What Is Privacy? And Who Is Reasonable Enough to Know When to Expect It?

Who is the arbiter of what legally constitutes privacy and when someone has a reasonable expectation of privacy?  Does (or should) the expectation of privacy differ in the context of privacy of information?

As the concurrence in U.S. v. Jones points out, the expectations of privacy change with technology.  Periods of rapid technological change may result in a suspension of the existence of the hypothetical reasonable person.  The evolution is too fast.  Further, what constitutes a reasonable person may be situation- or education-dependent.  Take for example the purchaser of a car that includes a two-way communication system that interacts with GPS location (e.g. Ford’s Sync or GM’s OnStar).  A “reasonable” person who understands how that technology works may have a lower expectation that his vehicle’s movements are private than may someone who does not.  But that may be an unreasonable example.  Even absent a trespass under Jones, I think a court would likely find that obtaining and exploiting any data related to a car’s movement constituted an unreasonable search and seizure.

A less extreme example may be the person who creates an account with a file-sharing or social media service.  While some lawyers, privacy advocates, and paranoids may take the time to read all the terms of service and privacy agreements associated with “cloud” services, should a court assume that the hypothetical “reasonable person” does?  Granted these are contracts, and disputes may sound in contract law, but I think the principle applies.  Clearly, if someone posts content publicly on a social media site, he has waived any expectation of privacy—he has just shared the content with many others.  However, if he posts that picture to a private area of the site, to which only he has access, does he have an expectation of privacy?

Two of the media giants, Facebook and Google, have similar policies regarding user-contributed content.  According to Facebook’s privacy policy, when a user uploads content to the site, he has granted Facebook “a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook.”  While this license is nominally terminated when he deletes the content, if he has shared the information with one or more other users, Facebook retains the license until they have all deleted it.

Google’s privacy policy is similar:  when you upload content,

you give Google . . . a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content . . . for the limited purpose of operating, promoting, and improving our Services, and to develop new ones.

Both of these policies have recently changed to better protect the user.  Prior to March 1, 2012, Google’s policy was less generous to the user:

By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

I could not find the old version of Facebook’s policy, which was updated on June 8, 2012.  (The updated version is the one quoted above.)  But if I remember correctly, its revision too removed language about licenses being “perpetual” or “irrevocable” and added a method by which a user could revoke the license.

So should courts hold that a “reasonable person,” prior to this year, should have been aware that he had granted Google or Facebook perpetual and irrevocable rights to any pictures he had uploaded to his supposedly private web albums because the companies had no intention of maintaining his content private?  I don’t believe it has been well-tested, but I believe they should not.

However, I also believe that at some point in the future, as the average user becomes more aware of privacy issues, this should change.  Once the public at large becomes more knowledgeable of potential privacy concerns—and this is already well on its way to happening—I believe a reasonable person, theoretical or otherwise, will read terms of service for cloud-based services where he stores data.  This will indicate a “significant change[] in popular attitudes,” as Justice Alito notes in his Jones concurrence.  The reasonable person may then have evolved.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s