The Reasonable Expectation of Privacy in the Information Age: R v Spencer
On June 13, 2014, Cromwell J., in R v Spencer, 2014 SCC 43, gave a ruling on whether or not Matthew David Spencer had a reasonable expectation of privacy with respect to his subscriber information. Contrary to the decision of the trial judge, Cromwell J. concluded that since “[t]he disclosure of the subscriber information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities could be anonymous…” (para 66), the request made by the police to the Internet Service Provider (ISP), Shaw Communications Inc., without prior judicial authority, was a breach of Mr. Spencer’s section 8 Canadian Charter of Rights and Freedoms rights.
In deciding this case, Cromwell J. made three interesting assertions regarding an individual’s rights to Internet privacy.
Protection Against Unreasonable Search of Intimate Life Details
In determining whether Mr. Spencer had a reasonable expectation of privacy, Cromwell J. first addressed the subject matter of the alleged search. Cromwell J. found that the subject matter was the specific identity of a subscriber whose Internet connection was linked to a particular monitored Internet activity (the downloading of child pornography) (para 33).
In the present case, the subject matter was not simply a name and address of an individual in a contractual relationship with Shaw. Rather, it was information about the individual that “tends to reveal intimate details of the lifestyle and personal choices of the individual” (para 27; R v Plant, [1993] 3 SCR 281 at 293). Once the police linked the subscriber information to Mr. Spencer’s Internet activities, the police could make inferences about the intimate lifestyle of Mr. Spencer. It was this link between the identity of the Internet subscriber and the subscriber’s Internet activity that Cromwell J. considered to be a breach of Mr. Spencer’s section 8 rights.
Cromwell J.’s ruling is important as it provides clarity as to what factors the courts should take into account in characterizing the subject matter of a search. Additionally, it also allows courts to look at subscriber information in a new light: as information that has the power to reveal intimate details of an individual’s lifestyle once the subscriber information is linked to an IP address, rather than as merely “‘tombstone’ information of a general nature that does not touch on the core biographical information” (R v Spencer, 2009 SKQB 341 at para 14).
Importance to Autonomy
As a result of the significant role that privacy played in the case, Cromwell J. addressed the nature of the privacy interest potentially compromised by the state action as another factor in determining whether Mr. Spencer had a reasonable expectation of privacy.
Cromwell J. found that the police request to Shaw was a breach of Mr. Spencer’s section 8 rights as it corresponded to “specifically observed, anonymous Internet activity [that] engage[d] a high level of informational privacy” (Spencer SCC, at para 51). According to La Forest J. in R v Dyment, [1988] 2 SCR 417, information privacy is “derive[d] from the assumption that all information about a person is in a fundamental way his own, for him to communicate or retain for himself as he sees fit” (Dyment, at 429). As such, informational privacy is rooted in the ability of an individual to maintain control and anonymity while on the Internet, regardless of their Internet activities. Based on this reasoning, Cromwell J. contended that the nature of the privacy interest “does not depend on whether, in the particular case, privacy shelters legal or illegal activity” (Spencer SCC, at para 36).
To further emphasize this point, Cromwell J. paraphrased Binnie J. in R v Patrick, [2009] 1 SCR 579, stating, “the issue is not whether Mr. Spencer had a legitimate privacy interest in concealing his use of the Internet for the purpose of accessing child pornography, but whether people generally have a privacy interest in subscriber information with respect to computers which they use in their home for private purposes” (Patrick, at para 32; Spencer SCC, at para 36). Therefore, the notion of privacy that could be protected by section 8 of the Charter must include the understanding of privacy as secrecy, control, and anonymity (Spencer SCC, at paras 38 and 41).
Cromwell J.’s ruling on the privacy interest of Mr. Spencer is interesting as it reiterates the importance of the obligation of government agencies to respect the privacy interest of individuals, regardless of whether or not the individual’s Internet activities are of an illegal nature. In doing so, Cromwell J. has provided significant support for the ability of anonymity, as a privacy interest, to engage an individual’s constitutional protection under section 8 of the Charter.
Reasonable Expectation of Privacy based on Contractual and Statutory Framework
Cromwell J. also concluded that the contractual and statutory framework supported Mr. Spencer’s argument that he had a reasonable expectation of privacy. Cromwell J. reasoned that the provisions outlined in Shaw’s Joint Terms of Service, Acceptable Use Policy, and Privacy Policy narrowly restricted Shaw’s right to disclose the personal information of subscribers to the police (Spencer SCC, at para 65). As such, it was reasonable for Mr. Spencer to expect that his Internet activities would remain private.
Additionally, Cromwell J. reasoned that the court could not exercise the Personal Information Protection and Electronic Documents Act, SC 2000, c 5 (PIPEDA), as a factor to weigh against the existence of a reasonable expectation of privacy since a circular argument would be created (Spencer SCC, at para 62). The proper interpretation of the relevant provision, section 7(3)(c.1)(ii), depends on whether such a reasonable expectation of privacy exists (Spencer SCC, at para 62).
However, this holds contrary to the decision of the Court of Appeal in R v Ward, 2012 ONCA 660. In Ward, the court held that the provisions of PIPEDA could be weighed against finding a reasonable expectation of privacy in subscriber information because the ISP had a legitimate interest in assisting the police (Ward, at para 99), and the grave nature of child pornography offences (Ward, at paras 102-3).
Despite the decision in Ward, Cromwell J. defended his position by stating that “[w]hile these considerations are certainly relevant from a policy perspective, they cannot override the clear statutory language of s. 7(3)(c.1)(ii) of PIPEDA, which permits disclosure only if a request is made by a government institution with ‘lawful authority’ to request the disclosure” (Spencer SCC, at para 65). Based on the contractual framework, the police had no lawful authority to compel Shaw to comply with their request, and therefore PIPEDA could not be applied to the case at hand. As such, Cromwell J. declared that it would be reasonable for an Internet user, such as Mr. Spencer, to assume that the police would require a warrant in order for an ISP to be obligated to divulge personal information about an Internet subscriber.
This last stage of Cromwell J.’s analysis is particularly interesting as it summarizes the importance of analyzing the impact that each contract or statute when all of the documents are looked at as a whole. As noted by Cromwell J., the Joint Terms of Service contract was subject to the terms of the Acceptable Use Policy, which was subject to the terms of the Privacy Policy, which relied on PIPEDA. The trial judge, in assessing the contracts and statute independently of one another, came to a conclusion which was ultimately incorrect.
Join the conversation