Ontario Court of Appeal rules against plaintiffs in trilogy of privacy class actions

In a highly anticipated trilogy of privacy class action certification appeals, the Ontario Court of Appeal refused to certify three class actions based on the tort of intrusion upon seclusion. In Oswianik v. Equifax Canada Co., Obodo v. Trans Union of Canada, Inc., and Winder v. Marriott International, Inc., the Ontario Court of Appeal held that defendants who collect and store personal information of individuals in databases (Database Defendants) cannot be held liable under the tort of intrusion upon seclusion when cyber criminals illegally access or steal that information. 

In recent years, claimants have attempted to expand the tort’s application to cyber security and privacy breaches and sought to have class actions certified, seeking aggregate assessment of the moral or symbolic damages that are available for intrusion upon seclusion. This decision trilogy from the Court of Appeal is likely to slow this trend. However, as noted by the Court of Appeal, Database Defendants could remain liable in negligence where their failure to take adequate steps to protect information causes actual – as opposed to symbolic – damages. 

Read our bulletin on this topic available on BLG’s website.

This content has been updated on December 14, 2022 at 14 h 06 min.