Smart Device Legality and Privacy in eDiscovery
“Hey Alexa …”
It’s a simple sentence that makes us feel like we’re living in the future promised by The Jetsons and Star Trek. Alexa, Siri, Google Assistant, all artificial intelligences (AI) designed to make our lives a bit easier. Need a beef brisket recipe? Just ask Siri. At what time will the film start? Ask Alexa. Need music for your dinner? Google Assistant has you covered, just ask. But how are Alexa and Siri fully available to you? The answer is that they are always listening. What does this mean to you? This means that every sound they hear is analyzed and indexed.
Privacy is the next big frontier in eDiscovery. Data protection laws are constantly evolving. The General Data Protection Regulation (GDPR) (in force since May 25, 2018) is the law of the European Union (EU) and the European Economic Area (EEA) that concerns data protection and privacy . It also applies to the transfer of personal data outside the EU and the EEA. (The University of Michigan has a large chronology in the history of privacy law.) In practice, your personal data is the most valuable asset you have.
Understand existing and pending privacy legislation is important. Currently, 3 states have passed legislation, including California; 9 states, including Pennsylvania, have active bills; and 15 states introduced legislation that ultimately died or was postponed. At some point, there could be federal legislation governing privacy similar to GDPR.
Do these devices violate wiretapping laws? Not clear.
One question worth exploring is whether these devices fall under wiretapping laws. In Hall-O’Neil vs. Amazon, a class-action lawsuit in the Western District of Washington, the plaintiffs allege that Alexa-enabled devices collected and recorded confidential conversations with minors. Hall-O’Neil v. Amazon.com Inc. et al., 2: 19CV00910. It’s important to keep an eye out for these and other similar cases to understand the privacy issues involved with these types of devices.
How do we deal with evolving privacy issues in the legal world?
So what does this mean for legal professionals? One thing to consider is the issue of solicitor-client privilege. With the global pandemic requiring a major shift towards working from home, you need to carefully consider the ramifications of having a virtual assistant in your home while you are working on client matters – you could be violating solicitor-client privilege. To be on the safe side, you will probably want to unplug your virtual assistant before you get to work.
On the other hand, if someone has a virtual assistant and was present at a key meeting or event, you may want to investigate the subpoena of the recordings, resulting in additional issues such as who owns the data related to virtual assistants, how long is the data kept and how do you get it. Law enforcement officials have subpoenaed virtual assistant data for years to obtain voice clips and time-stamped logs of user activity in criminal investigations.
What is the best practice?
With so many questions and so few real legal precedents, it is best to proceed with caution with the use of these devices. It is also very important from an eDiscovery perspective to make sure that you are aware of the potential for discovering important data on these devices during the discovery process.
Lynne Hewitt and Maryann Mahoney are also the authors of this article.
© 2021 Strassburger McKenna Gutnick & GefskyRevue nationale de droit, volume XI, number 244