In a trilogy of cases in 2022, the Ontario Court of Appeal reshaped the landscape for privacy and data breach class actions (the “Trilogy”).[1] Each of those three cases involved privacy class actions against defendants who collected and stored the personal information of putative class members in their databases following large-scale data breaches by third-party hackers. The Court sharply limited the availability of the tort of intrusion upon seclusion in such cases involving third-party hackers, emphasizing that the tort requires deliberate and wrongful intrusion by the defendant itself.
