skip to main content
Back to all blog posts

Posted in: Data Protection | Privacy | Data Security/Privacy

Aug 21, 2017

Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops

By Paige Backman

If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguishing itself from existing Supreme Court of Canada decisions, held in R. v. Orlandis-Habsburgo, 2017 ONCA that “information, like the energy consumption data, that is capable of supporting inferences that certain activities are going on inside a home can fall under the umbrella of a reasonable expectation of privacy, depending on a consideration of the totality of the circumstances.” In so holding, Justice Doherty, J. A. for the majority found that the seizure (use and collection) of energy consumption data, which had been provided to the police by the utility and that lead to the arrest in a commercial grow-op, contravened section 8 of the Charter of Rights and Freedoms.

The decision goes to great pains to distinguish the facts at issue from those on which the Supreme Court of Canada had previously opined and to further develop the privacy laws of individuals. The Ontario Court of Appeal held that “…the energy consumption data supplied by Horizon permitted a strong inference as to a certain ongoing activity within the residence. Activities conducted within one’s home, a bastion of personal privacy throughout the history of the common law, fall at the center of the zone of personal privacy” and therefore favours the existence of the reasonable expectation of privacy, a precondition to establishing an unreasonable search and seizure by the police.

The facts of the case, as set out by the Ontario Court of Appeal, are as follows:

Individuals rented a home in a residential area in Hamilton, Ontario. They operated a commercial-sized marijuana grow-op in the basement. Horizon Utilities Corp. (“Horizon”), their energy provider, noted a pattern of electricity use in the residence that was consistent with the operation of a marijuana grow-op. Horizon forwarded information pertaining to the electricity use in the residence to the police. The police commenced an investigation that included observations of the residence. The police requested and obtained additional information from Horizon about the ongoing electricity use at the residence and electricity use by comparable customers. Ultimately, the police applied for a search warrant for the residence, relying on, in part, the energy consumption information provided to them by Horizon. A search warrant was issued. The police executed the warrant and found many marijuana plants and packaged marijuana in the basement. The appellants were charged with production of, and possession for the purposes of trafficking in, marijuana and possession of the proceeds of crime.

In rendering its decision, Doherty, J.A for the majority examined the regulatory environment in which the utility operates, the contractual terms between the utility and the consumer, as well as the terms of the utility’s privacy policy. It appears that the desire to establish (or entrench, depending on your view) the privacy interests in the utility data in one’s home resulted in great efforts by the Ontario Court of Appeal to distinguish the case at hand from existing precedent. Whether you feel the analysis or the distinguishing factors are correct will depend on what side of this issue you sit. Regardless, unless this decision is further distinguished, utilities should quickly change their practices of providing consumer data to the police. In addition, utilities should revisit the terms of their privacy policies. The Court of Appeal found that the terms of Horizon’s privacy policy were not clear enough in allowing the utility to share consumer data with the police.

Doherty, J. A. stated that “it may be that Horizon could develop a policy consistent with s. 7(3)(d) [of PIPEDA] that would permit Horizon to disclose, on its own initiative, energy consumption data in circumstances in which Horizon was able to make the determination that the data provided “reasonable grounds to believethat the customer was using the residence as a marijuana grow-op.” Horizon’s privacy policy provides that Horizon may disclose a customer’s personal information: “(e) to persons as permitted or required by Applicable Laws,” but the court held that it was not sufficiently clear for Horizon to act on its own initiative to disclose information to the police.

In the end, the Court of Appeal would not criticize the actions of the police given the state of the law existing at the time of the search. It found that “under the existing case law (Gomboc and Plant), the police understanding that they were entitled to use the data was reasonable.” The Court of Appeal also would not exclude the evidence obtained as a result of the search because, given the facts at issue and the case law in existence at the time, the examination and use of the data by the police would not significantly undermine the values protected by s. 8 of the Charter.

Areas of Expertise

Related Industries

Related Blogs

Posted in: Data Security/Privacy | CASL | GDPR | Data Protection

Insights TheSpotlight
With All Eyes Turned to CASL, is Anyone Paying Attention to GDPR? With Less Than 1 Year Before GDPR Takes Effect, Make Sure Your Organization is Ready By Paige Backman and Aaron Baer Jul 21, 2017 In early June, the Government of Canada came to its senses by suspending the provision of Canada’s Anti-Spam Legislation (“CASL”) that would have enabled a private right of action to be brought as of July 1, 2017. While this decision provided temporary relief to businesses who f...

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
Cyber Security, Risk, Response and Cyber Insurance By Paige Backman, Aaron Baer and Monica Carinci Jul 10, 2017 Relying on cyber infrastructure to operate has become fundamental to most businesses. Critical infrastructure, such as the power grid, hospitals, emergency response, water and transportation (land, water and air) rely heavily on cyber infrastructure that is often networked with many other systems...

Posted in: Data Security/Privacy | Data Protection

Insights TheSpotlight
OEB Provides First Look at Proposed New Cyber Security Framework By Gaurav Gopinath and David Stevens Jun 16, 2017 In December 2015, the lights blinked out across multiple provinces in the Ivano-Frankivsk region of Ukraine. Nearly a quarter of a million people lost power. Shortly after power was restored, Ukraine’s Computer Emergency Response Team announced they had identified the root cause: a cyb...