Yesterday was apparently Data Privacy Day. Didn't notice? We don't blame you. Like the concepts of temperance, abstinence, and alchemy, it might seem like a bygone idea. After all, we live in the days of eroding social media privacy settings, data breaches, and online advertisers tracking your every breath.
Google, while doing much of the latter, hasn't completely abandoned the noble idea of data privacy. While they will track your every keystroke for advertising purposes, they will supposedly fight for your right to be free from unreasonable search and seizure by law enforcement agencies across the globe.
Just last week, Google released its biannual "transparency report" where it breaks down the number of data requests by time period, requesting government, and for the first time, by legal procedure used to make the request.
The biggest shocker? Only twenty-two percent of requests were made pursuant to a search warrant. Sixty-eight percent were made via subpoenas, which to remind our young law students, don't require judicial approval.
Windows looked like this when the ECPA was passed in 1986.
How are such things legally possible? Thank the Electronic Communications Privacy Act, which was passed in 1985. In terms of data laws, it's the equivalent of Clint Eastwood in Gran Torino, sans any endearing qualities whatsoever. The most heinous provision declares any messages stored on an online server that are older than 180 days to be "abandoned" and fair game for subpoenas. That includes those nasty emails from your ex.
(Checks. Deletes. Deletes. Empties Gmail trash. Checks again.)
What's Google doing to stem the continual invasion of your privacy? They released FAQs on data privacy but here are the highlights:
- When Google receives a request, they ensure that it satisfies legal requirements and seeks to narrow its scope, if possible.
- The subject of the inquiry is notified of the request unless Google is legally prohibited from doing so.
- Sixty-six percent of total data requests over the past six months have led to the release of at least some data.
Is there a way to stem the tide of dying data privacy? On a macro level, there's always the hope of revising the ancient ECPA to require warrants or court orders for all requests. Updating that "abandoned message" definition couldn't hurt either.
On a personal level, however, there's little you can do. After all, the days of pseudonymous email addresses, like firstname.lastname@example.org, as an acceptable professional address are long gone. Personally, we think carrier pigeons are a frequently overlooked alternative.
- Google Tells Cops to Get Warrants for User E-Mail, Cloud Data (Wired)
- FTC Issues 8 New Rules to Protect Children's Online Privacy (FindLaw's Technologist)
- Is It Illegal to Unlock Your Smartphone? (FindLaw's Technologist)