Introduction

The right to privacy first appeared in the decision of Griswold v. Connecticut (1965). Almost a decade later, Griswold became the precedent for the Court’s decision in Roe v. Wade (1973), establishing the right to abortion. Roe has provided protection against state laws prohibiting abortions and guaranteed individuals access to safe and legal abortions nationwide.[1] However, the decision in Dobbs v. Jackson Women’s Health Organization (2022) overruled the 50-year precedent that governed the country’s laws regarding abortions.[2] The reversal of Roe poses a threat to other privacy rights derived from the same principles as the right to an abortion.

The overturning of Roe resulted in many legal and social implications regarding data privacy. Now that states have full authority to regulate abortion access, individuals  must be highly conscious of their technology usage and the dissemination of their personal information to third-party data companies. Apps with location tracking can see if an individual has been to an abortion provider, and menstrual cycle tracking apps can tell if a person has missed their last period. With the amount of information that companies retain about their users, individuals are at risk of such data being used as evidence against them under state laws. Due to state bans on abortions, sensitive information such as a missed period can reveal that a woman is pregnant, which makes her vulnerable to scrutiny by law enforcement and potential persecution if she decides to seek an abortion. The Dobbs decision prompts a re-evaluation of the extent to which the current case law surrounding informational privacy are sufficient when digital communications and technology usage has become such a huge threat to individuals’ privacy.

The U.S. has a variety of agencies that controls different types of information, such as  Health Insurance Portability and Accountability Act (HIPAA), which regulates medical information, or the Gramm-Leach-Bliley Act (GLBA), which regulates consumers’ financial information. The U.S.’s lack of a comprehensive federal privacy law that governs what data  companies can collect and distribute leads to the exploitation of personal  information by law enforcement. In the digital age, the mass collection and distribution of users’ data have become more pervasive than current data security laws can regulate.

The Fourth Amendment is most relevant when considering constitutional protections of  data privacy. In the past, the Court has relied heavily on the third-party doctrine, which holds that  information voluntarily disclosed by an individual to a third party is not deserving of Fourth  Amendment protections. However, so many aspects of our lives today are governed by our usage of technology. From internet browsing, phone calls, online banking, videoconferencing, engaging in social media apps such as Facebook or Snapchat, or the use of smart homes devices, individuals  are constantly leaving digital marks that, when aggregated, can be highly intrusive to our personal  privacy. Information on our daily activities is captured and disclosed to third parties, sometimes without our knowledge. The third-party doctrine originated from a time when it was not possible  for third parties to access and hold such vast amounts of information about our personal lives. The Court could not have anticipated the rapidness of technological advancement and its implications  on our privacy today. 

The overarching issue that this note seeks to explore is the antiquated nature of the third party doctrine when applied to the digital age of pervasive data collection of personal information.  In doing so, this essay aims to illustrate that the Court should depart from a binary application of the third-party doctrine in relation to Fourth Amendment protections of digital privacy and adopt the contextual approach articulated in Katz v. United States (1967) to evaluate cases involving sensitive and revealing data.

The Right to Privacy

Although not explicitly stated within the Constitution, the right to privacy has been  derived from case law to encompass a variety of individual rights to be free from public  intrusion. In Griswold, the Court determined that although the right to privacy is not explicitly  stated within the Constitution, “various guarantees [in the Bill of Rights] create zones of privacy."[3] Griswold became the precedent for later cases in which the Court relied on the fundamental right  to privacy to establish other rights, including the right to birth control for unmarried couples,[4] the  right to same-sex marriages,[5] and up until recently, the right to obtain an abortion.[6] In the majority opinion of Dobbs, Justice Alito made a point in saying that “nothing in this opinion should be understood to cast doubt on precedents that do not concern abortion.”[7] However, the right to  contraception and same-sex marriage stemmed from the same principle as the right to an abortion: they are unenumerated liberties implied within the right to privacy and derived from the Fourteenth Amendment. The overruling of Roe poses a threat to other privacy rights that were built on the same legal foundation.

The right to data privacy, though derived from the general right to privacy, is  more elusive. The Fourth Amendment protects people’s right to “be secure in their persons, houses,  papers, and effects, against unreasonable searches and seizures,”[8] and has evolved to protect not  only against “physical interference with life and property,”[9]but also intangible harms such as  violations of informational privacy. 

The Origin and Evolution of the Third-Party Doctrine

I. Olmstead v. United States (1928)

In 1928, Olmstead brought to the Court the question of whether wiretapping private phone  calls to be used as evidence was constitutional. The Court had decided that law enforcement did  not violate the Fourth Amendment as the wiretapping was not a “physical invasion” of Olmstead’s  property, and therefore, “did not amount to a search or seizure within the meaning of the Fourth  Amendment.”[10] The decision established the “trespass doctrine,” which requires an actual physical  intrusion to justify Fourth Amendment protection. Justice Brandeis, dissenting, acknowledged the limiting nature of confining Fourth Amendment protections to property-based intrusions. Brandeis  stated that “[s]ubtler and more far-reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government. Discovery  and invention have made it possible for the government (…) to obtain disclosure in court of what  is whispered in the closet.”[11] Brandeis recognized that a traditional understanding of searches and  seizures of the Fourth Amendment does not provide adequate protection from the increasing invasiveness of modern-day technologies. 

II. Katz v. United States (1967)

The holding in Olmstead was eventually overturned by the decision in Katz v. United States.  Justice Stewart, delivering the majority opinion, stated that the Fourth Amendment “protects people,  not places” and that such protection cannot be determined by the “presence or absence of a physical  intrusion into any given enclosure.”[12] Justice Steward acknowledges that “what a person  knowingly exposes to the public…is not a subject of Fourth Amendment protection.”[13] However, “what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.”[14] The Court affirmed the need for a warrant to conduct a search, and the electronic surveillance used in this case is no exception. Justice Harlan, in his concurring opinion, set forth a two-pronged approach for evaluating the scope of Fourth Amendment  protection, known as the “reasonable expectation of privacy” test. The test requires that 1) a person  must exhibit “an actual (subjective) expectation of privacy” and 2) the expectation must “be one  that society is prepared to recognize as ‘reasonable.’”[15] The approach set forth in Katz establishes a modern and adaptive way that allows for Fourth Amendment protections to expand as reasonable expectations of privacy changes with new technological advancements.

III. United States v. Miller (1976)

Throughout the years, the Court has long held that information disclosed from an individual to a third party does not receive Fourth Amendment protection. The third-party doctrine in relation to information privacy was established in the case of United States v. Miller. Despite Katz setting a precedent by establishing the reasonable expectations of privacy test, the Court in Miller did not employ such analysis and opted for a more categorical approach. Miller, though it concerned a case about a tax-fraud investigation, is of great significance when discussing Fourth Amendment  protections of data privacy. The case involved the government’s subpoena of Miller’s bank records. Miller argued that the government’s seizure of his bank documents violated the Fourth Amendment. However, the Court held that an individual possesses no reasonable expectation of  privacy in information voluntarily provided to a third party, “even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the  third party will not be betrayed.”[16] This third party doctrine, in the digital age, grants government agencies access to a wide array of information about an individual, such as their internet searches or call histories, all of which were unprotected under the Fourth Amendment. 

IV. Carpenter v. United States (2018)

The Court’s decision in Carpenter v. United States was considered a seismic shift in terms  of Fourth Amendment protections. The question in this case was whether the  government’s access to cell site location information (CSLI) constitutes a search under the Fourth Amendment. Officers investigating Timothy Carpenter, a suspect in a series of robberies, had applied for a court order to obtain his cell phone records, pursuant to the Stored Communications Act (SCA). The SCA applies a rational basis standard which only requires that the government show reasonable grounds for obtaining the records. This means that the government is subjected to the lowest level of scrutiny and possess a great deal of discretion. The government was able to obtain “12,898 location points cataloging Carpenter’s  movements—an average of 101 data points per day.”[17] Carpenter had attempted to suppress the CSLI, arguing that the government had violated the Fourth Amendment as the information was  acquired without a warrant. The district court denied Carpenter’s motion to suppress, and the Court of Appeals for the Sixth Circuit affirmed. The court had held that Carpenter did not possess a reasonable expectation of privacy in the CSLI as he had voluntarily provided his location to the wireless carriers every time he made or received a call. The court’s reasoning demonstrates a strict adherence to the third-party doctrine and suggests that Carpenter’s cell phone usage is equivalent  to him willingly disclosing his location. 

The Supreme Court, however, had departed from such a categorical analysis of Fourth  Amendment protections as it considers an area of privacy that had yet to be addressed in previous cases. The Court held that “an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through CSLI.”[18]The Court elaborated on the fact that even though Carpenter’s CSLI was shared with a third party, “that distinction does not negate [his] anticipation of privacy in his physical location.”[19] The Court employed Katz’s reasonable expectations test in evaluating whether Carpenter was entitled to Fourth Amendment protection  instead of falling back on the rigidity of a third party doctrine analysis.

The dissenters in Carpenter argued that under the third-party doctrine, Carpenter’s location, as conveyed through the information that his cell phone relays to wireless carriers, indicates that he lacked a reasonable expectation of privacy. However, Justice Roberts pointed out that this view disregards the pervasiveness of the technology in its ability to track people’s locations for “years and years” and with a memory that is “nearly infallible.”[20] Roberts goes on to assert that when an individual shares information with a third party, their expectation of privacy is diminished; however, it does not dissolve them of their Fourth Amendment interests entirely. 

Comparison of CSLI to Other Forms of Data

While the Court’s approach to Fourth Amendment protections in Carpenter underwent a drastic shift, straying away from the strict applications of the third-party doctrine, the doctrine was not overturned and continues to be a valid legal tool. The Court did not recognize a new alternative to the third-party doctrine for evaluating sensitive third-party data; instead, “the Court merely carved out a narrow exemption for cell site location information (CSLI).”[21]Nevertheless, the logic employed by the Court to determine that the third-party doctrine did not extend to CSLI can be utilized to other forms of data that do not currently fall under the Fourth Amendment protection.

Focusing on the substance of the information obtained by the government, the Court  argues that the “time-stamped data provides an intimate window into a person's life, revealing not only his particular movements, but through them his ‘familial, political, professional, religious, and sexual associations,’ all components of which the Court refer to as the “privacies of life.” When weighing the extent to which this set of data reveals about the intimate details of an individual’s life against the notion of “voluntary exposure,”[22] the Court determined that “cell  phone location information is not truly ‘shared’ as they serve as “‘such a pervasive and insistent  part of daily life’ that carrying one is indispensable to participation in modern society.”[23] The Court suggests that cell phone has become a necessary tool in today’s society as people rely so heavily on its usage to carry out daily activities. Due to its crucial function in one’s life, the location information associated with cell phone usage cannot be viewed as information that was willingly disclosed. The Court examined the contents of the records being obtained and determined that the location data was revealing enough to override the third party doctrine restrictions. 

The pervasiveness of internet usage is comparable to that of cell phone usage and should  not be subjected to the third-party doctrine. People rely heavily on the internet, whether it be for work or school, convenience, or pure entertainment, all of which are tracked by Internet Service  Providers (ISP). Individuals reveal so much of their intimate lives solely from their internet  searches. All of this information can then be obtained by the government without the need for a  warrant. Law enforcement may access one’s digital history as a part of their investigation and gain  unprecedented access to the most intimate aspects of people’s lives. 

Application of Katz’s “Reasonable Expectations” to Data Privacy

The reasonable expectations of privacy test proposed in Katz require a case-by-case  analysis to determine the presence of a Fourth Amendment interest. In contrast, the over encompassing categorical approach employed in Miller, where information held by a third party, whether it be a human or a database, is left unprotected. The notion that individuals voluntarily  disclose information about themselves when using the internet is an outdated approach to modern search and seizure laws, as everyone who wishes to use the internet cannot avoid having their data shared with third parties. The same goes for any applications or platforms that share and collect personal information or involve location tracking as part of their operations. The limitations imposed by the third-party doctrine are ill-suited for the privacy challenges that arise in the age of  information-sharing because the usage of technology has become such a prevalent aspect of people’s lives.

In the wake of the Dobbs decision, it is not difficult to imagine how the voluminous  amount of data from “femtech” companies raises privacy concerns for women. Approximately  one-third of U.S. women have used a period-tracking app,[24] which is a type of platform where  women can monitor their menstruation cycles, symptoms, fertility, etc. In the hands of big tech companies, such information is used for marketing and targeted advertisements. However, in the hands of law enforcement, health-related information may be used as evidence for abortion-related criminal charges.

Under Katz’s approach, it is reasonable to assume that people have an expectation that  information about the most intimate details of their health will be kept private, as things like  fertility tracking are something that people may not even want to share with their closest friends  or family. In Katz, the Court articulated that “what a person knowingly exposes to the public (…) is not a subject of Fourth Amendment protection. “Knowingly” is defined as “understanding the  meaning of what you are doing,”[25] and “public” is defined as “exposed to general view.”[26] Most people using their cell phones to browse the internet do not “knowingly” disclose the most intimate aspects of their lives to the “public.” When an individual uses an app to monitor their period cycles or searches on the internet for contraceptive tablets, even though their data is held by a third party, they maintain a reasonable expectation that such personal information will be kept confidential. It is crucial to examine the nature of the content shared and the context to which it was shared with third parties.

Katz provided a conceptual framework for analyzing data privacy in today’s world. The  reasonable expectations analysis may seem vague as the notion of “reasonable” is subjective. However, as societal conditions and norms change, Katz’s framework for analyzing data privacy  can be used as a tool by the Court to adapt to the privacy problems of modern technologies.

Conclusion

In today’s world, there is a continuous and passive gathering and sharing of individuals’ information with third parties. The third-party doctrine is outdated and inadequate in protecting individuals’ intimate details about their lives from being exposed to government surveillance. Following the overturning of Roe, which eliminated the guarantee of abortion as a fundamental right, individuals’ personal information regarding their reproductive health can be used as evidence to incriminate them under state laws. Under such circumstances, the reasonable expectations of privacy test established in Katz can safeguard against invasive digital searches and surveillance and should be employed by the Court in future cases involving data privacy breaches.

[1] Roe v. Wade, 410 U.S. 113 (1973).

[2] See Dobbs v. Jackson Women's Health Org., 213 L. Ed. 2d 545 (2022).

[3] Griswold v. Connecticut, 381 U.S. 479, 484 (1965).

[4] See Eisenstadt v. Baird, 405 U.S. 438 (1972).

[5] See Obergefell v. Hodges, 576 U.S. 644 (2015).

[6] Roe v. Wade, 410 U.S. 113 (1973).

[7] Dobbs v. Jackson Women's Health Org., 142 S. Ct. 2228, 2239 (2022).

[8] U.S. Const. amend. IV. 

[9] Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890).

[10] Olmstead v. United States, 277 U.S. 438, 466 (1928).

[11]  Id. at 473.

[12] Katz v. United States, 389 U.S. 347, 353 (1967).

[13]  Id. at 351.

[14] Id.

[15]  Id. at 361.

[16] United States v. Miller, 425 U.S. 435, 443 (1976).

[17] Carpenter v. United States, 138 S. Ct. 2206, 2209 (2018).

[18] Id. at 2217.

[19] Id.

[20] Id. at 2219.

[21] Tonja Jacobi, A Solution for the Third-Party Doctrine in a Time of Data Sharing, Contact Tracing, and Mass  Surveillance, 97 Notre Dame L. Rev. 826 (2022).

[22] Id. at 2210.

[23] Id. (quoting Riley v. California, 134 S.Ct., at 2484 (2014)).

[24] Health Apps and Information Survey, KAISER FAMILY FOUNDATION (Sep. 10, 2019), https://www.kff.org/other/poll-finding/kff-health-apps-and-information-survey/.

[25] Knowingly, CAMBRIDGE DICTIONARY, https://dictionary.cambridge.org/us/dictionary/english/knowingly.

[26] Public, MERRIAM-WEBSTER, https://www.merriam-webster.com/dictionary/public.