R v Marakah & R v Jones (privacy in data controlled by others)

The Supreme Court of Canada issued its long-awaited decisions in R v Marakah, 2017 SCC 59 and R v Jones, 2017 SCC 60 today, providing a strong statement on the protection of privacy in digital contexts. The decision held that text messages continue to enjoy constitutional protection even after they are received by their intended recipient, meaning the state cannot bypass constitutional protections simply by directing its search to the recipient's cell phone, social media account or service provider. As CIPPIC argued in its interventions [Marakah, Jones], the decisions being appealed adopted a formalistic approach to concepts such as 'control' and 'access' which apply robustly in the physical world (who controls the data at the time of access, from what location is the data accessed) but have minimal bearing on privacy expectations in digital spaces. By contrast, the majority of the Supreme Court adopted a broad analysis of the privacy interests at stake, with outgoing Chief Justice Beverley McLachlin emphasizing the choice of a private conversation medium (i.e. text messaging) as driving the privacy analysis, concluding that "... privacy in electronic conversations is worthy of constitutional protection. That protection should not be lightly denied." Indeed, as McLachlin, CJ, explains on behalf of the majority in Marakah, the choice of a private messaging medium is, in and of itself, an exercise of effective control, underpinning privacy expectations in electronic messages that extend to their recipient. The choice to engage in a private electronic conversation creates a context where the sender can reasonably expect the messages to remain secure against the eyes of the state.

Further, participation in the online world necessarily entails the creation of "a trail of digital breadcrumbs" with the various intermediaries (ISPs, social media sites, etc) that facilitate digital interactions. As a technical matter, intermediaries can access and control the 'breadcrumbs' in question. However, as held by Justice Côté for the court in Jones, individuals must be able to expect their service providers will only transmit these communications to their intended recipients, not to the state. As CIPPIC argued in its intervention, had the appeal not been successful on this point, it would have placed significant volumes of highly private data at risk on the proposition that a communication is not constitutionally protected in the absence of a confidentiality agreement with the various service providers entrusted with its transmission. The decisions left for another day the question of 'volunteered text messages', while noting that section 8 of the Charter would operate differently where a service provider was voluntarily disclosing private customer data suspected of criminality (Marakah, para 50; R v Orlandis-Habsburgo, 2017 ONCA 649, paras 114-115; Jones, para 45) and where, for example, an individual recipient of a threatening text message voluntarily discloses it to law enforcement on their own initiative (Orlandis-Habsburgo, paras 21-36). Finally, the decisions disappointingly narrow the protection offered by Part VI of the Criminal Code to historical text messages held by a service provider, despite the fact that acquiring historical text messages from an ISP is substantially similar to acquiring them prospectively, as noted by Justice Abella in her dissenting opinion in Jones.

Image Credit: Matt Karp, CC-BY-NC-ND 2.0, May 7, 2010, Flickr