Proposing a brand new statutory tort of misuse of personal info

Ontario Superior Court recognizes new “false light” privacy tort


  1. In December 2020, the Singapore Academy of Law’s Legal Reform Committee (“LRC”) examined whether the existing legal framework regarding data protection provides victims with effective remedies against serious abuse and disclosure of their private information.[1] As society advances and technology enables increased intrusion into our personal lives, the means by which harm for the good of individuals can be sustained continue to evolve.[2] As a result, it is critical that legal protection of privacy and private information stay up to date with digital advances.
  1. There are customary measures such as the unauthorized act of breach of trust and laws such as the Law on the Protection of Personal Data 2012[3] and the Harassment Protection Act[4] in force, cases like ANB versus ANC[5]have shown that these are insufficient to effectively protect victims from misuse of private information.[6] In the case of ANB versus ANC[7] While the husband was overseas, the wife had hired a locksmith to unlock a padlock that the husband had installed and gain access to the house. The woman then took the man’s personal notebook computer and gave it to a private investigator, who later copied files to the notebook’s hard drive and passed them on to the woman, who subsequently used the files as evidence in the divorce proceedings. In response, the husband initiated proceedings against the wife for breach of trust.[8] Although the parties later settled the matter amicably, the appeals court found: “Singapore common law may not currently provide adequate protection for invasion of an individual’s privacy. The courts have not yet considered the development of the illicit abuse of private information ”.[9]
  1. The LRC noted that there is a loophole in the law for which the implementation of a new legal tort of misuse of private information is essential. The aim of this article is to first discuss existing legal protections for privacy before considering the introduction of a new tort of misuse of private information.

Existing legal protection for privacy

  1. Current Singapore State laws do not leave the right to privacy unprotected as there are general laws and statutes that together provide a significant level of privacy protection. One example is the Harassment Protection Act (the “PHA”).[10] This law is primarily concerned with provisions on personal freedom from encroachment on physical and physical privacy.[11] In addition, it provides a person with legal protection against the publication of false information. The protection afforded by this illegal act also extends to online activities in which the communication content amounts to harassment or stalking. In Benber Dayao Yu against Jacter Singh (“Benber”),[12] It was stated that “Internet harassment behavior would fall under Sections 3 and 4 of the PHA”.[13] However, the PHA is limited in scope as it does not provide a remedy in cases where a person accesses a victim’s private information and copies the information but does not publish it.[14]
  1. Another example is the Personal Data Protection Act (“PDPA”).[15]which regulates the collection, use, disclosure and maintenance of personal data. In accordance with Section 3 of the PDPA, it recognizes both the right of individuals to protect their personal information and the needs of organizations to collect, use, or disclose personal information for legitimate and reasonable purposes.[16] This data protection regime was enforced in response to the enormous amounts of personal data that is collected, used, and even transferred to third party organizations. The PDPA aims to regulate the flow of personal data and uphold an individual’s right to privacy. However, the scope of the PDPA is limited as, according to Section 4 of the PDPA, it “does not impose obligations on any person acting in a personal or domestic capacity or on any employee acting in the context of his employment with an organization”. .[17] Therefore, some cases of misuse of private information by some individuals may not fall within the scope of the law.
  1. Common law acts such as tort, harassment, and breach of trust may relate to a specific version of privacy. For example, the unauthorized act of breach of trust protects private information that is conveyed confidentially.[18] There is also the annoying common law action which focuses on protecting an individual’s private land enjoyment from improper interference.[19] The unlawful act of defamation aims to protect one’s own reputation, but it can indirectly protect the person being defamed if the defamatory statements also reveal private information about them.[20]
  1. As a result, the existing legal framework does not leave the right to privacy unprotected. However, the application of such customary laws and regulations is limited as scenarios of misuse of private information are not covered. The existing legal framework does not provide for adequate civil liability for misuse of private information.

Unlawful act of misuse of private information

  1. Given the limitations of existing data protection laws, the LRC recommends the creation of a new illegal act of misuse of private information to remedy victims of such misuse of private information.[21] Under the new tort law, victims can file a civil lawsuit against the perpetrator who intentionally misused the victim’s private data without their consent.[22]
  1. In his book, The Law of Torts, Professor Gary Chan identified five elements that need to be investigated when a new privacy violation is developed.[23] The first element will be to determine the importance of private information.[24] According to Professor Gary Chan, the meaning of private information appears to be broader than information with the “quality of trust” and includes the type and nature of the information disclosed.[25] He further explains that the appropriateness of the expectation of privacy is also relevant, which is to be assessed from the point of view of a reasonable person in the position of the plaintiff.[26] The second element to determine is when data protection rights are violated.[27] His book argued that “a mere intrusion by the accused into the plaintiff’s privacy may be sufficient in certain circumstances”.[28] This means that it is not necessary that the defendant published the plaintiff’s private information or used or used the information for commercial purposes. The third element is to determine whether such a proposed privacy tort extends to businesses.[29] The fourth element is that the public interest should be defended.[30] The proposed tort should be able to reconcile confidentiality and the public interest. Finally, the proposed tort must take into account the availability of remedies for an invasion of privacy.[31]
  1. Although the tort proposed is more narrowly defined and relates solely to the misuse of private information, the elements identified by Professor Gary Chan in his book provide a guideline on how the tort proposed might be structured.
  1. The LRC therefore recommends certain characteristics that will be inherited by the proposed tort of misuse of private information:[32]
    • Whether the plaintiff has a reasonable expectation of privacy in all circumstances.
    • Liability only arises in circumstances of serious misuse of private information that is judged from the point of view of a reasonable person in the position of the plaintiff.
    • There is no need to provide evidence of harm and the tort covers physical and psychological harm, economic loss, and emotional stress.
    • For a criminal offense, the court must strike a balance between the public interest in protecting privacy and the public interest in protecting privacy.
    • The intent must be demonstrated in such a way that the defendant intended to cause the disclosure or serious misuse of private information relating to the claimant.
    • The remedies available under this tort include damages, a profit statement, an injunction or order for a particular service, the delivery or destruction of offensive material, the posting of a correction, and / or the making of an apology.
    • This legal tort will also bind the government.
  1. These functions ensure that no unauthorized blockbuster action occurs, as liability only arises in the event of “serious misuse of private information”. These traits were also inspired by legal reform agencies in various jurisdictions including the Australian Legal Reform Commission, the Hong Kong Legal Reform Commission, and the Irish Legal Reform Commission.[33] All of these jurisdictions have similarly instituted a tort to deal with the misuse of private information.[34]


  1. To sum up, there is increasing legal protection against disclosure or serious misuse of private information, particularly due to advances in digital and technological areas that allow easy access to private information.
  1. Although a plaintiff may seek remedies for misuse of private information in a number of ways, including breach of trust or making a claim under PDPA or PHA, in cases where private information belongs to a victim, these options have proven to be limited, but not accessed released.
  2. Therefore, the proposal for a new legal tort of misuse of private information will help fill the current legal loophole.