This Month Reasonable Doubt is covering privacy issues. Privacy
issues are arguably one of the most important emerging concerns of
our generation. The digital age brought with it new ways to record,
track and steal each other's personal information.
Privacy issues are also a concern in the private sector. More
and more, corporations are collecting our personal information so
that they can compile data to better sell you their
products—Shoppers Optimum cards or Safeway club cards, for
In other cases, corporations actually use your private
information in advertisements, such as Facebook's "sponsored
A local law firm has filed a class-action
lawsuit against Facebook alleging that the sponsored stories
program violates British Columbia's privacy laws. The
Privacy Act allows you to sue someone who uses your personal
information or portrait in his advertising without your
A sponsored story is an advertisement typically located on the
right-hand side of your Facebook page that links your friend's
name and profile picture with a product or company; for instance,
it might say "Eric Duncan likes Jasper's Market" with
your friend Eric's profile picture and a logo for the grocery
store below it.
According to Rhone, companies pay Facebook to create and post
sponsored stories. It's a business strategy. Facebook users are
not asked permission to be used in sponsored stories either. If
you've "liked" a company on Facebook, you might have
been used in a sponsored story.
The only way to figure it out if you've been used in a
sponsored story is to ask your friends: advertisements that use
your information are only visible on your friend's Facebook
Contrary to some reports, McMullen says that Facebook users
cannot opt out of sponsored stories. The only way to prevent your
information from being linked to sponsored stories is by setting
your privacy settings to the most restrictive setting, preventing
anyone but you from seeing any of your Facebook activity
(posts, likes, pictures, etc). But then what's the point in
using Facebook at all?
In most cases, it is difficult to put a dollar value to an
invasion of privacy. How much harm does Facebook cause the average
person when they use their profile and picture in an ad? Not
Most people can't afford to sue Facebook because they might
be awarded a small amount of money. Who wants to pay a lawyer
$3,000 to receive a $20 judgment?
According to McMullen "even if there is no obvious
financial cost, someone's privacy is still invaded, which is a
harm in and of itself...privacy is an important part of
people's identity and it should be protected".
Class actions provide greater access to justice by providing
lawyers with an economic incentive to represent groups of people
with small claims: if the class wins or settles their lawsuit, then
the lawyers receive a portion of the settlement funds, which can be
large. For instance, Facebook offered
$20 million to settle a similar class action in the United
Class actions also have the benefit of altering social policy
because the threat of a class action acts as a strong deterrent. No
government or corporation wants to be the defendant in a class
action because they typically incur massive legal fees and often
pay out millions of dollars in damages.
Privacy class actions are still relatively new, especially in
British Columbia. But they have the potential to deter large-scale
privacy violations that have become more common in the digital age.
As Mr. McMullen describes it, class actions have the potential to
address the "little legal wrongs that affect
The common law related to privacy rights continues to evolve in Canada. Just a few weeks ago, the Ontario Superior Court of Justice recognized a novel common law tort applicable to violations of privacy rights.
The Payment Card Industry Data Security Standard ("PCI DSS") is a contractual standard for the protection of data regarding payment cards issued by the major card brands, including Visa, MasterCard and American Express. Organizations that accept payment card transactions or store, process or transmit payment card data are usually contractually obligated to comply with PCI DSS.