecting personal information held by the Government of Canada, however. Certain categories of personal information receive fuller protection under such statutes as the Income Tax Act(37) and the Statistics Act (38)

Most provinces now also have data protection legislation similar to the federal Privacy Act to apply to their public sectors: British Columbia,(39) Alberta(40), Saskatchewan(41), Ontario(42), Quebec(43) and Nova Scotia(44).

Quebec is the only province to have adopted comprehensive data protection legislation applicable to the private sector(45). That legislation provides a detailed framework for implementing the Civil Code's provision for the collection, use and disclosure of personal information. The legislation came into force in January 1994, and while it may still be too early to fully assess its results, both expected and unexpected, it is fair to say that it has not created havoc for Quebec businesses.

That is not to suggest that use of personal information by the private sector outside Quebec is completely unregulated. But privacy protection in the Canadian private sector consists of a patchwork of laws, regulations and codes that create different standards applying to few industries.

The Criminal Code (46), for instance, makes it a criminal offence to intercept a private communication. In the telecommunications industry, the Terms of Services of telephonecompanies approved by the CRTC include a provision on the confidentiality of client records. The public outcry that followed the introduction of the caller identification service led the CRTC to force telephone companies to offer free per-call blocking and line-blocking for those with particular need. The Telecommunications Act (47), for its part, now recognizes privacy in the telecommunications industry as a fundamental principle. It applies only to federally regulated carriers, however, and not to telecommunications resellers or to information service providers. In the banking industry, section 459 of the Bank Act (48) allows the government to regulate a bank's use of information obtained from its customers. Draft regulations were prepared for the Standing Senate Committee on Banking, Trade and Commerce in 1993, but they have not been adopted by the government. The Canadian Bankers' Association has, however, adopted a model privacy code, which has led individual banks to set out their own privacy codes. In the insurance sector, the Canadian Life and Health Insurance Association adopted Right to Privacy Guidelines, and the Insurance Bureau of Canada has adopted its own Model Privacy Code. In addition, at the provincial level there is credit-reporting legislation, such as Ontario's Consumer Reporting Act(49).


Next Annual Meeting

2017 Conference

Hotel Saskatchewan

Regina, SK

August 13 - 17, 2017
Creative Commons Licence
This work is licensed under a Creative Commons Attribution 2.5 Canada License
L'usage de cette œuvre est autorisé selon les dispositions de la Licence Creative Commons Attribution 2.5 Canada