4 min read
09 Apr
Privacy Law


Some believe our privacy is under siege.

Cameras on apartment and home doors, traffic cameras, CCTV in transit, vehicle cameras, red light and speeding cameras, and cameras at toll booths are among the devices that track our movements and actions.

Then there are government institutions, organizations and employers that have so much of our health, financial, workplace, and other personal information.

Of course, there are limits and controls on the gathering, use, and retention of personal information.

At the federal level, there is Bill C-27 which will protect personal information in the private sector. The Bill really encompasses three pieces of what will become new statutes:

(1) The Consumer Privacy Protection Act (CPPA); (2) The Personal Information and Data Protection Tribunal Act (to review decisions made by the federal privacy commissioner and with power to make orders if there is contravention of the CPPA); and (3) The Artificial Intelligence and Data Act (to limit invasion of our privacy by artificial intelligence technology).

The penalties for a security breach and exposure of private information by a private sector organization (such as cell phone company, retailer, money lender) are now very severe (and may go into the tens of millions of dollars).

More generally, at the individual level, to control another’s snooping into our mail, private spaces, and personal information, the common law is increasingly comfortable with allowing for a lawsuit based on intrusion upon seclusion.


Caution: Legal information is not legal advice. 

This blog merely provides a general guide to the subject matter. 

New and interesting information will be periodically added on this topic.

© 2022, Toronto.   Links available below.


WHEN PRIVACY IS VIOLATED one can look to (i) provincial legislation that may exist pertaining to intimate pictures or cyberbullying (and civil remedies), (ii) to the common law for applicable torts (perhaps, assault, trespass, private nuisance, defamation, or intrusion upon seclusion), (iii) federal or provincial laws pertaining to organizations and government bodies keeping your private information confidential, and (iv) the criminal law if the snooping, harassment, threatening, intimidation, or extortion contravene provisions of the Criminal Code. While some of these remedies seem like self-help, consultation with a legal advisor is prudent. This is general information, not legal advice.

WHAT PRIVACY RIGHTS ARE PROTECTED BY THE CONSTITUTION? Human rights legislation enacted by the provinces, territories and federal government is often accorded the same kind of respect and regard as Constitutional provisions.

More directly, the Canadian Charter of Rights and Freedoms protects privacy as it relates to our bodies and homes (s. 8). A search of your home, body and many electronic devices has to be done with the approval of a judge based on reasonable and probable grounds of criminal activity.  Anything less would be unreasonable search and seizure!

Under section 7 of the Charter the expression “life liberty and security of the person” allows for considerable latitude for protection of a number of values we cherish including privacy.

Judges have often stated that in making decisions, they should have regard to Charter values – rights and freedoms expressed in the Charter.


•             In the late fall of 2022, the Australian health insurer, Medibank, reported that data concerning nearly 10 million customers had been stolen. Medibank refused to pay a ransom and risked public exposure of its data. A class action lawsuit is anticipated.

•             About the same time, American Airlines announced that private information of about 2000 customers and employees had been breached while U-Haul reported a breach of customers’ names and driver’s licenses affecting a much larger number of customers.

•             In 2020, the Canada Revenue Agency admitted data breaches that affected the personal information of 60,000 Canadians.

MORE INFORMATION BELOW CAUTION & BOOK SUGGESTION THAT FOLLOWS© 2022, Toronto. All Rights Reserved. Please visit us at our alternate website: https://www.fera-gasparini.ca/ and also to have a quick look inside our new book on Canadian Law and Business Studies: https://bit.ly/3Ay0lSR.This book contains a full chapter on "Privacy Law"

Can my private information be given out by a business? Even in the simplest of online interactions or transactions, personal information including address, cell phone number and email are provided. Obviously, there is also an electronic footprint of you giving that information to someone else for a purpose. Stores like Home Depot want to sell items, record the sales, and replenish stock. But the store also knows who made the purchase of what. This happened, and ‘who purchased what’ was communicated to the parent company of Facebook - Meta - to determine the effectiveness of Facebook ads. But that information also appeared in the Off-Facebook Activity of Facebook and was used by Meta for other purposes. The federal Privacy Commissioner investigated and found that explicit consent would be needed for such use(s) and explicit meaningful consent was not obtained. For precise details, see PIPEDA Findings #2023-001 (January 26, 2023). This is merely general information.

CAMERAS IN CONDOMINIUMS: Condominiums come in various forms from apartment towers to detached “homes/units”. So, what will constitute breach of privacy will vary. A camera in a peep hole that sees the comings and goings of your neighbour across the hall is likely NOT permitted. But cameras in common areas installed by the corporation - entrance lobby, parking area, laundry room - for security purposes are likely allowed as the expectation of privacy diminishes in common areas. Cameras are less likely to be in breach of privacy rights if overt - out in the open - and there is signage indicating their presence. A 2019 Canadian case established that hidden cameras installed by police require a warrant. This is a developing area of law, and this is only general information.

If some organization that has my personal information is hacked, can I sue that organization because of weak security measures? Organizations and companies cannot be sued using the tort of intrusion upon seclusion if personal information they have and store is hacked by third-parties - “database defendants” with inadequate security measures. However, database defendants may be liable for their failure to protect the plaintiffs’ privacy interests in the stored material in negligence, contract, and under various statutes. The inability to successfully sue the hacker is no reason to make a database defendant liable, not only for its own wrongdoing, but also for the invasion of privacy perpetrated by the hacker.

* The email will not be published on the website.