In early October 2012, the Ontario Court of Appeal released two decisions, R. v. Ward, 2012 ONCA 660, and R. v. Cuttell, 2012 ONCA 661, which dealt with the admittance of evidence obtained by means of a search warrant based on information obtained from plaintiffs’ Internet Service Provider (ISP). The Court of Appeal noted that the practice of the police “seeking and obtaining customer information from ISPs and using that information to obtain search warrants has been constitutionally challenged as an unreasonable search and seizure in several cases” and that this was the first time this court was addressing the constitutionality of this practice.

In Ward, in the course of a child pornography investigation, police requested from Bell Sympatico the name and address of a subscriber. Based on a protocol agreed to by a number of Canadian ISPs and the police, Sympatico turned over the subscriber information, which the police subsequently used, in conjunction with other information collected during the investigation, to obtain search warrant. A resultant search of the appellant’s residence and computer yielded over 30,000 images and 373 videos. At trial, the appellant claimed that the search of his residence and computer violated his rights under s. 8 of the Canadian Charter of Rights and Freedomsand requested that the evidence be declared inadmissible. The trial judge admitted the evidence, and the appellant was convicted.

Decision of the trial Judge

In determining if there was a reasonable expectation of privacy in the subscriber information, the trial judge focused on three factors: whether the requests for and disclosure of that information by the ISP conformed to the federal legislation governing disclosure of customer information to law enforcement by private-sector organizations; whether the terms of the service agreement between the appellant and the ISP addressed both the ISP's commitment to maintaining the confidentiality of client information and its willingness to disclose client information to law enforcement authorities in connection with criminal investigations involving allegations of the criminal misuse of the ISP's services, and whether the nature of the information turned over by the ISP; i.e., the appellant’s name and address, was of the kind that would reveal intimate personal details or lifestyle choices. The trial judge found that, in looking at the totality of the evidence, the appellant had no objective reasonable expectation of privacy.

Court of Appeal decision

In its analysis, the Court of Appeal noted that s. 8 of the charter protects reasonable expectations of privacy and, in this case, the appellant had a subjective expectation of privacy in respect of information revealing his Internet activity. He clearly intended to conceal his identity by not revealing his identity when accessing the site and using temporary anonymous email addresses. However, the court found that the police request complied with section 7(3)(c.1(ii)) of the Personal Information Protection and Electronic Documents Act (PIPEDA); the nature of the information sought is relevant and the police request was specific and narrow—it only sought the individual’s name and address, the information in and of itself revealed nothing personal about the appellant or his Internet usage, and the request only identified three specific instances of Internet activity—the request referred specifically to an investigation of child exploitation offences under the Criminal Code, and the ISP's service was an integral and essential component of the offences being investigated. Importantly, the court found that while there is no legislative authority underlying the terms of the service agreement between the ISP and the appellant, a reasonable informed person would not expect that society should recognize that the appellant had a reasonable expectation of privacy in respect of subscriber information held by the ISP. In Cuttell, the Court cited its analysis in Ward in arriving to a similar conclusion.

While in this case the appellant was not successful in his attempt to bar the evidence obtained by means of the search warrant, the court was careful to note that this decision does not suggest that disclosure of customer information by an ISP can never infringe the customer’s reasonable expectation of privacy; the court may reach a different decision if the ISP was to disclose more detailed information, if the ISP made a disclosure in relation to an investigation of an offence in which the service was not directly implicated, or if there was evidence that the police, armed with the subscriber’s name and address, could actually form a detailed picture of the subscriber’s Internet usage.

Written By



If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Spots Going Fast

With the top minds in the field leading this exceptional program, it's no wonder it's filling quickly. Register now to secure your spot.

Be Part of Something Big: Join the Summit

Registration is open for the Global Privacy Summit 2016. Discounted early bird rates available for a short time, register today!

Data Protection Intensive Returns to London

Registration is now open for the IAPP Europe Data Protection Intensive in London. Check out the program!

P.S.R. Call for Speakers Open!

P.S.R. is THE privacy + cloud security event of the year, and you can take a leading role. Propose a session for this year's program.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»