Proposing a new statutory tort of misuse of private information

Authors: Bill Jamieson and Dupinderjeet Kaur.

Our Practice: Corporate Advisory and Data Protection and Security.

Read the article here instead to view the footnotes

 

Introduction

  • In December 2020, the Singapore Academy of Law’s Law Reform Committee (the “LRC”) examined whether the existing legal framework related to privacy provided effective remedies for victims against serious misuse and disclosure of their private information.[1] As society advances, and technology allows increased intrusion into our personal lives, the means by which harm may be perpetuated against an individual’s well-being continue to evolve.[2] Consequently, it is crucial that legal protection of privacy and private information stay up to date with digital advancements.
  • While there are common law actions such as the tort of breach of confidence, and legislation such as the Personal Data Protection Act 2012[3] and the Protection from Harassment Act[4] in force, cases such as ANB v ANC[5], have shown these to be inadequate in effectively protecting victims against the misuse of private information.[6] In the case of ANB v ANC,[7] the wife, while the husband was abroad, had engaged a locksmith to unlock a padlock that the husband had installed and gained access to the home. The wife then took the husband’s personal notebook computer and handed it to a private investigator who later copied files on the hard disk of the notebook computer and passed them to the wife, who subsequently used the files as evidence in the divorce proceedings. In response, the husband commenced proceedings against the wife for breach of confidence.[8] Even though parties later settled the matter amicably, the Court of Appeal noted that “The common law in Singapore may not currently provide sufficient protection for encroachments on a person’s privacy… the courts have not yet considered the development of the tort of misuse of private information”.[9]
  • The LRC identified that there is a regulatory lacuna in the law for which the implementation of a new statutory tort of misuse of private information is essential. This article seeks to first discuss the existing legal protection for privacy before discussing the introduction of a new statutory tort of misuse of private information.

 

Existing legal protection for privacy

  • The state of Singapore’s current laws does not leave one’s right to privacy unprotected as there are common law and statutory torts that collectively offer a significant degree of protection of one’s privacy. One example is the Protection from Harassment Act (the “PHA”).[10] This Act deals largely with provisions on personal freedom from intrusion against bodily and physical privacy.[11] In addition, it gives legal protection to a person against the publication of false statement of fact. The protection offered by this statutory tort also extends to online activities where the communication content amounts to harassment or stalking. In Benber Dayao Yu v Jacter Singh (“Benber”),[12] it was held that “harassing conduct on the internet would be covered by section 3 and 4 of PHA”.[13] However, the PHA is limited in its scope as it will not provide for a remedy in cases where a person accesses private information belonging to a victim and copies the information but does not publish it.[14]
  • Another example is the Personal Data Protection Act (the “PDPA”)[15], which governs the collection, use, disclosure and care of personal data. In accordance with section 3 of the PDPA, “it recognises both the rights of individuals to protect their personal data and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes”.[16] This data protection regime was enforced in response to the vast amounts of personal data that are collected, used and even transferred to third party organisations. The PDPA aims to regulate the flow of personal data and maintain an individual’s right to privacy. However, the PDPA is limited in its scope as, in accordance with section 4 of the PDPA, it “imposes no obligations on any individual acting in a personal or domestic capacity or on any employee acting in the course of his employment with an organisation”.[17] Therefore, some incidents of misuse of private information by some persons may fall outside the ambit of the Act.
  • Common law torts such as the tort of trespass, nuisance and breach of confidence all conceivably relate to some version of privacy. For example, the tort of breach of confidence protects private information that is conveyed in confidence.[18] There is also the common law action in nuisance which focuses on protecting a person’s private enjoyment of land from unreasonable interference.[19] The tort of defamation is aimed at the protection of one’s reputation, but it may indirectly protect the defamed person in circumstances whether the defamatory statements also disclose private information concerning them.[20]
  • As a result, the existing legal framework does not leave one’s right to privacy unprotected. However, the application of such common law and statutory torts is limited as it fails to cover scenarios of misuse of private information. The existing legal framework fails to adequately provide civil liability for misuse of private information.

 

Statutory tort of misuse of private information 

  • With the limitations of the existing privacy laws, the LRC recommends the creation of a new statutory tort of misuse of private information which offers a remedy to victims of such misuse of private information.[21] Under the new statutory tort, victims will be able to bring about a civil action against the perpetrator who intentionally misused the victim’s private information without their consent.[22]
  • In his book, “The Law of Torts”, Professor Gary Chan stated five elements that will need to be examined when developing a new tort related to privacy.[23] The first element will be to ascertain the meaning of private information.[24] According to Professor Gary Chan, the meaning of private information seems broader than information having the “quality of confidence” and also includes the nature and type of the information disclosed.[25] He further states that the reasonableness of the expectation of privacy is also relevant, which is to be assessed from the viewpoint of a reasonable person in the position of the plaintiff.[26] The second element to ascertain will be when are privacy rights infringed.[27] It was argued in his book that “mere intrusion by the defendant of the plaintiff’s privacy may, in certain circumstances, be sufficient”.[28] This means that it is not necessary for the defendant to have published the private information of the plaintiff or used or taken advantage of the information for commercial profit or gain. The third element is to ascertain if such a proposed tort relating to protection of privacy will extend to corporations.[29] The fourth element is that there should be a defence of public interest.[30] The proposed tort should be able to balance confidentiality and the public interest. Lastly, the proposed tort will need to consider the availability of remedies for an infringement of privacy.[31]
  • Even though the proposed tort is more narrowly defined to be solely in relation to misuse of private information, the elements identified by Professor Gary Chan in his book provide a guideline as to how the proposed tort could be structured.
  • The LRC therefore recommends certain features that will be adopted by the proposed statutory tort of misuse of private information:[32]
    • Whether the plaintiff has a reasonable expectation of privacy in all the circumstances.
    • Liability will only arise in circumstances of serious misuse of private information, which will be judged from a reasonable person’s point of view in the plaintiff’s position.
    • Proof of damage need not be proven and the tort will cover physical and psychiatric harm, economic loss, and emotional distress.
    • For an actionable tort, the court must strike a balance between the public interest in protecting privacy and the public interest in not protecting privacy.
    • Intention will need to be proven such that the defendant intended to cause the disclosure or serious misuse of private information related to the plaintiff.
    • The remedies available under this tort include damages, an account of profits, an injunction or order of specific performance, a delivery up or destruction of offending material, publication of a correction, and/or the tendering of an apology.
    • This statutory tort will also bind the government.
  • These features ensure that a blockbuster tort is not created as liability only arises in circumstances of “serious misuse of private information”. These features have also been inspired by law reform agencies in various jurisdictions, including the Australian Law Reform Commission, the Law Reform Commission of Hong Kong, and the Law Reform Commission of Ireland.[33] All these jurisdictions similarly adopted a statutory tort to deal with misuse of private information.[34]

  

Conclusion

  • In conclusion, there is an increasing need for legal protection from the disclosure or serious misuse of private information, in particular because of the advancements in the digital and technological arena that provide easy access to one’s private information.
  • Even though a plaintiff may seek a remedy for misuse of private information in a few ways, including breach of confidence or bringing a claim under PDPA or PHA, these options have proven to be of limited scope in instances where private information belonging to a victim is accessed but is not published.
  • Therefore the proposition of a new statutory tort of misuse of private information will help fill the current lacuna in law.

 

Disclaimer: This update is provided to you for general information and should not be relied upon as legal advice. 

Corporate Law in Singapore

Lisa Theng

Managing Partner
CNPLaw LLP