![Drug manufacturing laboratory equipment](https://www.nortonrosefulbright.com/-/media/images/nrf/thought-leadership/canada/publications/life-sciences-healthcare-lab-equipment.jpg?w=265&revision=355955d3-b814-40be-80c7-63b3ad62cb43&revision=5248910870347387904&hash=1F3BEDB56F2489EB29C4E2FCBDED3656)
Publication
Health Canada identifies lithium-ion batteries, infant bath seats, and water beads as hazards of concern
Health Canada has recently identified three new classes of products that pose a hazard of concern.
Author:
Canada | Publication | February 9, 2022
The Supreme Court of British Columbia recently dismissed an attempt to certify a class action lawsuit against Facebook after the court found the plaintiffs failed to provide some “basis in fact” for their central allegation – that Facebook engaged in unauthorized data scraping.1 Highlighting the need for evidence to support central allegations during a certification application, the court found the evidence supporting the plaintiffs’ allegations was overly generalized and it should exercise its gatekeeping function and not allow the action to proceed to the merits.
The case concerned allegations Facebook engaged in unauthorized data “scraping” – which refers to extracting call and text data from users of its applications for its own purposes and without the users’ knowledge or consent. The plaintiffs alleged Facebook had collected call and text message data from users of the Facebook Messenger app on Android smartphones in Canada without consent and then provided that information to unknown third parties. Facebook was alleged to have done so “under the guise of accessing their contacts to supply its friend recommendation algorithm.”
The court described two theories of liability emerging from the allegations: a “front end” claim that Facebook used the proposed class members' allegedly inadequate and uninformed consent to access their “contact list” information to collect and use their call and text data, and a “back end” claim that class members had their call and text data scraped by Facebook’s manipulation of the interactions between the Android OS and the Messenger app.
As supporting evidence for their certification motion, the plaintiffs provided various Facebook press releases, excerpts from a disclosure package that included internal Facebook emails and two expert reports. Both expert reports consisted of answers to questions posed by the plaintiffs that the court found were general with little direct relevance to the matters at issue on the certification application. Facebook provided two affidavits from a software engineering manager it had employed. Part of its evidence was that Facebook had no record of either named plaintiff’s call or text logs uploaded to Facebook servers.
In dismissing the certification application, the court noted the fundamental flaw in the plaintiffs’ claim was “[an] absence of any evidence to indicate that Facebook used, or misused, the plaintiffs' information for its own benefit.”
One plaintiff was found to not have even disclosed whether she had the Messenger app on her phone, or had used it in the past. The court found the expert evidence fell short of establishing the central allegations, that various documents appended to a clerk’s affidavit were not appropriately tendered, nor could they be objectively tested and that “the documents relied upon by the plaintiffs on this certification application lend weight to the defendants’ submission that the claim was largely ‘downloaded from the internet,’ rather than being a genuine expression of grievance or loss that warrants invoking the complex, time consuming and expensive mechanisms of a class proceeding.”
The court found the plaintiffs failed to establish a basis in fact to conclude that the proposed common issues were capable of determination on a class-wide basis or that a class proceeding was the preferable procedure. The court noted a claim for breach of privacy under the Privacy Act requires the court to consider the specific context in which an act or conduct occurs and the individual circumstances of the person claiming a breach, both factors that make it difficult to proceed on a class-wide basis.
Agreeing with other recent decisions, the court held that the plaintiffs had failed to establish any basis in fact to conclude that reasonableness and context could be proved on a class-wide basis. The question of whether Facebook breached the Privacy Act was not determinable on a class-wide basis and not an appropriate or suitable common issue.
This is yet another case in which plaintiffs alleging the improper use of data have been unsuccessful at the certification stage.
In Simpson v. Facebook, Inc., the certification application failed because there was no evidence any Canadian user’s data was shared as alleged and therefore no justification for a class proceeding. In Setoguchi v. Uber certification was denied on the basis there was no evidence that personal data allegedly obtained due to a breach was used to anyone’s detriment, no evidence of any real (not de minimis) harm and that speculation about a future possibility of loss or harm was insufficient.
The cases are a welcome trend in the privacy area. They confirm the significance of certification applications as an “important gatekeeping function” particularly where there is no evidence to support the core allegation of alleged harm to the proposed class. While certification remains a low hurdle it is nonetheless a hurdle. Claims that are hypothetical, speculative or over generalized will face scrutiny and may not pass the certification stage.
The author wishes to thank Harris Khan, articling student, for his help in preparing this legal update.
Publication
Health Canada has recently identified three new classes of products that pose a hazard of concern.
Publication
An employer’s ability to ask for a sick note when an employee is absent from work due to illness is becoming increasingly curtailed across Canada.
Publication
Over the past two years, Spain has significantly strengthened its foreign investment screening mechanism, and all acquisitions by foreign investors (as defined below) of a Spanish entity active in a strategic sector are subject to prior authorisation by the Ministry of Industry, Commerce and Tourism (“MoICT”).
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023