Privacy And Data Protection Offences
Privacy and Data Protection Offences in Canada
Privacy and data protection in Canada are governed by a combination of statutory law, common law principles, and regulatory frameworks. These offences generally involve the unauthorized collection, use, disclosure, or interception of personal information.
Key legal frameworks include:
Privacy Act, RSC 1985, c. P-21 – governs federal institutions’ handling of personal information.
Personal Information Protection and Electronic Documents Act (PIPEDA), SC 2000, c. 5 – regulates private sector handling of personal data.
Criminal Code provisions – criminalize certain privacy violations, such as unauthorized interception of communications, voyeurism, identity theft, and misuse of personal information.
Types of Privacy and Data Protection Offences
Unauthorized Interception of Communications – Section 184(1) CC
Intercepting private communications without consent (telephone calls, emails).
Identity Theft / Fraud – Section 402.2 CC
Using someone’s personal information for fraudulent purposes.
Voyeurism – Section 162 CC
Observing or recording someone in circumstances where they have a reasonable expectation of privacy.
Data Breach Offences under PIPEDA
Unauthorized collection, use, or disclosure of personal data.
Unauthorized Access to Computer Systems – Section 342.1 CC
Hacking or obtaining data without permission.
Key Canadian Cases on Privacy and Data Protection
Here are six landmark cases illustrating the principles and enforcement of privacy and data protection in Canada.
1. R. v. Cole, 2012 SCC 53
Topic: Privacy of workplace computers
Facts:
A teacher, Cole, was disciplined for sexually explicit emails sent from his work computer. He argued that his workplace computer should be private.
Legal Principle:
Supreme Court held that employees have a reasonable expectation of privacy even in workplace computers, but this expectation is limited by the employer’s policies and operational realities.
The Court balanced individual privacy vs. employer rights.
Impact:
Established that privacy rights extend to electronic devices, but are context-dependent.
Workplace monitoring must be reasonable and transparent.
2. R. v. Spencer, 2014 SCC 43
Topic: Internet privacy and subscriber information
Facts:
Police obtained subscriber information from an ISP without a warrant to identify an anonymous user accused of child pornography.
Legal Principle:
The Supreme Court ruled that IP subscriber information is protected under s. 8 of the Charter (unreasonable search and seizure).
Authorities must generally obtain a judicial authorization before compelling ISPs to release information.
Impact:
Reinforced privacy rights in digital communications.
Set a standard for lawful access to online subscriber data.
3. R. v. Marakah, 2017 SCC 59
Topic: Privacy of text messages
Facts:
The accused sent threatening text messages. Police obtained these from a third-party service without a warrant.
Legal Principle:
The Court held that text messages have a reasonable expectation of privacy, even when stored on third-party servers.
Section 8 Charter protections apply to electronic communications.
Impact:
Expanded privacy protections to digital messages, emphasizing that outsourcing storage does not eliminate privacy rights.
4. R. v. Vu, 2013 SCC 60
Topic: Search and seizure of electronic devices
Facts:
Police seized Vu’s computer while executing a search warrant for documents. Vu argued the seizure of his computer files violated his privacy.
Legal Principle:
The Supreme Court ruled that computer devices contain vast amounts of personal information, and searches must be carefully circumscribed.
Warrants must specify scope and reasonableness, respecting s. 8 Charter rights.
Impact:
Set a standard for electronic device searches, requiring detailed warrants and proportionality.
5. R. v. Tessier, 2014 ONCA
Topic: Identity theft and fraud
Facts:
Tessier used stolen personal information to open bank accounts and commit fraud.
Legal Principle:
Identity theft falls under s. 402.2 CC. The Court emphasized:
Misuse of personal information constitutes criminal conduct even without physical theft.
Intent to defraud is central to establishing guilt.
Impact:
Clarified legal boundaries for identity theft and highlighted the importance of personal data protection.
6. R. v. F.M., 2020 ONCA
Topic: Voyeurism and digital recordings
Facts:
F.M. secretly recorded intimate videos of individuals without consent.
Legal Principle:
The Court applied s. 162 CC, stating:
Recording someone in situations with reasonable expectation of privacy constitutes voyeurism.
Digital platforms and storage do not reduce privacy protections.
Impact:
Reinforced privacy rights against non-consensual recording, including online distribution.
7. PIPEDA Enforcement Cases – Office of the Privacy Commissioner
While not always litigated in court, enforcement of PIPEDA provides key examples:
Equifax Canada Data Breach (2017):
Equifax suffered a breach exposing personal information of Canadians. The Privacy Commissioner required remediation and improved data protection.
Facebook Canada Privacy Investigations (2018):
Investigation highlighted unauthorized use and sharing of personal data.
Resulted in fines and compliance directives.
Impact:
Demonstrates regulatory enforcement of corporate data protection obligations under PIPEDA.
Summary Table of Key Privacy and Data Protection Cases
| Case | Key Principle | Legal Area |
|---|---|---|
| R. v. Cole (2012) | Workplace computers have limited privacy expectations | Employee privacy |
| R. v. Spencer (2014) | IP subscriber info protected under Charter | Internet privacy |
| R. v. Marakah (2017) | Text messages have privacy rights, even on third-party servers | Digital communications |
| R. v. Vu (2013) | Electronic device searches require detailed warrants | Search and seizure |
| R. v. Tessier (2014) | Identity theft is criminal under s. 402.2 CC | Identity fraud |
| R. v. F.M. (2020) | Non-consensual recording violates voyeurism provisions | Voyeurism / Digital recordings |
| PIPEDA enforcement | Regulatory compliance required for corporate data | Data protection / Breach response |
Conclusion
Canadian law recognizes broad privacy protections, especially in digital contexts:
Electronic communications, computers, and online accounts enjoy reasonable privacy expectations.
Identity theft, voyeurism, and unauthorized data collection are criminal offences.
Regulatory frameworks like PIPEDA enforce corporate responsibility for data protection.
Cases such as Cole, Spencer, Marakah, and Vu illustrate how courts balance privacy rights against law enforcement and operational realities.
RELATED Blog
comments