II. Privacy in General
As was pointed out in the Introduction to this Paper, "privacy" is a much broader concept than
"data protection". When people speak of their privacy they would normally think of things like
the peace and quiet of their homes, their ability to communicate without third parties listening
in, and protecting the details of their lives from unwanted publicity. Article 17 of the
International Covenant on Civil and Political Rights, which establishes privacy as one of the
internationally recognized human rights, and to which Canada is a party, catches the general
flavour of this:
- No one shall be subjected to arbitrary interference with his privacy, family, home or
correspondence, nor to attack upon his honour and reputation. Every one has the right to the
protection of the law against such interference or attacks.
- In its 1997 report Privacy: Where Do We Draw the Line? the House of Commons Standing
Committee on Human Rights and the Status of Persons with Disabilities offered the following as
its key statement of "fundamental privacy rights" (p.35):
- Everyone is entitled to expect and enjoy:
- physical privacy;
- privacy of personal information;
- freedom from surveillance;
- privacy of personal communications;
- privacy of personal space.
Data protection is evidently only one part of this. It falls primarily into the realm of "privacy of
personal information", but even there, data protection, with its focus on "recorded information"
and "organizations," and its exclusion of personal and household activities, does not cover all of
The purpose of this Part of this Paper, therefore, is to consider whether New Brunswick should
adopt legislative measures to protect `privacy' in the more general sense. Two specific
approaches are identified. One is to expand the existing judicial remedies by establishing a
`tort' of invasion of privacy. A `tort' is a wrongful act for which an aggrieved individual can
seek the normal civil remedies of damages, declarations and injunctions. The other is to
establish non-judicial (or administrative) remedies for infringements of privacy. These two
approaches are the natural extensions of the discussion in Part I of possible "civil remedies" and
"administrative remedies" under data protection legislation. The House of Commons Standing
Committee, though it clearly supported non-judicial remedies for infringements of privacy, paid
little attention to judicial remedies. This is surprising. The Committee's principal
recommendation was that Parliament adopt in the federal sphere a "Charter of Privacy Rights"
that would have a quasi-constitutional status (p.45). As will be seen, however, the key elements
of the Committee's "fundamental privacy rights" (quoted above) are very much the kind of
things that some provinces do, and New Brunswick might, assert by way of a `tort' of invasion of
The path that the next few pages will take is relatively well-trodden. In countries such as
England, Australia and Canada there have been several studies of the similar judicial remedies
that are available for the protection of privacy interests. The shared background of these studies
is that there is no established remedy for an invasion of privacy as such, but that privacy interests
can be protected through a number of other remedies such as actions for trespass or for breach of
confidence. The discussion, therefore, is of the scope of the established remedies, of how much
more could or should be done to ensure that privacy can be adequately protected, of whether the
best way forward, if more should be done, is through legislation or through judge-made law, and
of whether, under either of those two approaches, the sounder legal framework is to develop the
existing remedies or to create a new tort of "invasion of privacy".
That discussion also refers to experience in the USA for contrast. There the courts have
recognized a common law right of privacy for many years. The case-law has been analyzed as
recognizing four main categories of actionable invasion of privacy: (1) intrusion upon the
plaintiff's seclusion or solitude, or into his or her private affairs; (2) public disclosure of
embarrassing facts about the plaintiff; (3) publicity which places the plaintiff in a false light in
the public eye; and (4) appropriation, for the defendant's advantage, of the plaintiff's name or
In Canada, where the position is described at length by Ian Lawson in his book Privacy and Free
Enterprise (1993, Public Interest Advocacy Centre), the discussion has some special features.
One is that five Provinces have in fact legislated to create a specific tort of invasion of privacy.
Four of these -- B.C., Saskatchewan, Manitoba and Newfoundland -- are common law provinces
where the remedy was new. The fifth is Quebec, where the remedy originally evolved through
interpretation of general provisions of civil responsibility in the former Civil Code, but has now
been expressly included in the new one. Quebec's Charter of Human Rights and Freedoms also
contains, as art.5, a provision that "Every person has a right to respect for his private life."
Unlike the Canadian Charter, this provision is directly enforceable between citizens.
Another special feature of the Canadian debate is that in the common law provinces where there
is at present no legislation, the courts have recently become more willing to consider that perhaps
a general tort of invasion of privacy may exist at common law. In a few cases in Ontario
damages have been awarded on this account. A recent decision of the Court of Appeal of Prince
Edward Island commented that "the courts in Canada are not far from recognizing a common law
right of privacy, if they have not already done so" (Carruthers CJPEI, Dyne Holdings Ltd. et al v
Royal Insurance Co. of Canada (1996) 138 Nfld.& PEI R, 318). These developments
complicate the issue of whether it is legislators, specifically, who should take action to establish
invasion of privacy as a tort, or whether the courts should be left to develop, case by case, this
new field of liability. If the case law were clearer that there either is or is not a general tort, it
would be easier to assess the contribution that legislative measures might appropriately make.
So far as the judicial remedies are concerned, the key issue is whether New Brunswick should
enact legislation that makes an invasion of privacy a tort. As with the data protection section of
the Paper, there is a specific legislative model around which the discussion will centre. This is
the Uniform Privacy Act adopted by the Uniform Law Conference of Canada in 1994. The
Uniform Act draws upon and attempts to improve the existing provincial statutes, all of which are
similar in substance, though different in some of their details. There is no obvious reason for this
Paper to attempt to invent something completely different. The Paper will therefore describe the
Act, and present three major policy options in relation to judicial remedies for invasions of
privacy. One is to adopt legislation substantially similar to the Uniform Act. Another is to
decide that there should not be a tort of invasion of privacy at all. The third is to say that if there
is to be a tort of invasion of privacy, it should be left to be developed by the courts rather than
established by legislation.
- Discussion of a statutory tort of invasion of privacy should be based on the Uniform Privacy
Act prepared by the Uniform Law Conference of Canada, set against the background of
existing judicial remedies that may protect privacy interests.
A.1 Existing Remedies
The existing legal remedies for invasion of privacy are found under the Canadian Charter of
Rights and Freedoms, under various federal and provincial Acts and in various existing torts.
None of these contains an established and general remedy for `invasions of privacy' as such. As
was mentioned above, there is currently a theoretical debate as to whether, at common law, a
general tort of `invasion of privacy' exists, but if it does, it is certainly not yet "established." By
contrast, the other remedies that will be referred to are clearly "established," and can be used to
protect some privacy interests, but they are not "general."
a. The Canadian Charter of Rights and Freedoms
Privacy under the Canadian Charter of Rights and Freedoms can be dealt with fairly briefly.
The Charter contains no express right of privacy. The courts, however, including the Supreme
Court of Canada, have held that a right of privacy is implicit in other express provisions of the
Charter, notably s.7 and s.8. They appear to talk quite freely of a "constitutional right of
privacy" despite the absence of any express provision on the subject in the Charter.
S.7 of the Charter says that "Everyone has the right to life, liberty and the security of the person,
and the right not to be deprived thereof except in accordance with the principles of fundamental
justice." The courts have held that privacy can be an element of "liberty" and of "security of the
person." They have held that there is at least a "biographical core of personal information,"
which may tend to reveal "intimate details of lifestyle and personal choice," that is entitled to
protection under this section. Arguably there may be more, but there is at least this much.
S.8 of the Charter, says that "Everyone has the right to be free against unreasonable search and
seizure." The courts have held the test of whether a search or seizure is "unreasonable" is
whether it violates a "reasonable expectation of privacy". "Searches" and "seizures" have been
held to include not only physical searches and seizures in the obvious context of criminal law
enforcement, but also other forms of mandatory information-gathering. Obtaining information
from willing third parties has also been held to be a search or a seizure in some cases -- e.g. R v
Dyment (1988) 89 N.R. 249, where a doctor voluntarily provided the police with a blood sample
from an injured driver which showed that the driver had been impaired at the time of an accident,
and R v Plant  S.C.R. 281, where a power company voluntarily made electricity
consumption records available to the police. (In the latter case, the police "search" by checking
the records was held not to be an "unreasonable" one, since in the view of most of the Supreme
Court justices, though not all, records of electricity consumption did not disclose "intimate
details of lifestyle and personal choice" in which the householder could have a "reasonable
expectation of privacy.")
Charter protection, however, is not absolute. Under s.7, for example, a person can be deprived
of "life, liberty and security of the person" if this is done "in accordance with the principles of
fundamental justice." Under s.8, what it protected is a "reasonable expectation of privacy."
Under s.1, moreover, all Charter rights are subject to "such reasonable limits prescribed by law
as can be demonstrably justified in a free and democratic society." More important than this,
though, in terms of the availability of general remedies for invasions of privacy, is that the
Charter only applies to the actions of governments. It will not normally apply to privacy issues
as between citizens. As a remedy in the private sphere, therefore, any Charter right of privacy is
of limited application.
b. Federal and provincial Acts
Protection of privacy under federal and provincial Acts can be dealt with even more briefly.
Unlike the provisions of the Charter, which, though general, only apply as between the citizen
and the government, federal and provincial Acts are specific. They may provide privacy
protection, but only in relation to a particular subject-matter.
At the federal level, legislation such as the Criminal Code and the Privacy Act obviously come
to mind. The procedural provisions of the Criminal Code regulate the powers of the police in
investigating offences, and substantive offences under the Code cover things such as interception
of private communications (s.184) and `watching and besetting' (s.423). The Privacy Act deals
with data protection in the institutions of the federal government, and the legislation that the
federal government is currently developing for the private sector will apply data protection rules
to those elements of the private sector that fall under federal legislative competence.
General legislation on privacy does not exist at the federal level. Normally speaking, privacy
would be considered to be a subject that falls within provincial legislative competence under s.92
of the Constitution Act 1867 as a matter of "property and civil rights" within the province. Even
if wide-ranging privacy protection legislation were available under one head or another of federal
legislative competence -- perhaps the Criminal Law power -- it might still be legitimate to ask, in
a paper such as this one, whether civil remedies should be available to individuals under
provincial legislation, in addition to whatever protections might be available under the federal
As for privacy protection under provincial Acts, the position is that some specific New
Brunswick Acts deal with subject-matter that is often identified as raising privacy concerns, but
that there is no general legislation dealing with invasions of privacy as such, either through civil
remedies or through the province's power to create so-called `quasi-criminal' offences on matters
within its legislative competence. Existing provincial legislation covering areas that are often of
concern from a privacy point of view includes the Direct Sellers Act, the Collection Agencies
Act and the Private Investigators and Security Services Act.
c. Common Law
In his book Privacy and Free Enterprise, Ian Lawson describes at length a number established
common law remedies that may be available when privacy is invaded, depending in each case on
the nature of the conduct complained of. He also discusses the possibly emerging tort of
invasion of privacy. Among the many established torts that Lawson mentions, the following
appear to be the most important.
(i)Trespass to land. This tort permits an occupier of land to decide who is or is not allowed to
enter the property. This is obviously an important instrument for preserving `spatial privacy'.
Less familiar is the tort of `watching and besetting' a person's house or business in order to
compel the occupier to do something, which extends the protection of tort law to some actions
done off the occupier's property. Extended applications of the tort of nuisance have also
provided protection against some actions done without entry to an occupier's premises.
Examples include Poole & Poole v Ragen and the Toronto Harbour Commissioners 
O.W.N.77, where the plaintiffs won damages and an injunction against the Toronto Harbour
police, who for three months had followed the plaintiffs' boat back and forth through the
harbour, and Motherwell v Motherwell (1976) 73 D.L.R. (3rd) 62, a dispute among family
members in which the plaintiff harrassed the defendants by telephoning them an inordinate
number of times with complaints about another family member.
(ii) Assault and trespass to the person. Under these torts it is wrongful to touch another person
without consent. These torts are the basic protections of `personal privacy', the privacy of one's
(iii) Defamation and breach of confidence. The long-established tort of defamation involves the
publication of false information that harms the reputation of the plaintiff. Breach of confidence,
a tort which is itself in the course of evolving, provides a remedy against the disclosure of
confidential information which one person obtains from another, and in which the person
providing the information has a reasonable expectation of privacy. Both torts obviously apply in
the area of `information privacy'. Another tort that may apply is injurious falsehood, the
making of untrue statements with a view to causing pecuniary damage. As with defamation, the
information must be false, but unlike defamation, it is not necessary that the statements be
harmful to the reputation of the plaintiff.
Traditionally, in countries such as Canada, Australia and the United Kingdom, the question of
whether legislative measures are required for the protection of privacy has depended on an
assessment of the adequacy of torts such as these. More recently in Canada the question has
been complicated by the emergence of a small number of cases suggesting that invasion of
privacy may be in the course of becoming established as a tort by virtue of judicial decisions,
without the need for legislative intervention. Cases include Saccone v Orr (1981) 34 OR (2d)
317, where the defendant secretly recorded a telephone conversation with the plaintiff and
subsequently played it at a town council meeting, and Roth v Roth (1991) 4 OR (3d) 740, where a
dispute between neighbours over the use of an access road led to a general campaign of
harrassment that was held to include an infringement of the plaintiffs' privacy.
On the question of whether the established tort remedies are sufficient there are two schools of
thought. One says that they are. The argument here accepts that there is no specific right of
action for invasion of privacy, but points out that there is no express remedy for other important
human rights such as "liberty" or "security of the person" either. Rights such as these, it is said,
are abstract, and like the right to privacy, they are generally enforced through a variety of specific
remedies, with different remedies -- an action for false imprisonment, an application for habeas
corpus, and so on -- being available in different situations.
The existing remedies, on this argument, are substantially adequate to the task of protecting
privacy, and if specific inadequacies in them can be demonstrated, the better approach is to revise
the existing remedy rather than to invent a completely new one. Experience in America is
referred to as suggesting that an apparently broad `right of privacy' will in fact resolve itself into
a small number of claims which are similar in nature to existing torts. Concern is expressed that
a tort of invasion of privacy would be an unknown quantity, and might interfere with other
important values such as freedom of expression and the freedom of the press.
The other side of the argument is that privacy is a clear enough concept that it can be
satisfactorily defined, and that it is an important enough value that it should be protected
expressly. On this view the existing tort remedies would be considered inadequate to the task,
because each has its own conceptual framework, and each will fall short in particular situations.
A classic example might be a case such as the English case of Kaye v Robertson (Appendix I to
the Report of the Committee on Privacy and Related Matters -- the "Calcutt Committee" -- 1990,
HMSO). Here newspaper reporters entered a hospital room where a celebrity was recovering
from brain surgery after a serious accident. The reporters ignored notices to keep out. They
interviewed the patient and took photographs. They said that the patient did not object, though in
the view of the Court of Appeal, it was and should have been obvious to the reporters that the
patient was in no condition to consent. The reporters then proposed to publish the photographs
and an article based on the interview. In the absence of a cause of action for invasion of privacy,
the patient tried to prevent publication on grounds of libel, malicious falsehood, trespass to the
person and passing off. All he succeeded in getting, however, was an injunction to the effect that
the newspaper could not publish anything implying that he had consented to the interview.
Bingham L.J. commented:
The Defendants' conduct towards the Plaintiff here was a "monstrous invasion of his privacy" (to
adopt the language of Griffiths J in Bernstein v Skyviews Ltd.  QB 479 at 489G). If ever a
person has a right to be let alone by strangers with no public interest to pursue, it must surely be
when he lies in hospital recovering from brain surgery and in no more than partial command of
his faculties. It is this invasion of his privacy which underlies the Plaintiff's complaint. Yet it
alone, however gross, does not entitle him to relief in English law.
Both sides of the argument about a tort of invasion of privacy are credible. Both also depend to a
large extent on their proponents' differing views as to the ability of legislators or the courts to
find a definition of `invasion of privacy' that is both clear and manifestly useful. Those who
would prefer to work with the established torts fear that establishing a broad concept of invasion
of privacy would raise more questions than it answered. Among these was the Calcutt
Committee, which, despite cases such as Kaye v Robertson, felt that other measures, including
the establishment of some focused criminal and civil remedies, was preferable to creating a wide-ranging tort of invasion of privacy. On the other hand, those who prefer an express remedy for
invasion of privacy consider that a workable definition can be established, and that without it the
law will never be able to focus directly on the real problem.
A.2. A Tort of Invasion of Privacy?
To provide the material on which this discussion can reach a conclusion, this Paper will take
much the same approach as it took in relation to data protection and the CSA Code. On the basis
of the Uniform Privacy Act it will state a number of propositions about how legislation
establishing a tort of invasion of privacy might be expressed. There can then be public debate
about whether legislation in these or similar terms would be desirable. The Uniform Act is
presented in its entirety in Appendix C. A slightly revised approach derived from the
propositions in this Part of this Paper is presented in summary form in Appendix D.
a. "Invasion of privacy"
The key elements of the Uniform Act are (a) a broad statement that "Violation of the privacy of
an individual by a person is a tort that is actionable without proof of damage" (s.2); (b) a list of
specific activities that will "in the absence of evidence to the contrary" be considered to be a
violation of privacy (s.3); and (c) a list of defences (s.4). This general framework is common to
the other Canadian legislation as well -- though the statutes vary on the question of whether it is
only individuals (as opposed to corporations, for example) who can sue for an invasion of
The activities that the Uniform Act identifies as presumed invasions of privacy are (in
abbreviated form) (a) auditory or visual surveillance of the individual, (b) listening to or
recording another person's conversations, (c) publication of letters, diaries or other personal
documents, and (d) wrongful dissemination of information concerning an individual. This list is
not exhaustive; other unlisted acts may also be found to amount to an invasion of privacy.
The defences (similarly abbreviated) are (a) that the plaintiff consented to the activity, (b) that
the defendant acted in lawful defence of person or property, (c) that the activity was authorized
or required by law, (d) that the defendant was lawfully investigating an offence, (e) that the
defendant's action was reasonable, having regard to any relationship, domestic or otherwise,
between the parties, (f) that the defendant neither knew nor reasonably should have known that
his or her act would violate the privacy of any individual, and (g) that the act complained of was
a reasonable publication in the public interest.
One thing that this approach does not contain is a general description or definition of what an
invasion of privacy is. The defences identify things that are not an invasion of privacy, and the
examples identify some specific activities that are likely to be an invasion of privacy, but beyond
that the key statement in the legislation is simply the open-ended statement that a "violation of
the privacy of an individual . . . is a tort."
Is this acceptable, or should legislation try to be more explicit? The calculation of the Uniform
Act, and others like it, is presumably that if legislation tries to explain what an "invasion of
privacy" is, it will restrict the ability of the courts to develop this new tort in the context of the
specific cases that come before them. The argument on the other side is that without at least
some sort of definition, the new tort is unacceptably vague.
In principle, one would think, a general description of what an "invasion of privacy" is would be
a useful feature of legislation. The following Proposition therefore suggests one. If the
definition is satisfactory, it could be part of an enactment. If it is not, approaches more like that
of the Uniform Act might be more acceptable.
This definition, one should note, would not have to be complete in the sense of, say, the
`fundamental privacy rights' described by the House of Commons Standing Committee on
Human Rights and the Status of Disabled Persons. The definition would be intended as a
description of an actionable wrong rather than of a human right, and would proceed on the basis
that other torts will continue to exist, so that invasions of privacy by trespass, assault, libel,
breach of confidence, and so forth, would continue to be dealt with by other means. The purpose
of the definition would be to describe the essence of the new tort that the legislation was to add
to the existing catalogue.
- An invasion of privacy might be defined as follows:
An act is an invasion of privacy
(a) if it unduly intrudes into the personal affairs of an individual, or into his or her
activities, whether in a public or a private place, or
(b) if it gives undue publicity to personal information concerning an individual.
If a definition along these lines would be too limiting, is an approach like that of the Uniform Act
acceptable, or is it too uncertain? It should be noted here that some of the existing provincial
Acts spell out in more detail the `unreasonableness' criterion that the Uniform Act mentions
briefly as a defence under s.4(1)(e). British Columbia's Act, for example, says:
- 1(2) The nature and degree of privacy to which a person is entitled in a situation or in relation
to a matter is that which is reasonable in the circumstances, giving due regard to the lawful
interests of others.
1(3) In determining whether the act or conduct of a person is a violation of another's privacy,
regard must be given to the nature, incidence and occasion of the act or conduct and to any
domestic or other relationship between the parties.
Other existing legislation in the common law provinces (but not Quebec) is also more cautious
than the Uniform Act in describing the kind of conduct that will amount to an invasion of
privacy. In B.C., Saskatchewan and Newfoundland it is only where a person "wilfully and
without a claim of right" violates the privacy of another that he or she commits a tort. In
Saskatchewan the expression is "substantially, unreasonably and without claim of right".
Whether qualifiers of this sort would be necessary in legislation establishing a tort of invasion of
privacy would depend to a considerable extent on whether the legislation contained a general
definition of an invasion of privacy along the lines of Proposition #35. Generally speaking, one
would have thought that a `reasonableness' test would be an appropriate element of the
legislation. Establishing a `wilfulness' threshold, however, might well seem excessive.
- If a definition along the lines of Proposition #35 would be too limiting, invasion of privacy
legislation should at least contain an `unreasonableness' threshold before conduct would be
considered to amount to an invasion of privacy.
One of the specific examples of invasion of privacy in s.3 of the Uniform Act is this:
(d) dissemination of information concerning the individual that has been gathered for
commercial or governmental purposes if
(i) the dissemination is contrary to a statute or regulation, or
(ii) the information was provided by the individual in confidence, and the dissemination is
made for a purpose other than the purpose for which the information was provided.
The general defences in the Act would apply, of course, including `consent' and `reasonableness'
There is an obvious link here to data protection issues. S.3(d) can be seen as a demonstration of
how a tort statute might attempt to get to the essence of data protection legislation in a few short
words that might perhaps make more extensive legislation unnecessary. S.3(d) does not have a
counterpart in the Privacy Acts of B.C., Alberta, Saskatchewan or Newfoundland. In Quebec,
however, basic data protection principles are found in arts.37 to 41 of the Civil Code; the more
extensive public sector and private sector data protection statutes are an extension of the Civil
One would obviously have to think carefully about a provision like s.3(d) before deciding that it
should be included in an invasion of privacy statute. If New Brunswick adopts data protection
legislation along the lines described in Part I of this Paper, the data protection Act would
presumably be the place where the legislative policy on civil remedies was set out -- whether,
ultimately, that policy included them or deliberately excluded them. If, however, data protection
legislation is not eventually adopted, s.3(d) might deserve further study. It appears to be
narrower in scope than a data protection Act, which might make it more acceptable. On the other
hand, if the present consultation indicates that private sector data protection legislation is not
desirable, the reasons may be such that s.3(d) would be equally undesirable.
- A decision on whether `wrongful dissemination of information about an individual' might
amount to a tort of invasion of privacy should await the outcome of the consultation on private
sector data protection legislation.
Next comes the question of whether the specific defences in s.4 of the Uniform Act are
appropriate and need to be stated. Here again there is substantial consistency between the
provincial Acts. It is common ground that there should be a defence against actions for invasion
of privacy if the defendant acted with consent, or in lawful defence of person or property, or was
authorized by law, or acted for law enforcement purposes, or published information in the public
interest. Two features of the Uniform Act that are less standard, though, are s.4(1)(d) -- that the
conduct is "reasonable, having regard to any relationship, domestic or otherwise, between the
parties" -- and s.4(1)(e) -- that the defendant "neither knew nor reasonably should have known
that the act, conduct or publication would violate the privacy of an individual." Both of these
seem acceptable in substance, though exactly where they belong in legislation would depend on
whether a general definition of `invasion of privacy' or a `reasonableness threshold' were a part
of the legislation.
One other small point is that the Uniform Act deliberately omitted one specific defence that
appears in the Saskatchewan Act alone. This is that the act complained of "was that of a person
engaged in news gathering . . . for any newspaper . . . or . . . broadcaster . . . and such act was
reasonable in the circumstances and was necessary for or incidental to ordinary news gathering
activities." The report prepared for the Uniform Law Conference argued that a special provision
for news-gatherers was not appropriate: that if such a provision gave news-gatherers any real
protection it was, in effect, giving them a special privilege that allows them to violate the privacy
- In substance, the defences listed in s.4 of the Uniform Act are appropriate.
S.5 of the Uniform Act deals with remedies. It spells out that a court can award damages and
grant injunctions, can order the defendant to account for any profits arising out of the invasion of
privacy or to return any items obtained from it, and can grant any other relief to the plaintiff that
the court considers necessary in the circumstances.
These remedies are substantially common to the Saskatchewan, Manitoba and Newfoundland
Privacy Acts. By contrast, B.C's Act and the privacy provisions of Quebec's Civil Code say
nothing about remedies, relying on the general law on the subject. Which approach is preferable
is largely a matter of technical judgment, based on one's best assessment of what the courts will
do either with or without statutory guidance on the subject. In substance, however, s.5 seems to
contain a reasonable statement of what the available remedies should be.
- The remedies described in s.5 of the Uniform Act should be available for an invasion of
privacy, though they may not need to be expressly stated in legislation.
S. 6 of the Uniform Act goes on to mention a variety of things that a court can consider in
assessing damages for an invasion of privacy. These include things like "the nature of the act . . .
and the context in which it occurs" and "the conduct of the plaintiff and of the defendant before
and after the act . . . including any apology or offer of amends made by the defendant." The
section also makes clear that the court may award punitive damages in appropriate cases.
Though the section does not seem objectionable, this is probably one of those cases in which the
less the legislation says, the better. The main effect of s.6 is to make it clear that the conduct of
the defendant can be relevant to the calculation of damages for an invasion of privacy, but it is
doubtful that this really needs to be said -- or more importantly, perhaps, it is doubtful that it
should be highlighted as compared to other factors that might be equally important. The courts
in Quebec have several years' experience of developing damage awards for invasions of privacy,
and in the few recent cases from Ontario, figures have been developed in which the harm done
was not measured simply in terms of financial loss. The actual level at which damage awards
would be set would probably take some time to become settled, whether under a provision like
s.6 or without such a provision, but even without such a provision the courts could be relied on
to develop appropriate measures.
- The rules on calculation of damages for a tort of invasion of privacy could satisfactorily be
left to be developed by the courts.
d. Technical matters
The Uniform Act closes with some provisions on technical legal matters -- the relation of this tort
to other torts, and whether the Act binds the Crown. Other existing provincial Acts deal with
things like limitation periods, precedence as between this Act and other Acts, the inadmissiblity
in civil proceedings of evidence obtained in violation of the Act and the question of whether it is
possible to `invade the privacy' of a person who is deceased.
Technical issues of this sort do not need to be discussed in any detail here. The best approach to
dealing with them seems to be to adopt the general policy that the tort of invasion of privacy, if
established by legislation, should be a tort like any other. From this general principle answers to
most of these technical issues would follow. The one item that has more substance, though, is
the question of whether one can `invade the privacy' of a person who is deceased. The most
natural answer seems to be "no," especially following the idea set out in relation to s.2 of the Act
that only individuals can sue for an invasion of privacy. B.C., Saskatchewan and Newfoundland
appear to take this one step further, and say that if an invasion of privacy occurs before a person
dies, the right of action is extinguished by his or her death. Whether this is the right approach
would require further consideration.
- Technical questions on matters such as limitation periods, binding the Crown, precedence of
Acts and admissibility of evidence should be decided on the basis that the tort of invasion of
privacy, if established by statute, would be established as a tort like any other. There should
be no right of action for an invasion of the privacy of a person who is deceased.
A.3 To Legislate or Not?
With the assistance of the discussion of the Uniform Act one can now return to the main question
that this Section considers. Should there be legislation to establish a tort of invasion of privacy
or not? Two possible legislative models are presented in the appendices. Appendix C is the
Uniform Act. Appendix D states in summary form a slightly different approach based on the
propositions in this paper. The two would be similar in effect. The main differences are (1) that
Appendix D includes a generic definition of `invasion of privacy', while Appendix C does not,
and (2) that Appendix D excludes the material on remedies that Appendix C contains. In their
outlines, however, the two are comparable. A decision to enact invasion of privacy legislation
requires a decision that legislation substantially along these lines is desirable.
As was stated earlier, there are three main conclusions that the present consultation could reach.
One is that legislation substantially similar to the Uniform Act should be adopted. Another is to
decide that there should not be a tort of invasion of privacy at all. The third is to say that if there
is to be a tort of invasion of privacy, it should be left to be developed by the courts rather than
established by legislation. The arguments for these last two positions have not been mentioned
for some time. They therefore deserve a brief review before the discussion closes.
"There should not be a tort of invasion of privacy."
The general argument against a tort of invasion of privacy is, in short, that the tort is
unnecessary, undefinable, inappropriate and misconceived. It is unnecessary because other
established tort remedies are substantially adequate to protect privacy interests. It is undefinable
because privacy is too subjective a concept to support a workable legal definition. It is
inappropriate because it presents too great a threat to desirable activities (e.g. legitimate
reporting) to counter too small a problem. It is misconceived because it ignores the necessary
give and take of everyday life, assuming too readily that any insult to one's dignity must
necessarily give rise to a legal remedy.
These are issues on which the legislative models discussed in this Paper can cast some light.
One can start with the question of definability: discussion of the legislative models will
determine whether the tort is satisfactorily described. One can then move to the question of
appropriateness: does legislation along these lines actually pose a threat to desirable activities, or
does it not? Whether the tort is misconceived also depends heavily on the way in which the
legislation is expressed: does it accurately capture those kinds of insults to dignity that should be
the subject of a legal remedy, or does it go too far. Whether the tort is necessary, however,
cannot be assessed by considering the terms of the tort alone. There are certainly some gaps in
the established tort remedies that a tort of invasion of privacy might fill. For the opponents of
the tort, however, those gaps are small and tolerable.
One should probably add that if the present consultation leads to the conclusion that there should
not be a tort of invasion of privacy, it would presumably be appropriate to look again at the
common law on the subject, and to consider whether its further development in New Brunswick
should be nipped in the bud. That, however, is a decision for another day.
"If there is to be a tort of invasion of privacy, it should be developed by the courts, not by
The argument here is primarily one of method, but issues of substance are also involved.
When torts are developed by the courts, the process evolves step by step, one case at a time. As
more cases are decided, similarities and connecting principles emerge. Sometimes new
principles evolve as courts look at old decisions in a new light. The advantage of this is that the
law develops gradually, and each decision comes with a particular set of facts that illustrate what,
in practical terms, the tort really amounts to. The disadvantage is that development by this
method can be slow and unpredictable. It depends on the facts that litigants present to the courts
and on the decisions that judges reach on those facts.
In Canada there appears to be enough case-law now that the courts in New Brunswick could
develop a tort of invasion of privacy if suitable cases were presented to them. On the other hand,
it is also possible that they might decide not to. They might, for example, accept the argument
that a general tort of `invasion of privacy' is just too vague to be acceptable. They might decide
that other existing torts provided more appropriate legal frameworks for deciding the disputes
that were litigated. Each case would contain a reasoned explanation of why the court decided as
it did. If a tort of invasion of privacy failed to become established through the case-law, it would
presumably be because experience suggested that the potential tort contained inherent difficulties
that were too great to be resolved.
A decision that a tort of invasion of privacy should be developed by the courts (if at all) reflects a
preference for a gradual approach to the development of the law in this area, a preparedness to
`wait and see', and to accept that perhaps the results of the process may be different from what,
at the outset, one might think to be desirable. This would apply not only to the question of
whether the tort should be recognized at all, but also to its details if it were. On matters such as
whether a corporation could have `privacy' that could be `invaded', for example, a court might
reach a different conclusion from the one suggested in this Paper.
If there is substantial ambivalence about whether a tort of invasion of privacy should exist, and if
so, how it might be described, taking a `wait and see' approach might be sensible. As things
stand, it seems more likely than not that a tort of invasion of privacy will become established
through case law -- some would argue that the tort is already established, though not yet
developed -- but one cannot predict the future. The only way of making it certain, now, that the
tort exists is to enact legislation. The risk, though, is that if legislation is poorly expressed, it
may restrict developments that would otherwise occur more satisfactorily through the case-law.
This is a criticism that has been made of, for example, the expression "wilfully and without claim
of right" that determines which "violations of privacy" are actionable under some of the existing
Canadian Privacy Acts.
- Key issues for public discussion are
(a) whether an invasion of privacy should be a tort at all,
(b) whether legislation based on the Uniform Act would adequately describe an `invasion
of privacy' and pose no threat to desirable activities,
(c) whether caution dictates that the development of the tort should be left to the courts
rather than undertaken by legislation.
The question in this Section is whether non-judicial remedies -- remedies available from an
administrative agency or official rather than from the courts -- should be established for
infringements of privacy. The word "privacy" is still being used here in the broad sense adopted
by the House of Commons Standing Committee on Human Rights and the Status of Persons with
Disabilities, as a broad human right encompassing physical privacy, privacy of personal
information, freedom from surveillance, privacy of personal communications and privacy of
personal space. The word "infringement" is used to create a distinction with the discussion of
"invasion" of privacy in the previous Section. An "invasion" of privacy was presented there as
being conduct that was sufficiently unacceptable to entitle the aggrieved party to the legal
remedies of damages, declarations and injunctions. An "infringement" of privacy, by contrast,
might be a broader term. Any action that is insufficiently respectful of the privacy of another
could perhaps be considered an "infringement" of his or her privacy. But not all "infringements"
of privacy would necessarily amount to an "invasion" of privacy, a tort.
The use of this terminology makes it possible to differentiate two separate reasons why one
might consider establishing non-judicial remedies for infringements of privacy. One is that even
in cases where a legal remedy might be available, a non-judicial remedy might be more desirable
-- for reasons of cost, convenience, or whatever. The other is that in some cases the conduct
complained of might not constitute a tort, but it might still be thought that it was less than
satisfactory, and that there should be some official means of making that point (whether or not
with a sanction attached) and of attempting to set standards for the future.
The other reason, of course, for considering non-judicial remedies for infringements of privacy in
this Paper is that the same issue has already been examined in the narrower context of data
protection. It would be wrong to assume, without further discussion, that data protection was the
only context in which non-judicial remedies might be appropriate. Indeed, some people may
argue that the case for non-judicial remedies is stronger at the general level than in relation to
data protection in particular. They might also suggest that non-judicial remedies for data
protection could easily be included within a broader privacy mandate.
The discussion in this Section will be similar in part to the discussion in Part I. Comparable
questions arise as to what an administrative agency might do and what its powers might be. In
part, however, the issues here are different. When administrative remedies were considered
earlier, it was on the basis that there was a fixed set of rules to be enforced -- the fair information
practices of the CSA Code -- and the question was whether the courts, or an administrative body,
or both, should do the job. In relation to infringements of privacy, however, there is no fixed set
of rules at the centre of the discussion.
B.1 "Infringements of Privacy"
An obvious question to ask here is what the "infringements of privacy" are that a non-judicial
remedy might deal with. Infringements of privacy come in different shapes and sizes, and in
different forms at different times. A traditional source of complaint has been the allegedly
intrusive activities of reporters and photographers. More recently there have been concerns
about a number of workplace-related matters. Employers have required employees to be tested
for drug use, for example, or to take lie-detector tests. There have been questions about whether
employers should or should not have access to employees' e-mails, which may be personal, and
about what kinds of performance monitoring are acceptable. The increasing use of surveillance
devices, whether overt or covert, and in both public and private places is another source of
expressed concern about what some people feel to be a progressive loss of privacy in modern
There are also, of course, things that some people consider to be significant privacy issues but
others do not. Caller identification on telephone recievers might be an example. Some people
object to the fact that their name or the number they are calling from may be automatically
displayed to the receiver of the call. Others would feel differently. Another example might be
telephone solicitations. Some people may feel these are an infringement of their privacy. Others
may find them inoffensive -- though perhaps there might be a point at which the solicitations
became so frequent that they would change their minds.
Behind these specific examples is the more general proposition that privacy itself is always a
matter of concern, and that though one may never be able to predict exactly what kinds of
conduct may be current as privacy issues at any particular point in time, there will always be
something. A non-judicial remedy for infringements of privacy, therefore, would be
permanently available to deal with whatever the issues of the day might be.
- There are many actual and potential privacy issues that would fall outside the scope of either
a judicial remedy for invasion of privacy or a non-judicial remedy under data protection
B.2 Beyond a Social Sanction?
It is entirely possible to agree with everything that has been said so far in this Section, but still
not not reach the conclusion that a non-judicial remedy for infringements of privacy should be
established. One can accept that there are now, always have been, and always will be issues of
concern in relation to privacy without necessarily believing that we need either laws or
bureaucracies to deal with them. The true sanction for an infringement of privacy, on this view,
is the social sanction -- questionable practices will be abandoned if enough people find them
objectionable -- and the true yardstick of an infringement of privacy is the vigour, or lack of it, of
the social response -- unless enough people object, the action in question is not an infringement
of privacy at all, when assessed by the acid test of actual social standards.
The very breadth of the notion of an `infringement of privacy' might be viewed by some as a
reason for caution. So many of the things that we say or do in relation to other people could
potentially be viewed by them (though presumably not by us) as infringements of their privacy.
Establishing a non-judicial remedy might be seen as opening the doors to large volumes of
complaints, many of them about things that people should simply have to deal with as best they
can as part of the give and take of living in society.
In a 1973 Report on the Law of Privacy, prepared for the Parliament of New South Wales,
Australia, W.L. Morrison captures some of the ambivalence that surrounds the issue:
- The continuing dilemma of bodies called upon to make recommendations on this subject and of
legislatures called upon to resolve on bills brought before them has been that generally such
proposals as have been put before them have provided for an extraordinary degree of discretion
in the bodies who would be entrusted with the implementation or application of the legislation.
Since these bodies are always inevitably themselves governmental bodies such legislation always
itself raises the prospect of a new arbitrary governmental interference with the freedom of the
individual to offset the advantages offered in the direction of the protection of privacy.
. . . The wide discretions reposed in those called on to implement proposed legislation are a
result of the inability of those framing it to delineate with any precision the problems which will
arise in the future over so wide a range and what precisely is to be done about them. Hence the
buck is passed to the subordinate body provided for in the legislation (p.15).
Morrison's report did, however, recommend the establishment of a non-judicial remedy for
infringements of privacy, in the form of a non-intrusive Ombudsman-type agency, with powers
to advise, inform, investigate and conciliate, but with no compulsory powers. The
recommendation led to the creation of the New South Wales Privacy Committee, more
information about which will be given below.
The key issue, though, is whether privacy, in the broad sense, has now gone beyond the stage at
which it can safely be left as a matter of social relations, which people should sort out among
themselves, and has reached the point at which some form of official agency has to be drawn in
to influence the practices either of individuals or organizations or of society at large. If society in
general, or particular groups in society, need guidance on appropriate standards of respect for
privacy, or if individuals need help in resolving privacy-related disagreements, non-judicial
remedies might well be appropriate. If, on the other hand, infringements of privacy are a matter
best left predominantly in the social sphere, creating non-judicial remedies would be
- The key issue for public discussion is whether infringements of privacy should be left as issues
within the social sphere, or whether the involvement of an administrative agency would be
beneficial in ensuring proper respect for individual privacy.
B.3. Possible Models
There are many ways in which a non-judicial privacy agency could be constituted. In Australia,
the New South Wales Privacy Committee offers one example. The Committee's website
- The Privacy Committee is a New South Wales statutory body created in 1975 under the Privacy
Committee Act to investigate and report on privacy issues affecting the people of New South
Wales. The Committee performs an Ombudsman type role and does not enforce specific privacy
The Privacy Committee promotes and protects the right to privacy by
Advising individuals, government agencies and business organisations on what action they can
take to protect the right to privacy
Researching significant developments in policy, law and technology which have an impact on
privacy, and making reports and recommendations to relevant authorities
Investigating and where possible conciliating complaints about breaches of privacy and
Answering inquiries and educating the community about privacy issues.
In Quebec the legal structure is very different, but the practical results are perhaps somewhat
similar -- at least until one considers data protection. In Quebec the Human Rights Commission
has a responsibility to promote the Quebec Charter of Human Rights and Freedoms. This
Charter includes the provision in art.5 that "Every person has a right to respect for his private
life." The Commission's promotion of art.5 (along with other provisions of the Charter)
includes public education activities and analyzing and commenting upon laws and policies. The
Commission also issues opinions on matters that come to its attention, forwarding its advice to
appropriate parties, and it has the power to intervene in litigation between third parties that
involves the interpretation of the Charter. However, it has no formal investigatory powers in
relation to infringements of privacy as such. On an informal basis it can attempt to assist and
conciliate in matters that are brought to its attention, but its formal complaints procedures only
apply in cases of discrimination. Privacy issues can sometimes be implicated in complaints of
discrimination -- for example, complaints about medical screening for inherited disease might
have both privacy and discrimination aspects -- but when the privacy issues stand alone, the
Commission has no formal investigatory powers.
This can be contrasted with Quebec's (separate) Access to Information Commission. This
Commission only has data protection functions, but it has a wide-ranging power to recommend
or order remedial measures, and any order it gives is enforceable as though it were an order of a
If non-judicial remedies for invasions of privacy were felt to be desirable in New Brunswick, the
alternatives would be either to create a new remedy or to expand the functions of an existing
agency. Among existing agencies, the New Brunswick Human Rights Commission seems the
most likely candidate, given the established status of privacy among the internationally
recognized human rights. This, though, would involve a substantial change of mandate for the
Commission. The Commission currently only deals with complaints of "discrimination" on
various enumerated grounds and in specified settings. Nonetheless, if any existing agency is to
be chosen, its existing role as a human rights agency seems naturally to attract the human right of
If a privacy mandate were conferred on the Commission, this would also be likely to attract the
Commission's existing implementation powers. These include the power to educate and inform,
as well as the power to investigate and mediate complaints. If mediation is unsuccesful, the
Commission also has the power to ask the responsible Minister to call a formal inquiry, out of
which binding orders may be issued. Prosecutions can also be brought, with the approval of the
Minister. However, if it were decided that these powers were not as suitable for infringements of
privacy as they are for the existing mandate in relation to discrimination, appropriate legislative
amendments could be made.
If, by contrast, a new remedy were created, all options would be on the table. A specific privacy
agency with mandatory powers might be one option. An Ombudsman-type agency like the New
South Wales Privacy Committee might be another. A further possibility might be not to create a
standing agency, but to create, instead, a mechanism under which somebody could be appointed
to deal with specific complaints of infringement of privacy as they were received.
The alternatives here are comparable to the ones that were discussed in Part I in relation to
administrative remedies for data protection legislation. Comparable also is the importance of
determining whether resolving complaints should be the full extent of the mandate and what part,
if any, compulsory powers should play in the scheme. Some people might question the value of
a something like the New South Wales Privacy Committee on the ground that, when the going
gets tough, it has no real powers. On the other hand, W.L. Morrison's explanation of the
difficulty of assigning compulsory powers to an agency with a wide and indistinct privacy
mandate has some force.
The provisions of New Brunswick's Human Rights Act provide an interesting half-way house
here. The Commission's basic responsibity is that it "shall inquire into any complaint made
pursuant to section 17 and shall endeavour to effect a settlement of the matter complained of"
(s.18(1)). The Commission has no independent power to enter premises, inspect records or
compel the production of evidence, but a judge of the Provincial Court can authorize the
Commission to designate a person to exercise those powers for the purpose of effecting a
settlement (ss.18, 19 and 19.1). The Commission cannot itself hold hearings or issue orders.
Instead it applies to the responsible Minister for a decision that an inquiry should be held (s.20).
It is the board of inquiry, not the Commission, that will issue any orders, and the board's order
can be filed with the Court of Queen's Bench and enforced as though it were an order of the
Some people may feel that this approach provides a nice balance between a substantially
conciliatory role and the possibility that compulsory measures may sometimes be needed. (They
might also suggest that a similar pattern could be appropriate for a pure data protection agency if,
ultimately, administrative remedies were only extended that far.) On the other hand, it might be
argued that there is no middle ground between between having compulsory powers and not
having them, and that if provisions such as those in the Human Rights Act appear to soften the
element of compulsion, the appearance is deceptive.
- Models exist on which non-judicial remedies for infringements of privacy could be based. Key
issues for public discussion, here as they were in relation to data protection remedies, are
(a) whether non-judicial remedies should include compulsory powers;
(b) whether dealing with complaints should be the full extent of the role.
The various legislative possibilites described in this Paper are, at one and the same time, both
independent and potentially interdependent. Each can be considered in its own right, and all of
them, any of them, or any combination of them, could be enacted. Alternatively, none of the
measures described in this Paper might be adopted, and it still might be argued that privacy
enjoys as much legal protection in New Brunswick as it needs. The various alternatives will be
explained briefly, starting with the last.
Adopting no new legislative measures for privacy protection would mean that private sector data
protection legislation was not needed, that the existing common law protections for privacy
interests (including the probably-evolving tort of invasion of privacy) were adequate, and that
non-judicial remedies for infringements of privacy in the broad sense were not required. The
first element would presumably reflect the idea that self-regulation and social forces will be
sufficient in the data protection field, or at least that they will be as effective as legislation is
likely to be. The second element would presumably be based both on the coverage provided by
the existing torts and on concerns about the possible open-endedness of any new tort of invasion
of privacy. The third element would presumably accept the argument that infringements of
privacy should remain largely in the social sphere, and that a privacy agency with a wide-ranging
mandate might be a `cure' that was worse than the `disease'.
Alternatively, any one of the legislative options discussed in this Paper might be selected in
preference to the others. Enacting data protection legislation alone would reflect the idea that
this was the only one of the issues discussed that had now gone beyond the stage where social
forces were an adequate protection. Enacting tort legislation alone might be presented as
creating the one real protection that should have legal recognition; it could be said that this went
to the heart of both the data protection and infringement of privacy issues, establishing the one
point at which it was appropriate that the law, specifically, should become involved. Finally,
creating a wide-ranging non-judicial remedy for infringements of privacy could be seen as a
complete answer in itself; since the agency could cover all privacy issues, there would be no
logical need for anything more.
Combining any two of the options can also be justified, as can combining all three. All three are
in fact combined in Quebec's current legislation, where there is an Access to Information
Commission that deals with data protection in both the public and the private sector, a tort under
the Civil Code for invasions of privacy in general, as well as specific torts based on the key
elements of data protection principles, and a Human Rights Commission with a mandate in
relation to privacy under the Quebec Charter of Human Rights and Freedoms.
Which path should New Brunswick choose? That question is now open for discussion.