Using ‘Intrusion Upon Seclusion’ to bring privacy cases against phone apps & other channels of the digital realm. 

Guest post by Marc-Roger Gagné MAPP Senior Privacy and Data Advocate, Cyber Intelligence and Director at Gagne Legal Services. Read more great posts by him here.

When you play angry birds on your phone, is it possible the app is accessing highly sensitive personal information about you? Or how about any of your other apps: are they also accessing information about you, and then selling it to third-party advertising companies?

You betcha*.

But you signed up for that, knowing that free apps actually do come with a price: privacy. However, your kids didn’t sign up to have their personal information broadcast all over the internet and sold to hungry advertisers.

So far, the intrusive aspect of digital technologies hasn’t much been addressed by privacy tort law. However, that’s all changing, thanks in part to a concerned mother in the United States.

Mom v. Disney

A California mom has brought a lawsuit against Disney for it gaming apps. The suit claims Disney tracks app users—her kids—outside the app itself. Why would Disney do that? So they can serve up targeted ads based on personal information gathered from general phone usage.

In case you’re wondering how this is possible, you should know that certain events take place during the download and installation process of any app. App software is capable of placing unique identifiers on each phone where it’s installed. When data is gathered from that phone, the distributor of the app (in this case, Disney) has a digital profile of that phone’s owner. That data can then be used to serve targeted ads or sold to marketers.

App developers and the companies who offer apps claim there’s no invasion of privacy because the data they gather is ‘anonymized’. That is, they gather certain demographic and/or usage data without collecting the necessary personal information for identifying exactly whose data it is.

It’s Different With Kids

Of course, invasion of privacy via phone apps is nothing new. It’s been an issue practically since Apple’s App Store launched in 2008. With their global campaign to inform everyone that ‘there’s an app for that’, the company soon had everyone downloading apps with wild abandon.

Behind the scenes, however, privacy hawks were watching and waiting, knowing there would soon be a tsunami of controversy over the collection of personal data. Now, almost a decade later, that controversy is centred around some of our most vulnerable of the population: kids.

There are already special protections put into place for kids who surf the web and use phone apps. In the U.S., there’s the Child Online Privacy Protection Act (COPPA), which shields kids from having their personal data collected on the internet unless their parents say it’s OK.

COPPA serves as the foundation for the Disney mom’s case. The problem for that mom, however, is that COPPA is rather toothless. All she can hope for is that the Federal Trade Commission (FTC) will fine Disney and/or the app developer.

That’s where ‘intrusion upon seclusion’ comes in.

‘Intrusion Upon Seclusion’, Revamped for the 21st Century

There’s a tort called ‘intrusion upon seclusion’ that may provide satisfaction for plaintiffs in digital privacy cases. It’s not new legislation in most countries, but it’s always been applied when the offending party has intruded upon someone’s physical seclusion—a home or a hotel room, for example. The physical intrusion can take place in several forms, such as spying with binoculars, tapping a phone, or reading someone’s mail.

In the U.S., there are four criteria that must be met in order for success to be possible in an intrusion upon seclusion case:

  1. The defendant invaded privacy with intent to do so
  2. Any reasonable person finds the invasion offensive
  3. The invasion involves a private matter
  4. The intrusion caused mental anguish and/or suffering

Now, this tort is being used in digital privacy cases as well. In the U.S., invasion of privacy cases against smart TV maker Vizio and video distributor Nickelodeon have already made use of the tort. The Disney mom is the first to employ the tort against the maker of an app, however, and on behalf of a child.

In her lawsuit, COPPA was used to establish the offensiveness of the data collection (criteria #2). However, it’s with criteria #4 where the case may run up against obstacles. In Ontario, Canada, that’s less of an issue.

Privacy Torts in Ontario: a Bit Easier to Bring

It’s that last provision—proving injury—that’s usually the stickler for U.S. plaintiffs like the Disney mom.

In Canada, there’s only a three-part test for qualifying for a privacy tort, none of which involve proving pecuniary loss or damage to an economic interest. In 2012, the Ontario Court of Appeal made it clear that proof of loss was not a factor in the case of Jones v. Tsige. This was a landmark case, in that it first established the use of ‘intrusion upon seclusion’ in privacy cases involving the collection of (and unauthorized use of) information about a person.

As a result, in Ontario courts, Invasion of Privacy claims may be made in small claims court, with sometimes surprisingly large awards for damage.

Jones v. Tsige has been used as a reference in courts around the world. One example is in New Zealand, where a court recognized the privacy tort in a case of a man who filmed a flatmate showering. It was deemed an actionable tort even though it did not involve any publicity of the offending video.

Global Issue: It’s Not Just Disney

Back to Mom v. Disney, which may represent the start of a global revolution in the way children’s apps are developed with regard to privacy.

And yes, it’s definitely a world-wide problem. A global study released in 2015 reported that almost half the children’s websites and apps they studied raised privacy concerns. 67% of the 1500 sites and apps they looked at collected children’s personal information. Almost three-quarters offered no way to delete account information.

France, in particular, found a high percentage of sites they examined for the joint study to be questionable. That is, those sites and apps collected name, IP address, email, and location… enough to personally identify every app user or website visitor.

Moving Forward

All this, combined with COPPA-like legislation around the globe, paves the way for more cases like the one brought by the Disney mom. With precedents like the one set by the courts in Ontario, plaintiffs (and courts) may not have to ask ‘what’s the damage?’ before they bring a digital privacy tort. Instead, they can simply bring the case and see what unfolds.


If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking

Pin It on Pinterest

Share This

Share this post with your friends!