Objects, Places and Cyber-Spaces Post-Carpenter: Extending The Third-Party Doctrine Beyond CSLI: A Consideration of IoT and DNA

58 Pages Posted: 18 Mar 2019

See all articles by Eunice Park

Eunice Park

University of California, Irvine School of Law

Date Written: March 2019


Ostensibly, Carpenter v. United States is only about cell-site location information (CSLI). However, the Supreme Court’s reasoning behind why the third-party doctrine should not apply is broadly applicable: the information was involuntarily exposed, incidental to merely having a cell phone, which is an item necessary for functioning in modern society. Indeed, technology’s constant forward march leads one to wonder, what privacy issue awaits around the next corner? What technological innovation will pose yet another Fourth Amendment challenge?

Smart devices and private DNA testing seem vastly different from each other and from cell phones, and yet both are increasingly popular consumer technologies whose functioning, by design, necessitates a third party. Like CSLI, the data sent to third parties by smart devices and genomic testing services involves no voluntary act, let alone affirmative sharing. This lack of voluntariness was a significant part of the Carpenter Court’s basis for holding—in a decision lauded by privacy advocates—that the cell phone owner has an expectation of privacy in CSLI, despite the fact that the data is owned by a third party. Thus, notwithstanding its limiting language, Carpenter opens the door to a slew of questions about consumers’ privacy expectations in multitudes of other burgeoning technologies that, like cell phones and the location data they produce, also necessitate a third party. This Article, therefore, proposes extending the third-party doctrine in Carpenter’s wake to reflect the realities of the digital age, both to protect privacy and provide some limits to the third-party doctrine. Given that a third party has control over a consumer’s personal data, a meaningful test for whether an expectation of privacy remains or has been forfeited should include two inquiries: first, whether the consumer understands that the technology’s very design necessitates a third party; and second, whether the consumer has a meaningful opportunity to opt out of sharing data with that third party.

Keywords: Carpenter v. United States, cell-site location information, CSLI, smart device, smart devices, IoT, DNA, genomic testing, genetic testing, Fourth Amendment, privacy, cell phone, cell phones, third-party doctrine, expectation of privacy, reasonable expectation of privacy, technology, digital data

Suggested Citation

Park, Eunice, Objects, Places and Cyber-Spaces Post-Carpenter: Extending The Third-Party Doctrine Beyond CSLI: A Consideration of IoT and DNA (March 2019). 21 Yale J.L. & Tech. 1 (2019). Available at SSRN: https://ssrn.com/abstract=3348761

Eunice Park (Contact Author)

University of California, Irvine School of Law ( email )

401 East Peltason
Irvine, CA 92697
United States

Register to save articles to
your library


Paper statistics

Abstract Views
PlumX Metrics