Data Isn’t Property. It Doesn’t Have to Be.
Published by The Lawfare Institute
in Cooperation With
In 2018, the Supreme Court ruled that Americans have a reasonable expectation of privacy in at least some of their cell phone location history data. The dissenting justices, however, did not agree. Many of them focused on the fact that the data in question isn’t an individual’s property. They argued that expectations of privacy are derived, in many circumstances, from ownership interests. And because a person cannot use her location history as she wants, nor can she sell or dispose of it as she likes (which are all things one can normally do with property), data isn’t property.
This Fourth Amendment property salvo was not the first: The Court has been wrestling with the competing notions of property and privacy as bases for Fourth Amendment protections for decades. But the current composition of the Court, along with its broader skepticism of privacy-based constitutional rights, as in Dobbs v. Jackson Women’s Health Organization, suggest that the pendulum might be swinging toward property as a basis for Fourth Amendment protections.
If the strictest justices’ property views win, many digital law enforcement practices might be given constitutional carte blanche. Law enforcement would be free to engage in practices including the one at issue in Carpenter v. United States, cell phone tower dumps, stingray deployment, and more, all warrantlessly. As many observers have documented, these data contain deep patterns of private information.
I offer an alternative: a flexible, property-informed approach as the basis for Fourth Amendment protections. In this approach, Fourth Amendment protections apply when one has at least a situational right to exclude—that is, a right to exclude certain actors in certain situations, even if that right is not enjoyed in all contexts. Having only this one stick of the “bundle of sticks” that make up a traditional property right is sufficient to trigger Fourth Amendment protections, even if it is not sufficient to constitute a full property right over the thing to be searched. Indeed, one may have a situational right to exclude over something that is not itself real or chattel property. In other words, when the world is allowed in, so is the government. But if an individual retains any right to restrict someone, even absent any other indications of a property right, Fourth Amendment protections apply.
Consider a traditional example. A hotel guest has a right to exclude most people from her room, except the hotel staff in some circumstances. The hotel guest thus has a situational right to exclude and the police would need to obtain a warrant to search that room. It doesn’t matter that the hotel guest doesn’t have full property rights over the space, nor does it matter whether an expectation of privacy in that room is recognized as reasonable.
This approach can protect digital data, even though data isn’t considered property. If one has exclusion rights over a device via normal property law, such as a cell phone, the government would need a warrant before getting any information from that device. But more importantly, a situational right to exclude over data in other sources of law beyond property law can be located.
Any kind of exclusion-based right over data in a statute would generate a situational right to exclude, thus triggering Fourth Amendment protections. In this way, this view is a positive law view of the Fourth Amendment. (I address the role of contracts in my journal article, but that is beyond the scope of this piece.)
But there is a problem: Most American data laws are not written in ways that give rights to the data subject. Rather, they place obligations on the entity holding the data. Nonetheless, a right to exclude can still be located in such statutes for Fourth Amendment purposes. To do this, consider an example from the oral arguments of Carpenter. The petitioner’s attorney directed the justices to § 222(c) of the Telecommunications Act:
Except as required by law or with the approval of the customer, a telecommunications carrier that receives … [data] shall only use, disclose, or permit access to individually identifiable [data] in provision of (A) the telecommunications service … or (B) services necessary to, or used in, the provision of such telecommunications service. (Emphasis added.)
The statute derivatively grants the data subject a right to exclude by obligating providers to disclose data only at the data subject’s discretion. So, the data subject has a right against the carrier that the carrier exclude some people, agents, and others. (Here is a right to exclude!) Most data-relevant statutes—consider the Stored Communications Act and the Health Insurance Portability and Accountability Act (HIPAA)—provide exclusion rights in similar ways.
Looking at these kinds of restrictions placed on private parties by legislatures allows Fourth Amendment law to recognize existing value judgments about data without a total revolution in property law. Presumably, lawmakers place statutory restrictions on personally identifiable health information because it is private; locating the derivative right to exclude from such restrictions recognizes the underlying purpose of these statutes.
Some observers might object, arguing that this approach casts too wide a net and raises the stakes of any data regulation. This is a reasonable objection, but I welcome this result. It means that Fourth Amendment law better reflects existing societal judgments about data. In fact, this objection reveals a key advantage of any positive law view: empowering legislatures to respond to new technological realities.
This approach offers a key additional benefit: The third-party doctrine cannot be sustained under a situational right-to-exclude approach. This widely criticized doctrine essentially states that any information that subject A, for example, reveals to subject B voluntarily does not receive Fourth Amendment protection from government actors, “even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” Information revealed to any third party loses its reasonable expectation of privacy, at least from the government. Adopting a situational right-to-exclude approach allows private parties the option to structure their relationships in ways that would not otherwise be possible under the third-party doctrine.The situational right-to-exclude approach inverts the relevant presumption from “any sharing negates the need for a warrant” to “any restriction implicates a need for a warrant.”
In sum, this focused, property-inspired view provides a conceptually grounded and privacy-protective approach to the Fourth Amendment. For many, exclusion rights are the “hallmark of a protected property interest.” My view makes situational exclusion rights the hallmark of a Fourth Amendment interest.