Passer au contenu directement.

Privacy class action not certified -  Setoguchi v Uber B.V., 2021 ABQB 18

In a recent data breach class action decision, the Alberta Court of Queen’s Bench (“the Court”) refused certification, thereby exercising its important gatekeeping function, on the basis that a class action was not a preferable procedure to litigate a matter in which no member of the proposed Class had suffered harm or a loss arising from the breach.

In Setoguchi v Uber B.V., the Plaintiff sought certification of a class action on behalf of users whose personal information was accessed during a third party data breach. The decision of the Court denying certification contains careful analysis of the landscape of data breach jurisprudence in Canada, and reflects on the recent emphasis, in Canadian Courts, on proportionality and practicality. 

Background

In late 2016, Uber was attacked by outside actors who accessed the names, telephone numbers and email addresses of a number of users globally (including about 800,000 customers in Canada). Uber paid the outside actors in exchange for an assurance that the data in their hands would be destroyed.

In the 4 years between the breach and the certification motion, neither the Plaintiff nor any member of the proposed Class had come forward with proof of an economic loss or psychological harm arising out of the data incident.

Key Principles

Data breaches are increasingly common in the modern world, and it is no surprise that there has been a corresponding increase in class actions concerning data breaches. The review of the accumulated certification jurisprudence by the Court was therefore timely.

In terms of class action principles generally, the Court relied on Andriuk v Merrill Lynch Canada Inc., 2013 ABQB 422[1] in considering the Court’s gate-keeping function (an approach also seen in the Supreme Court of Canada's recent holding in Atlantic Lottery Corp. Inc. v Babstock, 2020 SCC 19, though not cited by the Court).

In canvassing the jurisprudence on class actions involving data breaches, the Court cited with approval the Ontario decision in Kaplan v Casino Rama, 2019 ONSC 2025, where certification was denied in circumstances involving disclosure of non-private personal information and risk of future harm.  The Court also referred to the Quebec decision in Bourbonniere c Yahoo Inc., 2019 QCCS 264, which found that "the transient embarrassment and inconvenience [arising from a data breach]… are of the nature of ordinary annoyance and do not constitute compensable damages."[2]

Finally, the Court imported the consideration of proportionality in its preferability analysis, citing Berg v Canadian Hockey League, 2017 ONSC 2608 with references to Hryniak v Mauldin, 2014 SCC 7 [Hyrniak].

Reasoning

The Court accepted Uber’s argument that the Court should not certify a class action based on mere speculation or potential for future harm; otherwise, all organizations holding data that suffered a breach would be  “subject to a class action without any member having to prove harm and regardless of the type of information that is accessed”, even non-private personal information.[3]

The Court conducted the preferability inquiry through the Hollick[4] lens of the 3 principal advantages of class actions – judicial economy, access to justice and behaviour modification – and emphasized the importance of assessing the litigation as a whole, with a focus on the question of “what is really in issue in the case” (in this case, whether the Plaintiff could establish any compensable loss or harm).

With respect to judicial economy, the Court found that it was not clear that the Plaintiff could establish class-wide harm, and that the possibility of future harm could require all class members to resort to individual assessments, particularly in light of Uber’s defences.[5]

With respect to access to justice, the Court said that, in this case, a class action proceeding would not "serve the interests of access to justice," because the claims, at best, “appear to be nominal damages claims that are ‘so small as to be non-existent’—as I said above, de minimus, or although there is again, no evidence to support same, potentially ‘so large as to provide sufficient incentive for individual action’.”[6]

The theory of behavioural modification was central to the Plaintiff’s argument for certification.  The Court noted the regulatory punishments already meted out to Uber, and concluded that behaviour modification alone was not, in any event, a basis upon which to certify a class action, emphasizing again the Court’s gate keeping function.

Ultimately, under the ambit of section 5(1)(d) of the CPA,[7] the Court relied on the principles of proportionality from Hyrniak, its gatekeeper function, and the need to weed out unmeritorious claims to dismiss the certification motion on the basis that a class proceeding was not preferable:

[22] …In the face of no such evidence [of harm], and in the spirit of Hyrniak…, I believe that it is time for the Court to take its gate keeping function seriously, and end this litigation as a class proceeding now, leaving Setoguchi or any other member of the class to pursue a personal action if they so wish.

McCarthy Tétrault LLP acted as counsel for Uber with a team led by Kara Smyth, which included Dana Peebles and Cassidy Thomson, together with Uber in-house counsel Ryan MacIsaac. 

 

[1] Martin J. (as she then was), aff'd 2014 ABCA 177.

[2] Setoguchi v Uber B. V., para 53, citing Bourbonniere c Yahoo Inc., at para 44.

[3] Setoguchi v Uber B. V., at para 111.

[4] Hollick v Toronto (City), 2001 SCC 68.

[5] Setoguchi v Uber B. V., at para 103–104.

[6] Ibid at para 105.

[7] Class Proceedings Act, SA 2003, c C-16.5.

Auteurs

Abonnez-vous

Recevez nos derniers billets en français

Inscrivez-vous pour recevoir les analyses de ce blogue.
Pour s’abonner au contenu en français, procédez à votre inscription à partir de cette page.

Veuillez entrer une adresse valide