PROTECTING CONSUMER PRIVACY: Corporate Intrusions Increasingly Being Taken Seriously
/
On 29 October 2013, the Federal Court of Canada released its decision in Chitrakar v Bell TV. In a victory for privacy rights under PIPEDA legislation the court decided against Bell TV and awarded damages of $21,000 after the company obtained a customer’s credit bureau report without his knowledge or consent.
The award marks a significant advance for consumer privacy rights by taking the violation of those rights more seriously and awarding exemplary damages – the first time this has been done under PIPEDA and a clear signal from the court that organizations are expected to conform to the spirit as well as the letter of their privacy responsibilities.
The case revolves around the following sequence of events: Bell ran a credit bureau report on new customer Mr. Rabi Chitrakar, 1 December 2010, when he ordered satellite television service. When the equipment was delivered on 31 December 2010, Mr. Chitrakar signed what he understood to be a Proof of Delivery form. Bell later inserted his signature on their standard TB Rental Agreement which includes a clause consenting to Bell doing a credit check. After Mr. Chitrakar discovered that a credit check had been done, he filed a complaint with Bell in March 2011 and continued to seek an explanation from Bell, who gave him what the court characterizes as “the royal runaround”. In finding for Mr. Chitrakar the Federal Court assessed the award at $10,000, with another $10,000 in exemplary damages due to Bell’s conduct and $1,000 for costs.
PIPEDA, the Personal Information Privacy and Electronic
Documents Act, allows a complainant to proceed to the Federal Court of
Canada after the Privacy Commissioner’s investigation and report. When this is done, the court has the power to
order an organization to correct practices that do not comply with the law, and
to publish notices of the changes it expects to make. It can also award compensation
for damages suffered. This award was significantly
higher than previous awards under PIPEDA.
The first award of damages under s. 16 of PIPEDA took place in 2010, in Nammo, a case dealing with erroneous information provided on a credit check. Despite describing the provision of false credit information as “intrusive, embarrassing and humiliating as a brief and respectful strip search” only $5000 was awarded.
Clarifying “proof of harm”
In making its determination in Nammo, the Court referred to the Supreme Court of Canada decision in Vancouver (City) v Ward, where damages were awarded despite there being no maliciousness, no intention to harm, and no harm shown. The decision to make an award was based on reasoning that awards of damages serve multiple persons, including compensation, vindication and deterrence and accordingly the recognition that even where no harm need be compensated for, damages could still be warranted where the aims of vindication and/or deterrence were met.
In the Chitrakar case the damage award was not based on proof of harm. Rather, the court writes:
[t]he fixing of damages for privacy rights’ violations is a difficult matter absent evidence of direct loss. However, there is no reason to require that the violation be egregious before damages will be awarded. To do so would undermine the legislative intent of paragraph 16(c) which provides that damages be awarded for privacy violations including but not limited to damages for humiliation.
I’ve written before about the US requirement for proof of harm in such cases, juxtaposing it against the formula set out in the Ontario Court of Appeal’s Jones v Tsige decision (an important decision because it established a common law tort of privacy in Ontario) and arguing that the breach of privacy is in itself the harm, and that the meaning and purpose of damages being available for privacy breaches are compromised when proof of (additional) harm is required.
The Chitrakar case underscores the emerging recognition that a privacy violation is in itself harmful and deserving of redress, this time articulated by the Federal Court of Canada in a decision under PIPEDA. This is further evidence of an increased awareness that privacy is an important part of the right of dignity and autonomy and that redress for violations is justified once the infringement has established, regardless of whether any further harm has ensued.
This decision is good news—for advocates of privacy rights, for scholars of the interpretation and application of privacy law, and for ordinary consumers trying to protect their personal privacy and dignity.
**thanks to David T.S. Fraser for finding the decision and putting it on Google Docs.