Granger v. Ontario: First Class Action of a s. 8 Breach
Aamir, Fatima, Granger v. Ontario: First Class Action of a s. 8 Breach, Toronto Law Journal, November 28, 2024
In this article, Fatima Aamir provides a summary and analysis of a Superior Court of Justice decision dealing with the merits of a class action claim that the province of Ontario violated s. 8 of the Canadian Charter of Rights and Freedoms, which protects against unreasonable search and seizure, by retaining the profiles of innocent DNA donors. The class action also alleged that the ongoing retention of the DNA profiles violates the common law right to privacy. A summary judgment hearing was held earlier this year.
***
The recent common issues trial decision in Granger v Ontario, 2024 ONSC 6503, determined the first constitutional privacy breach class action in favour of the Class. The Court found that Ontario’s actions in collecting and retaining the DNA profiles of innocent individuals violated those individuals’ s. 8 Charter rights but did not constitute intrusion upon seclusion. On the basis that there are at least 7,267 identified class members, aggregate Charter damages (in respect of the vindication and deterrence, but not compensatory, aspects) of $7.267 million were awarded.
Summary of the decision
The representative plaintiff was employed as a migrant farm worker in Vienna, Ontario. OPP officers investigating a crime in the region obtained samples from all the migrant workers at the farm for comparison against a crime scene sample.* After comparing the DNA profiles generated from those samples, none were a match. The Ontario Centre of Forensic Sciences (CFS) destroyed the physical DNA samples, but retained the DNA profiles in accordance with its standard practice.
Liability
The Class asserted two breaches of s. 8 of the Charter (the protection against unreasonable search and seizure):
- At the outset, that their consent was not fully informed and that the consent form used by the OPP misrepresented what the CFS would, and did, do with their DNA profiles (the “search”); and
- That they did not consent to the CFS’ ongoing retention of their DNA profiles (the “continued seizure”).
There are two steps to a Charter s. 8 analysis. The first is whether a state examination has intruded upon someone’s reasonable privacy interest (i.e., whether a “search” occurred). If a search occurred, the court then considers whether the search was reasonable.
At the first step, the Court found that the Class had established a reasonable expectation of privacy which had not been waived via consent. At the second step, it found that neither the initial search nor the continued seizure of the data were reasonable.
The test for determining whether an individual has a reasonable expectation of privacy is well established. As enunciated by the Supreme Court in R. v. Tessling, courts must assess: the subject matter of the search, whether the claimant had a direct interest in the subject matter, whether the claimant had a subjective expectation of privacy in the subject matter, and whether this subjective expectation was objectively reasonable.
Regarding the first factor, the CFS argued that it retained the DNA profiles on an “anonymized, unused” basis (i.e. the DNA profiles were not being used in investigations, and were not stored linked to individual names, such that they could not readily be identified), and therefore that the Class had no reasonable expectation of privacy in the subject matter of the search. The Court rejected this narrow characterization as being incompatible with the “functional and holistic” approach necessary to this analysis; such an approach calls on courts to look beyond the actual information that comprises the subject matter of a search towards what might be revealed about individuals because of that information.
The class members were held to have direct interest in the subject matter, including both personal privacy interests and significant informational privacy interests. This latter point is noteworthy, as the Court relied not just on what can be gleaned from the stored DNA profiles in the present (such as one’s identity and familial relationships), but also what may be discovered through potential future comparisons of the stored DNA profiles with other forms of DNA profiles that could be generated from different types of testing (which has only been done in academic contexts to date) – in other words, what was possible to do with the data was given as much weight as what had actually been done with the data.
The CFS also argued, again relying on its anonymization process, that the Class had no expectation of privacy in DNA profiles unused and de-linked from identities. The Court rejected this argument in regard to both the initial search and the continued seizure, finding that the Class only expected the samples to be taken for a limited, specific purpose―use in a criminal investigation, to be removed if no match was not found―and that other uses, even by CFS, would not have been within their expectation.
Due to the foregoing, the Court held that the Class had a subjective expectation of privacy in the subject matter and that this expectation was reasonable.
Importantly, the Court conducted a detailed analysis to support a finding that class members’ consent was not vitiated by the content of the province-wide standard consent forms. The Court confirmed that the civil law approach to burden of proof in Charter s. 8 cases is consistent with the criminal law approach, despite the differing standard of proof. Once a plaintiff has established a reasonable expectation of privacy, the burden still shifts to the State to illustrate it had a valid defence. The Court reiterated that this shift in onus is important for s. 8 to offer any meaningful protection, as the State must justify why its own interests take priority over the plaintiff’s.
Although acknowledging that the de-linking processes constituted good faith efforts to comply with the Criminal Code, the Court found that merely anonymizing data is not the same thing as permanent removal of data, particularly given the significance of the State’s access to said data. Even in the face of undisputed evidence that the CFS has never “re-linked” profiles, the Court erred on the side of constraining State overreach in retaining the information to “re-link” profiles and glean private information about the Class members. Given that the CFS never intended to remove the data (only to anonymize it), the Court went so far as to characterize the standard consent form as misrepresenting the State’s actions.
After finding that both s. 8 breaches occurred, the Court did not engage in a s. 1 analysis, concluding that it was not needed without an impugned statutory provision.
The Court gave the Class’ intrusion upon seclusion claim short shrift, concluding that the state of mind requirement for the tort (i.e., the requirement that the CFS’ conduct be intentional or reckless) was not met because the CFS’ inadequate attempts to protect the privacy interests of the Class were taken in good faith.
Damages
In consideration of the three purposes of monetary Charter damages, the Court found first that compensation was not a relevant purpose because there was no evidence that the DNA profiles had been accessed improperly, or that any concerns the Class members had about retention of their DNA profiles caused any compensable damage.
The Court did, however, grant Charter damages in order to vindicate the rights of the class members and deter future violations, relying on evidence that the CFS ignored relevant policy recommendations given by the Office of the Independent Police Review Director in 2016.
The limited immunity from damages established by the Supreme Court in Ward v. Vancouver (City) did not apply in this case, given the Court’s conclusion that the conduct of the CFS “was, in fact, at odds with the legislative direction”, rather than furthering a legitimate legislative or policy-making purpose. Accordingly, there were no countervailing good governance concerns warranting against granting an award of Charter damages of $1,000 per Class member.
The Court then went on to grant an aggregate damages award, referencing the holdings in Ramdath v. George Brown College that the “reasonableness” standard for measurement criteria is not particularly rigorous, and that aggregate damages should be more routine than exceptional. Thus, despite the parties’ inability to determine the precise number of Class members, the Court simply utilized the “reasonable” class size agreed upon by the parties, and multiplied to determine an aggregate damages award quantum of $7,267,000.
Additional comments on the decision
As one of the very few privacy class action merits decisions to date, Granger offers helpful insight on some key issues, albeit with an analytical focus on Charter principles rather than the more commonly litigated privacy torts.
First, with regard to the general approach to privacy rights and when a reasonable expectation of privacy exists, Granger is the first merits decision to adopt the Supreme Court’s broadening of the Tessling approach in R v. Jarvis. There, the Court found that assessing an individual’s reasonable expectation of privacy requires conducting a “contextual assessment that takes into account the totality of the circumstances”, and specifically acknowledged that the same information may be private or not private, depending on contextual factors.
The Court’s engagement with Jarvis in this case stands out because, although the broad, contextual approach to privacy interests has been referenced previously in civil privacy breach matters,** Ontario courts have more commonly adopted explicitly acontextual assessments, particularly in class actions.
In Broutzas v Rouge Valley Health System, for example, the Superior Court (later upheld by the Divisional Court) declined to certify a proposed class action because it found that there was “intrusion but little, if any, seclusion” when hospital employees stole patient contact information in order to sell parents RESPs for their newborns. The Court found a lack of privacy interest in the stolen information because “[p]eople readily disclose their address and phone number to bank and store clerks, when booking train or plane tickets or when ordering a taxi or food delivery” and “the birth of a child is rarely a purely private matter”.
Broutzas, and the numerous other decisions in that vein, stand for the all-or-nothing approach to privacy which was explicitly disclaimed by the Supreme Court in Jarvis, whereas Granger represents a step in another direction.
The Court’s adoption in Granger of the “functional and holistic” approach to considering the subject matter of a privacy breach also represents a departure from the civil privacy breach jurisprudence to date. As described by the Court of Appeal in R v El-Azrak, this approach requires consideration not just of the raw data that was the technical subject of the privacy breach, but also the “nature of the information that could be inferentially derived from that raw data”. Accordingly, the Court in Granger found that the subject matter of the breach was not just the de-linked DNA profiles themselves, but rather all of the information that could be garnered by usage of those profiles, even in the absence of any evidence that the profiles had, in fact, been used, because “the necessary information [still resided] with [the defendant].”
Despite the Court of Appeal’s recognition back in 2012―an eon ago, in technological terms―that the collection and aggregation of information enabled by technology poses a novel threat to privacy, Canadian courts have been reluctant in the civil context to adopt any such functional or holistic analysis when grappling with the question of harm, focusing only on the types of data stolen rather than the full universe of what could be inferentially derived from those types of data,*** despite today’s reality of even more sophisticated hackers and fraudsters.
Another angle of this “functional and holistic” approach manifested in the Court’s rejection of the defendant’s arguments regarding anonymization. Typically, the legislative definition of personal information (information about an identifiable individual) has bounded civil privacy litigation, but the Court in Granger found it dispositive that de-anonymization was technically possible, even if it had not ever occurred, rejecting the submission that anonymization negated or even neutralized the privacy breach. Whether this reasoning finds broader application remains to be seen.
A further significant aspect of the Court’s overall approach to privacy rights is regarding the standard consent forms. The Court’s decision hinged on the fourth requirement for consent of bodily materials to be valid, per R v. Wills: that the giver of consent was aware of the nature of the police conduct to which they were being asked to consent. The Court found that, even though the Class members were aware from the standard consent form that they were being asked to provide DNA samples for CFS testing, the specifics of the process were not disclosed properly to them. Whether this stringent assessment of the sufficiency of a purported consent will be adopted in other, lower stakes, contexts, also remains an open question.
The Court’s decision on the damages issues in Granger is relatively straightforward. In the face of an ongoing violation of Charter s. 8 that could not be rectified, it followed logically that a simple declaration could not have sufficed and that monetary damages were justifiable. In other words, Granger does not address the fact that there remains a high bar for Charter damages. Depending on the facts of future cases, this will remain a barrier to adequate redress for class members who experience Charter violations, especially if such violations involve intangible losses as the Class argued for in this case, the validity of which was a question sidestepped in this decision.
*Justice Akbarali made a point of acknowledging the “problematic” scope of the DNA canvass in her decision, noting that “many of the migrant workers tested, including Mr. Granger, did not match the description of the perpetrator [a Black male in his mid-20s] in the slightest”. A Human Rights Tribunal of Ontario proceeding regarding the DNA canvass at the farm where Mr. Granger worked was settled on terms that required the CFS to “delete permanently all electronic and digital data comprising and related to the DNA profiles of the migrant workers who provided DNA samples as part of that canvass”: Granger at fn 1.
**See e.g. Stewart v Demme, 2020 ONSC 83 at para 70, then reversed on this point, 2022 ONSC 1790 at paras 25-26.
***In Setoguchi v Uber BV, 2023 ABCA 45, for example, the Alberta Court of Appeal described the theft of names, email addresses, telephone numbers, geolocation information and driver’s license information as “the simple loss of publicly available information” amounting to there being “no hope of establishing…compensable injury or loss” as a result of the privacy breach: see par
Fatima Aamir is an articling student with Goldblatt Partners LLP.
Practice Areas
Civil Litigation, Class Action Litigation, Constitutional Law