Privacy in Ontario rental housing is not governed by a single statute. Federal data-protection rules apply to how landlords handle personal information. Provincial tenancy law governs what happens inside your unit — including who may enter, when, and for what purpose. Smart locks, lobby cameras, virtual tours, and online rental applications have made these questions more common, not less.
This guide explains how those two legal layers work together in practice. It is general information for landlords and tenants, not legal advice. For deeper coverage of illegal entry and LTB remedies, see our guides on landlord entry rights and tenant privacy at the LTB.
Two Laws, One Rental Relationship
Most Ontario privacy disputes in rental housing involve at least one of these frameworks:
| Issue | Primary law | Typical remedy |
|---|---|---|
| Collecting SIN, banking details, or sharing tenant files with vendors | PIPEDA (federal) | Complaint to the Office of the Privacy Commissioner of Canada (OPC) |
| Illegal entry, in-unit cameras, repeated intrusions | RTA (provincial) | T2 application at the Landlord and Tenant Board (LTB) |
| Marketing photos of occupied units without consent | RTA + privacy principles | LTB application; possible PIPEDA complaint if images are stored or published |
Ontario has no provincial private-sector privacy statute equivalent to Alberta's or British Columbia's. For commercial landlords — including individual owners who rent for profit — PIPEDA generally applies across the province.
The Residential Tenancies Act does not create a standalone "right to privacy" section. Instead, tenants are protected through the right to reasonable enjoyment of the rental unit (section 22) and detailed entry rules (sections 25–27). Conduct that violates those provisions — or that collects personal information improperly — can still trigger real consequences for landlords and meaningful remedies for tenants.
PIPEDA: What Landlords Can Collect — and What They Cannot Require
Under PIPEDA, "personal information" is broad: names, dates of birth, financial records, identification numbers, photographs, and video that identifies an individual all qualify. Landlords who collect, use, or disclose that information in the course of renting property must follow core obligations set out by the OPC's landlord–tenant guidance:
- Identify the purpose before or when information is collected.
- Obtain meaningful consent for collection, use, and disclosure — with express consent for sensitive steps like credit checks.
- Limit use to the purpose for which data was collected.
- Disclose third-party sharing (property managers, screening companies, fob vendors, etc.).
- Protect stored information with appropriate safeguards.
- Allow access and correction when tenants request it.
Rental applications and credit checks
Landlords may ask for information reasonably needed to assess whether an applicant can pay rent. A standard credit check typically requires name, address, and date of birth — not a Social Insurance Number. The OPC states that organizations, including landlords, cannot require a SIN unless a specific legal requirement exists. Renting an apartment is not one of those requirements.
If a landlord insists on a SIN as a condition of applying, tenants may offer alternative identification and ask how the information will be used and who will receive it. Landlords who share applicant data with credit bureaus or screening services need documented consent for that disclosure.
After move-in: limits on reuse
PIPEDA's purpose-limitation rule continues after tenancy begins. Information collected for screening cannot automatically be repurposed — for example, posted to an informal "bad tenant" list or forwarded to other landlords — without a new lawful purpose and appropriate consent. Landlords should keep tenant files secure, retain them only as long as needed, and restrict staff access on a need-to-know basis.
Practical tip for landlords: Standard Ontario leases and application forms should state what personal data you collect, why, how long you keep it, and which service providers receive it. Practical tip for tenants: If a request feels excessive, ask for the purpose in writing before providing documents.
Security Cameras: Common Areas vs. Private Space
Security cameras are one of the most frequent privacy flashpoints in multi-unit buildings. PIPEDA does not ban surveillance outright. It requires that collection be reasonable, proportionate, and transparent.
Where cameras are usually acceptable
Cameras in common areas — lobbies, exterior entrances, parking garages, laundry rooms — are often treated as reasonable when they address genuine security concerns. Landlords should still:
- Post clear signage explaining that video surveillance is in use.
- Distribute a written policy describing how footage is stored, who may access it, and when it will be reviewed.
- Advise tenants before installing or significantly expanding a system.
- Position cameras so they do not capture the interior of rental units or other private spaces.
Implied consent may be enough for lobby cameras if tenants are properly informed. Covert or undisclosed recording in areas where people expect privacy raises serious PIPEDA concerns.
When surveillance goes too far
In PIPEDA Case Summary 2010-008, the Privacy Commissioner investigated a complaint about an apartment building with 26 cameras recording 24 hours a day — covering every entrance, the lobby, laundry room, elevator interior, all hallways, and outdoor storage areas. Some camera angles could view inside certain units.
The OPC found the setup excessive and unreasonable. Tenants going about daily life were recorded indiscriminately, beyond what building security required. The investigation recommended scaling back coverage, ensuring images served security purposes only, and limiting footage review to documented security incidents.
That decision is a useful benchmark: more cameras does not equal more protection. Landlords should map actual security gaps before adding devices, avoid monitoring that tracks individual tenant routines, and never install cameras inside a occupied rental unit without explicit, informed consent — which is rarely appropriate in a residential tenancy.
Cameras aimed at your door or windows
Even in hallways, cameras pointed directly at a single unit's door — or positioned to capture activity through windows — can cross from building security into personal surveillance. Tenants who believe camera placement targets them specifically may have remedies under the RTA for substantial interference with reasonable enjoyment, in addition to a federal privacy complaint.
Entering the Unit: RTA Notice Rules in Brief
Landlord entry is where provincial law most directly protects tenant privacy inside the home. Unless an exception applies, section 27 of the RTA requires at least 24 hours' written notice before entry, specifying the date, time (between 8:00 a.m. and 8:00 p.m.), and reason.
Permitted purposes include inspections, repairs, showing the unit to prospective tenants or purchasers (in defined circumstances), and other lawful reasons tied to the tenancy — not open-ended "check-ins."
Exceptions allowing entry without notice are narrow: genuine emergencies, tenant consent, certain showings after termination notices, and limited care-home situations. Landlords who treat "property management" as a standing reason to enter whenever convenient risk LTB applications for illegal entry.
Our landlord entry guide covers notice formatting, time windows, and enforcement patterns in detail. The recurring theme in LTB decisions is procedural precision: short notice, vague purposes, and entries outside stated windows frequently result in compensation orders and administrative fines.
Photographs, Virtual Tours, and Your Belongings
Landlords sometimes need images to document damage, support maintenance plans, or preserve evidence for a hearing. Those purposes differ sharply from marketing an occupied unit for sale or re-rental.
In Juhasz v. Hymas (2016 ONSC 1650), the Divisional Court considered whether a landlord could enter to photograph a tenanted unit for an online sales virtual tour. The court drew a clear line: entry to photograph conditions for maintenance and repair may be lawful with proper notice, but entry primarily to gather marketing images — including photos of a tenant's belongings published online without consent — infringes privacy interests. The landlord could not use section 27 to force access for that purpose.
Key principles from that decision and subsequent commentary:
- Maintenance documentation — photographing a leak, broken fixture, or repair completion — is generally treated differently from promotional photography.
- Marketing photos of an occupied unit require tenant consent or a specific lease term agreed to at the outset. Without one of those, a tenant may lawfully refuse entry for photography.
- Landlords should state in the entry notice if photographs will be taken, explain why, and avoid capturing personal items unnecessarily.
- Publishing interior images of a tenant's home online without consent can support both RTA claims and PIPEDA complaints where identifiable personal information appears.
If you are a landlord selling a tenanted property, plan around the tenant's occupancy: exterior photography, floor plans, and post-vacancy interior shoots are often safer paths than pressuring a current tenant to allow a live virtual tour.
Guests, Smart Devices, and Building Access Data
Who tenants invite
Landlords cannot contract around the basic principle that tenants control who they invite as guests, provided occupancy standards and lease rules about overcrowding are respected. Lease clauses giving landlords veto power over guests are void under the RTA. Privacy and reasonable enjoyment include the ability to receive visitors without landlord surveillance of guest identity beyond what legitimate security systems in common areas incidentally record.
Smart locks, fobs, and access logs
Modern entry systems generate data — fob swipes, keypad codes, timestamps — that may itself be personal information under PIPEDA. Landlords who track access patterns should disclose that practice, use logs only for legitimate building management or security purposes, and avoid sharing detailed tenant movement data with unrelated third parties.
Tenants should read building policies on surveillance and data retention. Landlords should ensure property managers and concierge staff understand what they may and may not monitor.
What Tenants Can Do When Privacy Is Breached
Your response depends on the type of violation:
Federal privacy complaints (PIPEDA)
For over-collection of application data, undisclosed sharing with screening vendors, misuse of tenant files, or unreasonable video surveillance, tenants may file a complaint with the OPC. The process is free. Outcomes can include investigation findings and recommendations for changed practices. OPC complaints complement — but do not replace — LTB applications for ongoing tenancy issues.
LTB applications (RTA)
For illegal entry, in-unit recording devices, harassment tied to repeated intrusions, or substantial interference with reasonable enjoyment, tenants typically file a T2 Application About Tenant Rights. Remedies can include rent abatement, compensation, orders to stop the conduct, and administrative fines against landlords. The one-year limitation period applies to most claims — document incidents promptly.
Landlords facing unfounded allegations should keep contemporaneous records of proper notices, repair tickets, and communications. Good documentation is the best defence when entry was lawful but the tenant disagrees with the underlying work.
What Landlords Should Do to Stay Compliant
A short compliance checklist:
- Minimize data collection at application stage; treat SIN as optional and avoid collecting it unless a rare lawful purpose exists.
- Publish a camera policy before installation; audit angles annually to ensure units are not visible.
- Use standardized written entry notices with specific times and purposes; never enter to "look around."
- Separate maintenance photos from marketing photos; obtain written consent before any promotional use of occupied units.
- Train staff and superintendents — midnight entries and informal texting are recurring sources of liability.
- Respond to tenant privacy requests about stored personal information in a timely manner.
Proactive policies cost less than a single adverse LTB order combining rent abatement and an administrative fine.
Finding Help and Learning from Real Outcomes
Privacy disputes sit at the intersection of federal data law and provincial tenancy rules. The correct forum, deadline, and remedy depend on facts that are easy to mischaracterize — especially when cameras, photographs, and entry notices overlap in the same tenancy.
RentZen connects Ontario landlords and tenants with licensed paralegals who handle LTB applications and privacy-related tenancy disputes regularly. Browse qualified professionals at /paralegals.
To understand how members have resolved similar issues — illegal entry, harassment, camera disputes, and interference with reasonable enjoyment — explore anonymized decisions in our /case-study library before you file or respond.
Key Takeaways
- PIPEDA governs personal information collected by Ontario landlords, from rental applications through tenancy files and surveillance footage.
- The RTA protects the unit itself through reasonable enjoyment and strict entry rules; it does not replace federal data obligations.
- Security cameras in common areas may be lawful if reasonable, transparent, and properly positioned — but indiscriminate 24-hour coverage has been found excessive.
- Marketing photography inside occupied units requires consent or a specific lease term; maintenance documentation is not the same thing.
- Tenants are not required to provide a SIN for a standard credit check; landlords need consent before sharing applicant data with third parties.
- Remedies differ by forum: OPC for data-handling complaints; LTB T2 applications for entry, harassment, and in-unit interference.
Privacy expectations in rental housing will keep evolving as buildings add more technology. Landlords who build compliance into everyday operations — and tenants who know which rule applies to which problem — are better positioned to resolve disputes without escalation.
Sources: Office of the Privacy Commissioner of Canada — Privacy in the landlord and tenant relationship; PIPEDA Case Summary 2010-008 — video surveillance investigation; Juhasz v. Hymas (2016 ONSC 1650); Residential Tenancies Act, 2006.
