- Proposals to update the Workers Act offer minor victories - December 6, 2023
- No right to lay off employees without compensation, court affirms - July 19, 2023
- Another judicial reminder to draft proper termination clauses - June 21, 2023
A newly enacted law that compels Ontario firms to disclose if and how they are monitoring the activities of employees was announced with much fanfare by Ontario’s government in late February, but on closer examination, the legislation falls well short in many areas.
The first thing to be said is that this type of law isn’t innovative. In fact, it is well behind other privacy legislation such as the Personal Information Protection and Electronic Documents Act, which has mandated similar provisions for two decades for private sector employees in the course of commercial activity. Public sector organizations are governed by privacy laws at the federal level (i.e. the Privacy Act). Some provinces, including Ontario, have introduced privacy legislation that protects employees’ privacy rights against the unauthorized or improper collection and disclosure of personal information.
As Ontario law now stands, employers generally have a right to monitor employees’ workplace electronic devices (computers, phones, emails, etc.). They must be collecting the information for a proper purpose and the employee must be aware that is happening and given their consent.
Numerous variables are at play
This right is not black and white. There are many variables at play when it comes to determining what constitutes an employer’s reasonable right to monitor employees’ online activity. They include:
- The surveillance or monitoring must be demonstrated to be necessary and proportionate to that necessity.
- There must be a rational connection between the surveillance and a necessary workplace objective, demonstrating that the means is an effective way of achieving the objective.
- The monitoring should only be used as an avenue of last resort after less-intrusive alternatives have been attempted.
- Employees must be informed of the existence of such monitoring and all the potential uses for the personal information collected via surveillance.
- Various statutes prohibit the use and disclosure of a worker’s medical information without consent.
Under the legislation, known as Bill 88 or the Working for Workers Act, 2022, firms with more than 25 employees – including those working in the office or remotely – will have to disclose if they are engaging in electronic monitoring and the method used. That would include tracking use of computers and cellphones as well as GPS systems on vehicles. Those firms must have a written policy in place that states why information is being obtained and how it is being used.
- Many workers will emerge from the lockdown in a better position
- Workers still have rights when facing layoffs or pay cuts due to COVID-19
- $2.5M class-action settlement gives private school teachers their due
Oddly enough, the policy doesn’t specify what constitutes electronic monitoring, but we can assume it covers any form of technology used at work. The bill also does not state how specific the written policy must be.
Many shortcomings in proposed bill
While those measures sound commendable, this legislation falls short in other areas.
For example, it does not limit the employer’s ability to continue electronic monitoring in any way. It just requires them to disclose if they are. It also does not provide any recourse for employees to opt-out of the policy. Employees can only file a complaint if the employer fails in its obligation to have the written policy distributed.
In other words, the legislation does not create a new or heightened legal obligation in addition to what is already covered in common law privacy rights when it comes to a reasonable expectation of privacy in the workplace.
There exists a common law tort of “intrusion upon seclusion” that can provide plaintiffs with some remedies for privacy breaches but in limited circumstances. This tort requires the plaintiff to demonstrate that the defendant intentionally accessed information about the private affairs or concerns of the plaintiff in a way that would be highly offensive to a reasonable person, causing distress, humiliation or anguish. Such intrusions might include accessing information about health, finances, sexual practices and orientation and private correspondence.
Factors in a breach of privacy
Courts will consider the following factors when determining whether a breach of privacy rights has occurred:
- Did the employer willfully access the information in question?
- Did the employer have a lawful reason for accessing the information?
- Did the employee have a reasonable expectation of privacy?
Privacy commissioners and arbitrators have already outlined tests for what constitutes a workplace privacy right violation. The proposed legislation does not go as far as affirming these privacy rights principles in case law.
At the very best, the new law provides for the right of an employee to know that they are monitored, how and why and to what purpose they are monitored. However, it does not expand the right of employees to hold employers accountable for privacy rights violations.
There is already monitoring taking place at larger firms. That is not to say that someone in a back office is reading every email employees write, but workers should realize that their firm already has a right of access to what are essentially their tools, which are the cellphones and computers given to staff members.
In summary, this legislation is hardly brave or innovative, and does little to enhance a worker’s right to privacy. Considering that 32 per cent of Canadians aged 15 to 69 were working from home in January 2021, compared to just four per cent in 2016, more needs to be done to protect their privacy.
More from Cavalluzzo LLP:
Unions careful when it comes to duty of fair representation
