Site Meter

Overturning the Third-Party Doctrine by Statute: Hard and Harder

You may also like...

3 Responses

  1. PrometheeFeu says:

    How about recognizing the third-party’s privacy policies and practices as creating a reasonable expectation of privacy?

  2. Bob Gellman says:

    That may be fine (up to a point) as between the data controller and the data subject. Although what to do about the ubiquitous “changeable at any time” privacy policy that you find everywhere? What’s a reasonable expection if the policy can vary at the whim of the data controller?

    I don’t see a third party’s policy as addressing the Fourth Amendment issue. What if the third party’s policy is not reasonable (e.g., we never turn data over to the government)? The government should have some ability to get third party data (e.g., with a warrant) that can’t be changed by a data controller’s policy.

  3. PrometheeFeu says:

    @Bob Gellman

    I agree that the changeable at any time policy is a problem. We could deal with that problem by encouraging companies to give users a meaningful opportunity to delete their data prior to any change in the privacy policy coming into effect.

    Perhaps this encouragement could come in the form of a “magical incantation” that when placed in the privacy policy would confer a reasonable expectation of privacy. If such an “incantation” was reasonably-worded, there would be significant incentives on companies to adopt it. (Privacy policies are often opaque, but it would be easy to determine whether or not a service provider has used the incantation in their terms of service or some similar document)

    “What if the third party’s policy is not reasonable (e.g., we never turn data over to the government)? The government should have some ability to get third party data (e.g., with a warrant) that can’t be changed by a data controller’s policy.”

    I agree. My point was not that the government would be bound to follow that third-party’s privacy policy. My point was that the reasonable expectations test should be involved by the third-party’s policy.

    So let’s say I have an email account with a company and that company’s policy is that none of its employees, contractors, affiliates or whatever can view my email without my explicit consent. (Perhaps obtained over the phone.) This would create a reasonable expectation of privacy which could be defeated in the normal ways: warrant, probable cause, etc…

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image