Proposing a new statutory tort of misuse of private information

CNPupdate

 

Proposing a new statutory tort of misuse of private information


A photo of the Parliament building of Singapore



Date Published: 18 January 2021 


Authors: Bill Jamieson and Dupinderjeet Kaur




 

Introduction

  1. In December 2020, the Singapore Academy of Law’s Law Reform Committee (the “LRC”) examined whether the existing legal framework related to privacy provided effective remedies for victims against serious misuse and disclosure of their private information.[1] As society advances, and technology allows increased intrusion into our personal lives, the means by which harm may be perpetuated against an individual’s well-being continue to evolve.[2] Consequently, it is crucial that legal protection of privacy and private information stay up to date with digital advancements.
  1. While there are common law actions such as the tort of breach of confidence, and legislation such as the Personal Data Protection Act 2012[3] and the Protection from Harassment Act[4] in force, cases such as ANB v ANC[5], have shown these to be inadequate in effectively protecting victims against the misuse of private information.[6] In the case of ANB v ANC,[7] the wife, while the husband was abroad, had engaged a locksmith to unlock a padlock that the husband had installed and gained access to the home. The wife then took the husband’s personal notebook computer and handed it to a private investigator who later copied files on the hard disk of the notebook computer and passed them to the wife, who subsequently used the files as evidence in the divorce proceedings. In response, the husband commenced proceedings against the wife for breach of confidence.[8] Even though parties later settled the matter amicably, the Court of Appeal noted that “The common law in Singapore may not currently provide sufficient protection for encroachments on a person’s privacy… the courts have not yet considered the development of the tort of misuse of private information”.[9]
  1. The LRC identified that there is a regulatory lacuna in the law for which the implementation of a new statutory tort of misuse of private information is essential. This article seeks to first discuss the existing legal protection for privacy before discussing the introduction of a new statutory tort of misuse of private information.

 

Existing legal protection for privacy

Existing legal protection for privacy in Singapore

  1. The state of Singapore’s current laws does not leave one’s right to privacy unprotected as there are common law and statutory torts that collectively offer a significant degree of protection of one’s privacy. One example is the Protection from Harassment Act (the “PHA”).[10] This Act deals largely with provisions on personal freedom from intrusion against bodily and physical privacy.[11] In addition, it gives legal protection to a person against the publication of false statement of fact. The protection offered by this statutory tort also extends to online activities where the communication content amounts to harassment or stalking. In Benber Dayao Yu v Jacter Singh (“Benber”),[12] it was held that “harassing conduct on the internet would be covered by section 3 and 4 of PHA”.[13] However, the PHA is limited in its scope as it will not provide for a remedy in cases where a person accesses private information belonging to a victim and copies the information but does not publish it.[14]
  1. Another example is the Personal Data Protection Act (the “PDPA”)[15], which governs the collection, use, disclosure and care of personal data. In accordance with section 3 of the PDPA, “it recognises both the rights of individuals to protect their personal data and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes”.[16] This data protection regime was enforced in response to the vast amounts of personal data that are collected, used and even transferred to third party organisations. The PDPA aims to regulate the flow of personal data and maintain an individual’s right to privacy. However, the PDPA is limited in its scope as, in accordance with section 4 of the PDPA, it “imposes no obligations on any individual acting in a personal or domestic capacity or on any employee acting in the course of his employment with an organisation”.[17] Therefore, some incidents of misuse of private information by some persons may fall outside the ambit of the Act.
  1. Common law torts such as the tort of trespass, nuisance and breach of confidence all conceivably relate to some version of privacy. For example, the tort of breach of confidence protects private information that is conveyed in confidence.[18] There is also the common law action in nuisance which focuses on protecting a person’s private enjoyment of land from unreasonable interference.[19] The tort of defamation is aimed at the protection of one’s reputation, but it may indirectly protect the defamed person in circumstances whether the defamatory statements also disclose private information concerning them.[20]
  1. As a result, the existing legal framework does not leave one’s right to privacy unprotected. However, the application of such common law and statutory torts is limited as it fails to cover scenarios of misuse of private information. The existing legal framework fails to adequately provide civil liability for misuse of private information.

 

Statutory tort of misuse of private information 

  1. With the limitations of the existing privacy laws, the LRC recommends the creation of a new statutory tort of misuse of private information which offers a remedy to victims of such misuse of private information.[21] Under the new statutory tort, victims will be able to bring about a civil action against the perpetrator who intentionally misused the victim’s private information without their consent.[22]
  1. In his book, “The Law of Torts”, Professor Gary Chan stated five elements that will need to be examined when developing a new tort related to privacy.[23] The first element will be to ascertain the meaning of private information.[24] According to Professor Gary Chan, the meaning of private information seems broader than information having the “quality of confidence” and also includes the nature and type of the information disclosed.[25] He further states that the reasonableness of the expectation of privacy is also relevant, which is to be assessed from the viewpoint of a reasonable person in the position of the plaintiff.[26] The second element to ascertain will be when are privacy rights infringed.[27] It was argued in his book that “mere intrusion by the defendant of the plaintiff’s privacy may, in certain circumstances, be sufficient”.[28] This means that it is not necessary for the defendant to have published the private information of the plaintiff or used or taken advantage of the information for commercial profit or gain. The third element is to ascertain if such a proposed tort relating to protection of privacy will extend to corporations.[29] The fourth element is that there should be a defence of public interest.[30] The proposed tort should be able to balance confidentiality and the public interest. Lastly, the proposed tort will need to consider the availability of remedies for an infringement of privacy.[31]
  1. Even though the proposed tort is more narrowly defined to be solely in relation to misuse of private information, the elements identified by Professor Gary Chan in his book provide a guideline as to how the proposed tort could be structured.
  1. The LRC therefore recommends certain features that will be adopted by the proposed statutory tort of misuse of private information:[32]
    • Whether the plaintiff has a reasonable expectation of privacy in all the circumstances.
    • Liability will only arise in circumstances of serious misuse of private information, which will be judged from a reasonable person’s point of view in the plaintiff’s position.
    • Proof of damage need not be proven and the tort will cover physical and psychiatric harm, economic loss, and emotional distress.
    • For an actionable tort, the court must strike a balance between the public interest in protecting privacy and the public interest in not protecting privacy.
    • Intention will need to be proven such that the defendant intended to cause the disclosure or serious misuse of private information related to the plaintiff.
    • The remedies available under this tort include damages, an account of profits, an injunction or order of specific performance, a delivery up or destruction of offending material, publication of a correction, and/or the tendering of an apology.
    • This statutory tort will also bind the government.
  1. These features ensure that a blockbuster tort is not created as liability only arises in circumstances of “serious misuse of private information”. These features have also been inspired by law reform agencies in various jurisdictions, including the Australian Law Reform Commission, the Law Reform Commission of Hong Kong, and the Law Reform Commission of Ireland.[33] All these jurisdictions similarly adopted a statutory tort to deal with misuse of private information.[34]

  

Conclusion

  1. In conclusion, there is an increasing need for legal protection from the disclosure or serious misuse of private information, in particular because of the advancements in the digital and technological arena that provide easy access to one’s private information.
  1. Even though a plaintiff may seek a remedy for misuse of private information in a few ways, including breach of confidence or bringing a claim under PDPA or PHA, these options have proven to be of limited scope in instances where private information belonging to a victim is accessed but is not published.
  2. Therefore the proposition of a new statutory tort of misuse of private information will help fill the current lacuna in law.

Disclaimer: This update is provided to you for general information and should not be relied upon as legal advice.

[1] Singapore Academy of Law, “Report on Civil Liability for misuse of Private Information”, (December 2020).

[2] Singapore Academy of Law Reform Committee, “Report on Civil Liability for misuse of Private information”, (December 2020).

[3] Personal Data Protection Act (Cap 26, 2012 Rev Ed).

[4] Protection from Harassment Act (Cap 256A, 2014 Rev Ed).

[5] ANB v ANC [2014] SGHC 172.

[6] ANB v ANC [2014] SGHC 172 at [2].

[7] ANB v ANC [2014] SGHC 172.

[8] ANB v ANC [2014] SGHC 172 at [3] – [6].

[9] Singapore Academy of Law Reform Committee, “Report on Civil Liability for misuse of Private information”, (December 2020) at [1.11(c)].

[10] Protection from Harassment Act (Cap 256A, 2014 Rev Ed).

[11] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.058].

[12] Benber Dayao Yu v Jacter Singh [2017] 5 SLR 316.

[13] Benber Dayao Yu v Jacter Singh [2017] 5 SLR 316 at [25].

[14] Singapore Academy of Law Reform Committee, “Report on Civil Liability for misuse of Private information”, (December 2020) at [1.49].

[15] Personal Data Protection Act (Cap 26, 2012 Rev Ed).

[16] Personal Data Protection Act (Cap 26, 2012 Rev Ed) s3.

[17] Personal Data Protection Act (Cap 26, 2012 Rev Ed) s4.

[18] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.07].

[19] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.03].

[20] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.03].

[21] Singapore Academy of Law, “Law Reform Report – Quick Guide; Civil Liability for Misuse of information” (December 2020).

[22] Singapore Academy of Law, “Law Reform Report – Quick Guide; Civil Liability for Misuse of information” (December 2020).

[23] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.060].

[24] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.061].

[25] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.61].

[26] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.063].

[27] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.068].

[28] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.069].

[29] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.072].

[30] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.073].

[31] Gary Chan Kok Yew and Lee Pey Woan, The Law of Torts Singapore (Academy Publishing, Second Edition, 2016) (“Law of Torts”) at [16.077].

[32] Singapore Academy of Law, “Law Reform Report – Quick Guide; Civil Liability for Misuse of information” (December 2020).

[33] Singapore Academy of Law Reform Committee, “Report on Civil Liability for misuse of Private information”, (December 2020) at [2.2].

[34] Singapore Academy of Law Reform Committee, “Report on Civil Liability for misuse of Private information”, (December 2020) at [2.2].


Bill Jamieson is a Partner at CNPLaw LLP. Bill is an English lawyer who is also registered to practise Singapore law in the areas of corporate law, banking and finance and securities laws. He enjoys working in the diverse and dynamic Asian market and helping his clients to achieve their goals.
Partner

    Bill’s practice focuses on corporate financing transactions, investment funds, mergers and acquisitions, private equity and employment law matters. His experience includes 10 years in the City of London and over 20 years in Asia. Before joining CNP, Bill was a partner in a well-known international law firm. He is recommended lawyer for Corporate and M&A, Banking and Finance, Investment Funds and Labour and Employment in Legal 500 Asia Pacific 2021. Bill is one of the firm’s contacts for Interlaw, a network of independent full-service corporate law firms ranked by Chambers and Partners in its highest category, “Elite”, amongst all global law firm networks.


    Every business involves an amalgam of various stakeholders, such as investors, shareholders and directors. Ideally, each of these stakeholders should have a common vision of what is best for the company. However, this is rarely the case when individual interests are factored into the equation.

    Stakeholder conflicts (regarding issues such as breaches of fiduciary dutiesderivative actionsshareholder oppressionmanagement deadlocksmanagement compensationdividend payments and buy-outs) can be a thorny issue and can leave a company crippled if not addressed promptly.

    Given the diversity of interests at play, we appreciate that a multi-faceted approach is usually the most cost-efficient method of resolving stakeholder conflicts. Therefore, we provide clients with ready access to an integrated team of lawyers (combining the experience of our corporate, dispute resolution and employment law practices where applicable) who will effectively engage the relevant stakeholders in discussions on how best to resolve their differences amicably.

    More often than not, clients are able to avoid costly protracted court proceedings and resolve stakeholder conflicts with discretion and expediency.





    With the prevalence of technology and increasing connectivity through the internetcybersecurity and data protection are areas that have grown more important in Singapore.

    Since the introduction of the Personal Data Protection Act 2012 (“PDPA), it is mandatory for organisations to comply with data protection rules and we strive to help our clients understand that compliance with the PDPA is no longer an option.

    At CNPLaw, we have worked with our clients and helped them navigate through a variety of data protection issues, which include reviewing existing policies in order to advise on our client’s compliance with the law, highlighting possible legal risk areas and drafting appropriate documents including personal data protection policies and website terms of use.

    We also advise our corporate clients in relation to ad hoc queries on potential breaches of the law and the PDPA, and highlight data protection issues that may arise in the context of employment or HR policies.