It can be easy in the data privacy and security sphere to focus significantly on best practices, changing statutes, new administrative investigations, and evolving industry standards.  It is important, however, not to lose the forest for the trees by ignoring larger issues like “what criteria should we use to determine whether information is in fact ‘private’ information?”  The issue was recently addressed by Brad Smith, General Counsel of Microsoft, in a recent InsideCounsel article .

When many of us think of what it means for information to be “private”, we assume the information must be kept secret.  Instinctively, it would seem to make sense that publicly known information cannot also be “private” information.  But can information be private if the owner of the information purposefully provides it to certain individuals and not others?  That issue was recently addressed by the U.S. Supreme Court and discussed in Smith’s article.

Smith’s article argues that legal change may be coming to the definition of privacy, and he cites by way of example Justice Sotomayor’s concurring opinion in the recent U.S. Supreme Court decision in U.S. v. Jones.  In Jones, the court held that the government was required to obtain a warrant where it installed a tracking device on a suspect’s vehicle, as this conduct was a search under the Fourth Amendment.

In her concurring opinion, Justice Sotomayor began with the general principle that “a Fourth Amendment search occurs when the government violates a subjective expectation of privacy that society recognizes as reasonable.”  Does this expectation of privacy extend to information shared with some individuals and not others?  Justice Sotomayor posited that:

it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.  This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.  People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books, groceries, and medication they purchase to online retailers. . . . I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year.  But whatever the societal expectations, they can attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy.  I would not assume that all information voluntarily disclosed to some member of the public for a limited purpose is, for that reason alone, disentitled to Fourth Amendment protection.

Justice Sotomayor also quoted Justice Marshall’s dissent in the 1979 case of Smith v. Maryland – “Privacy is not a discrete commodity, possessed absolutely or not at all.  Those who disclose certain facts to a bank or phone company for a limited business purpose need not assume that this information will be released to other persons for other purposes.”

Ultimately, the Jones Court did not decide whether a reasonable expectation of privacy exists in information voluntarily disclosed to third parties, but as Mr. Smith observes, “the Fourth Amendment will likely evolve and influence the future of privacy rules and practices with implications for inside counsel across the country.”

DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone, and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site is for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.