Privacy Class Actions in Canada: the misconceptions, the pitfalls and the path forward

  • March 26, 2021
  • Sage Nematollahi, KND Complex Litigation

Courts in Ontario and Alberta have recently issued several significant decisions in privacy class actions.  In January 2021, the Alberta Court of Queen’s Bench declined to certify a class action against Uber arising out of a data breach reported in 2016, finding that there was no evidence of harm.[i]  Shortly thereafter, in February 2021, the Ontario Superior Court of Justice denied a certification motion in a privacy class action against Facebook arising out of the Cambridge Analytica scandal, finding that there was no evidence to substantiate the claim.[ii]  These two decisions followed the prevailing trend of the dismissal of privacy class actions in Canada, in which courts have generally found that there is no evidence of harm, or that the information at issue did not rise to a level that would support the finding of a reasonable expectation of privacy, or both.[iii]

Also in February 2021, the Ontario Superior Court of Justice approved the settlement in a privacy class action against Yahoo!, which opportunity the Court took to provide a review of the landscape of privacy class actions in Canada.  Amongst other observations, the Court noted that privacy class actions have an 80% success rate at certification and, therefore, are at “a low risk of not being certified.”[iv]

These decisions represent significant developments in the relatively novel and rapidly evolving area of privacy class actions, and they may be considered from different perspectives.  This article outlines a few practical takeaways that would contribute to a more predictable practice of privacy class actions in Canada.