“I always feel like somebody’s watching me…” The Legalities of Smart Devices and Privacy
It’s a simple phrase that makes us feel like we’re living in the future promised us by The Jetsons and Star Trek. Alexa, Siri, Google Assistant—all Artificial Intelligence (AI) designed to make our lives just a little easier. Need a recipe for beef brisket? Just ask Siri. What time is the movie going to start? Ask Alexa. Need some music for your dinner party? Google Assistant has you covered, just ask. But how are Alexa and Siri at your beck and call? The answer is they’re always listening. What does that mean for you? It means that every sound they hear is analyzed and indexed.
Privacy is the next big frontier in eDiscovery. Data privacy laws are constantly evolving. The General Data Protection Regulation (GDPR) (effective May 25, 2018) is the European Union (EU) and European Economic Area (EEA) law that relates to data protection and privacy. It also applies to the transfer of personal data outside of the EU and EEA. (The University of Michigan has a great timeline of the history of privacy law.) Practically, your personal data is the most valuable asset you have.
Understanding existing and pending privacy legislation is important. Currently 3 states have passed legislation, including California; 9 states, including Pennsylvania, have active bills; and 15 states have introduced legislation that ultimately died or was postponed. At some point there could be federal legislation that governs privacy similar to GDPR.
Do these devices violate wiretapping laws? Unclear.
An issue worth exploring is whether these devices fall under the purview of wiretapping laws. In Hall-O’Neil v. Amazon, a class action case in the Western District of Washington, Plaintiffs allege that Alexa enabled devices collected and recorded confidential conversations with minors. Hall-O’Neil v. Amazon.com Inc. et al., 2:19CV00910. It is important to keep an eye on these and other similar cases to understand the privacy issues at play with these types of devices.
How Do We Handle Evolving Privacy Issues in the Legal World?
So, what does this mean for legal professionals? One thing to consider is attorney-client privilege issues. With the global pandemic requiring a major shift to working from home you should carefully consider the ramifications of having a virtual assistant in your home while you’re working on client matters—you may be violating attorney-client privilege. Out of an abundance of caution you probably want to unplug your virtual assistant before getting to work.
On the flip side, if someone has a virtual assistant and it was present during a key meeting or event you might want to investigate subpoenaing the recordings, which carries with it additional issues such as who owns the data related to virtual assistants, how long is the data retained, and how do you obtain it. Law enforcement agencies have been subpoenaing virtual assistant data for years to obtain voice clips and time stamped logs of user activity in crime investigations.
What’s the Best Practice?
With so many questions and so few real legal precedents it’s best to proceed with caution with the use of these devices. It’s also very important, from an eDiscovery perspective, to make sure you’re aware of the potential for important data to be found on these devices during the discovery process.
Lynne Hewitt and Maryann Mahoney also authored this article.