Tort of intrusion upon seclusion is inapplicable to “database defendants” who may have permitted third party to intrude
Ontario Divisional Court strikes intrusion upon seclusion claim based on recklessness
In a two to one split decision before the Ontario Divisional Court in Owsianik v. Equifax Canada Co., the majority of the three judge panel has struck a class action claim against Equifax Canada that was based on the tort of “intrusion upon seclusion”. The tort, as first established in Canada in Jones v. Tsige, could be applicable where the defendant was intentional or reckless in the intrusion. In the case before the Court, Equifax Canada appealed a certification decision that would have allowed the case to proceed based on the allegation that Equifax had been reckless.
The plaintiffs argued on appeal that the contours of the privacy tort are evolving and it should be up to the trial judge to determine whether Equifax had been reckless and, if so, whether it triggered the intrusion tort. Equifax, on the other hand, argued that the certification judge’s decision went beyond the “incremental development principle” and that novel claims such as these should be vetted at the certification stage.
The majority of the three judge panel of the Divisional Court allowed Equifax’s appeal, reasoning:
 The tort of intrusion upon seclusion was defined authoritatively only nine years ago. It has nothing to do with a database defendant. It need not even involve databases. It has to do with humiliation and emotional harm suffered by a personal intrusion into private affairs, for which there is no other remedy because the loss cannot be readily quantified in monetary terms. I agree that Sharpe J.A.’s definition of the tort is not necessarily the last word, but to extend liability to a person who does not intrude, but who fails to prevent the intrusion of another, in the face of Sharpe J.A.’s advertence to the danger of opening the floodgates, would, in my view, be more than an incremental change in the common law.
 I agree with my colleague (paragraph 43) that Equifax’s actions, if proven, amount to conduct that a reasonable person could find to be highly offensive. But no one says that Equifax intruded, and that is the central element of the tort. The intrusion need not be intentional; it can be reckless. But it still has to be an intrusion. It is the intrusion that has to be intentional or reckless and the intrusion that has to be highly offensive. Otherwise the tort assigns liability for a completely different category of conduct, a category that is adequately controlled by the tort of negligence.
The court also concluded that if a defendant had not taken adequate steps to secure their databases, the tort of negligence “protects them adequately and has the advantage that it does not require them to prove recklessness.”