The British Columbia Superior Court (“BCSC”) recently denied certification of a proposed class action alleging user privacy violations in Chow v Facebook, 2022 BCSC 137 (“Chow”). This denial demonstrates that successfully certifying a privacy class action without sufficient evidence of loss and harm continues to be very difficult.
The proposed plaintiffs asserted Facebook extracted call and text data for its own purposes without the consent of users, particularly for users operating on Android devices and using the Facebook Messenger application. The plaintiffs believed that Facebook intentionally “employed secret workarounds” to collect the information and profited from its collection, contrary to The Privacy Act (British Columbia). The certification application advanced claims in breach of privacy, unlawful means, and unjust enrichment.
The Test for Certification
For a class action to be certified, the plaintiffs must present “some evidence” of a number of certification criteria, including the presence of an identifiable class of two or more persons, the existence of common issues between the class members and that a class action is the preferable procedure. The merits of the causes of action are not determined, but as Chow demonstrates, at least some persuasive evidence must exist before certification will be granted.
Ultimately, the British Columbia Superior Court found that:
- the proposed plaintiffs had not provided evidence that Facebook misused their call and text data, or that Facebook was enriched at the expense of the plaintiffs;
- the proposed plaintiffs were unable to establish that the issues could be determined on a collective basis; and
- a class proceeding was not the appropriate procedure.
No Evidence of Misuse – The “Fatal Flaw”
The BCSC was very critical of the ability of the evidence – or lack thereof – before the court to make out a claim. The proposed plaintiffs’ evidence, including expert evidence, did not sufficiently demonstrate inappropriate collection, misuse or unlawful profiting. While the plaintiff attempted to highlight the importance of privacy, the evidence lacked clarity and consisted of indirect and low-quality internet sources.
Collective Resolution of Issues
Although the lack of evidence of misuse was considered the fatal flaw, the BCSC also found the application had no basis for the court to conclude that a class proceeding would allow for the collective resolution of the proposed issues. In particular, there was no basis for the court to conclude that reasonableness or context could be shown on a class-wide basis.
Predominantly, the BCSC found that a class action was not a preferable proceeding because there was no evidence to indicate the proposed plaintiffs experienced actual loss or harm. As a result, the complexity and expense of a proceeding was disproportionate and would not provide meaningful access to justice. Other decisions that also refused certification due to insufficient evidence of actual loss include Simpson v Facebook, 2021 ONSC 968, Setoguchi v Uber BV, 2021 ABQB 18 and Kish v Facebook, 2021 SKQB 198.
Takeaways and Lessons for Organizations
Chow highlights the continued reluctance of courts to certify class proceedings for privacy matters without sufficient evidence.
Further, Chow cautions those considering bringing a class action to gather sufficient evidence and ensure they have clear, specific and persuasive evidence supporting the claims. General information that is widely available on the internet is unlikely to suffice. At the certification stage, the onus lies with the proposed plaintiffs to support their core allegation. If the claim lacks this evidence, the claim is unlikely to succeed.
Likewise, before undertaking the expense of initiating a class proceeding, it is important to be mindful of the need to demonstrate actual loss or harm. If no such evidence is available, it is unlikely that this hurdle will be passed.
MLT Aikins has the combination of legal and industry experience to help you navigate the information and privacy landscape, including in the context of privacy breaches and associated class actions. Our legal team has specific experience in the areas of information technology, privacy and cybersecurity, and class actions. We can help your organization prepare for and respond appropriately to privacy breaches, reducing the risk of a potential class action against your organization following a breach, or in defending against such class actions. Contact a member of our privacy or class action teams for assistance.
Note: This article is of a general nature only and is not exhaustive of all possible legal rights or remedies. In addition, laws may change over time and should be interpreted only in the context of particular circumstances such that these materials are not intended to be relied upon or taken as legal advice or opinion. Readers should consult a legal professional for specific advice in any particular situation.