The eruption of the digital media era

The eruption of the digital media era

The eruption of the digital media era in the 21st Century has sparked the development of privacy law. Canada, in particular, has witnessed an upsurge in litigation about this area and new legislative changes awaiting enforcement. There is a frequent report of data and information breaches in the news, posing substantial financial and legal risks to entities that are involved in the handling and processing of data. A 2015 study by the renowned Ponemon Institute LLC and IBM revealed that misappropriated or stolen data records could lead to hefty costs amounting to a median of $5.32 million for a Canadian company weighted at an average price of $250 for each data record. The security of personal data in the digital media age is no longer a simple moralistic practice but rather a mandatory practice. The current reality in Canada is that Canadian business is now facing the impending possibility of legal action resulting from a breach of data privacy.

Unauthorized disclosure of data in Canada has elicited a myriad of court cases in the past few years. The legal claims tend to be emanating from diverse industries, including online gaming, healthcare, retail, banking, government, and social media. Canadian officials have witnessed numerous such cases arising from procedural impropriety in data collection, hacking incidents, and negligent employee mannerisms in the handling of information records. Canadian citizens whose personal information privacy is breached have several common and statutory law tools within their reach to institute a legal claim. This paper seeks to analyze the landscape of privacy protection laws in digital media to determine that they are necessary for the economic development of a country.

There are 38 distinct statutory laws in Canada that regulate and govern the handling, collection, and consumption of personal data and health records. All these legislative instruments speak to the protection of privacy rights. Legal causes of action leading to an award of compensatory damages are facilitated through the Personal Information Protection and Electronic Documents Act (PIPEDA), the Privacy Act, and Canada’s Anti-Spam Legislation (CASL). Common law actions also feature in the protection of privacy rights. The tort of intrusion upon seclusion was upheld in the Canadian court case of Jones vs. Tsige, 2012 ONCA 32. This court case allows a plaintiff to have a common law legal action leading to the recovery of damages of up to $20,000 without proving any monetary loss incurred. Besides, the privacy tort of public disclosure of confidential data was acknowledged and accepted in Ontario in the case of Jane Doe 464533 v. D., 2016 ONSC 541. This case served to remove the cap set in awarding of non-pecuniary damages in the earlier example of Jones vs. Tsige as the Plaintiff suffered huge losses non-monetary wise.

Legal action in breach of contract may also be allowed if there is an express contract or implied contractual provision about the protection of personal data. One can also have a claim in negligence by proving an entity deliberately failed to instill precautionary measures for the protection of data. In taking preventive action, an organization is required to promptly notify affected persons in case of a breach and invoke mitigating measures to inhibit further pilferage of the personal information. It is interesting also to note that individual plaintiffs have creatively devised suits like torts of breach of confidence, breach of fiduciary obligations that are obligations of good faith. Others have couched such claims on the basic human rights violation in terms of the right to freedom of movement and the right to a reasonable expectation of privacy as provided under sections seven and sections eight, respectively of the Canadian Rights and Freedoms Charter.

The Federal Government is vested with the constitutional mandate to oversee the handling of personal data in possession of the entities under its regulatory purview and located in Canada. Provincial governments are, on the other hand, constitutionally obliged to oversee the handling of personal information in possession of provincially governed entities. TO be specific, the federal PIPEDA applies to personal data controlled by all private entities in some of the provinces. In essence, the Act applies to industries such as the broadcasting and the telecommunications sector, banking sector, shipping, and logistics sector, which tend to disseminate vast amounts of data and information. However, the federal PIPEDA does not have jurisdiction over commercial activities within the provinces of Alberta, British Columbia, and Quebec that have enacted provincial protection legislation. The legal cause of action under PIPEDA and its similar provincial statutory instruments is expressly premised on authorized use and access to personal data in the custody of any organization. The defense that can be pleaded under PIPEDA is elicited where a company can prove that it exercised all reasonable due diligence mechanisms to inhibit leakage and misappropriation of personal information. A classical illustration warranting litigation under PIPEDA is espoused in the case of Chitrakar vs. Bell Tv 2013 FC 1103. The Plaintiff, in this case, sought punitive damages against Bell Tv emanating from Bell conducting a background check on his credit status before the installation of satellite service. The Plaintiff stated to the Court that the said rigorous check hurt his credit score, causing him to suffer anxiety, pain, suffering, and humiliation. The Court, in this instance, found Bell liable for breach of PIPEDA and granted the Plaintiff up to $21,000 in monetary compensation owing to Bell’s lack of consultation with the Plaintiff before conducting the credit status check.

The courts have encapsulated common law causes of action in areas and provinces in Canada that are yet to adopt the Privacy Acts of British Columbia. This application of common law has led to the emergence of a legal action referred to as the tort of intrusion upon seclusion. The said tort in common law was first enunciated in the hallmark case of Jones vs. Tsige. A tripartite liability test was established in this case modeled on the three facets, including whether there is a reckless and intentional breach of privacy, whether there is a lack of legitimacy and legal backing, and finally, whether the offense can be seen as offensive in the eyes of the common man. This test particularly applies to typical cases relating to information on a person’s sexual orientation, financial news, and private correspondence. Further, as previously indicated above, compensation of up to $20,000 is automatically granted without proof of actual losses.

Another tort developed in the realm of privacy rights is the tort of public disclosure of embarrassing personal information. The Ontario Superior Court of Justice propagated this tort in the name of “revenge porn” as elicited from the facts of Jane Doe 464533 vs. D., 2016 ONSC 541. The satisfying ingredients of this tort include public revelation of private information, scandalous and offensive publication of such information which to the general public is deemed not to trigger public concern. Jane Doe’s case pertained to the posting of an intimate video of her on an open website. The said post was made by her ex-boyfriend, who had convinced her that the said video would be kept private. The Court, as a result, ruled that the Defendant was guilty of breach of privacy, deliberate infliction of mental distress, and the tort of public revelation of intimate facts. Upon considering these issues, the Court granted the Plaintiff a whooping $141,000 inclusive of all attendant costs.

The Court’s exemplary decision in Jane Doe had tremendous effects on the comprehension of Canadian privacy law. The broadening of privacy litigation was welcomed in the development of the new tort of public disclosure of private facts. Nevertheless, it can be argued that since the Defendant did not provide a defense to this cause, there is an imminent expectation of clarification and sophistication of the new tort in future decisions. Currently, the decision has served to provide immense support for aggrieved persons seeking civil redress against cyber sexual assault and cyberbullying, which have become notorious in this digital age. The courts will have to strike a balance between privacy rights and a rapid increase in the use of social media platforms by perpetrators of such kinds of digital bullying and sexual assault.

The general trend construed based on the above-discussed cases and statutory instruments are that the law of privacy has resorted to giving individuals the power to control their online reputations in the digital age. Privacy law emphasizes the protection of personal data by the persons who have authority to access such data. The new developments in privacy law have elicited various implications for business organizations. For instance, in the utilization of social media sites, artificial intelligence and data analytics in marketing can have negative consequences. Liability could arise when the entity discloses incorrect information regarding an individual’s use of a particular product. Such misstatements in the digital era tend to have significant financial consequences for businesses when an individual decides to take legal action against them.

Another worrying factor in the world of business is that the law is so precarious in the protection of personal data. Any person can bring a civil action on account that a particular organization has deliberately failed to amend and correct information relating to one of their clients, which is posted on a public website. These actions tend to worsen where companies are faced with additional regulatory penalty impositions in the statute. Financial and legal risk mitigation mechanisms when it comes to personal data processing and handling has become so prominent with many companies opting to exercise due diligence in fostering precautionary measures to avoid making misleading public assertions. Company press releases or notifications about workplace investigations or on the separation of an employee could be a turning point for an organization in the event such situations are mishandled and falsely reported. Numerous businesses are under pressure to adequately vet the accuracy of any personal information and data that they release for public consumption.

The new and innovative tort in privacy law addresses the notorious challenge of “deep fakes.” These include videos that are manipulated by Artificial Intelligence, imposing an individual’s face onto another individual’s body and in the event causing significant online reputational damage. In its current structure, the new tort does not make it mandatory for “deep fake” victims to provide evidence of damage or losses. Nevertheless, deep fakes can be so adverse against a business to the point of causing enormous financial injuries. A good illustration is, for instance, where a senior company executive falls victim to a deep fake video spreading negative news about the company. Such videos can cause devastation to the extent of the entity’s stock prices plummeting at an alarming rate. In essence, privacy law developments are critical in preventing distortion of personal information in the internet age, which has proven to have far-reaching emotional and financial consequences.

In conclusion, individuality in privacy laws is the primary focus in the protection of data. One cannot merely state that these laws are entirely designed for economic advantage and benefit of a country rather these laws are specifically tailored to elicit a sense of responsible utilization of personal data in the public domain. It is a thump rule that those entities which are entrusted with sensitive personal data ought to rise above the clamor for profit and protect the integrity of such data. The key emphasis is that the new privacy law developments provide a mechanism for checks and balances for those who exercise enormous power over personal information in the public space and those who have the ability to manipulate such data to the detriment of others.