“I always feel like somebody’s watching me…” The Legalities of Smart Devices and Privacy

September 1, 2021
By Lynne Hewitt
Posted in E-Discovery Services, Litigation

By Lynne Hewitt

and the eDiscovery Committee at SMGG:  Gretchen Moore, Lydia Gorba, and Maryann Mahoney

“Hey Alexa…”

It’s a simple phrase that makes us feel like we’re living in the future promised us by The Jetsons and Star Trek. Alexa, Siri, Google Assistant—all Artificial Intelligence (AI) designed to make our lives just a little easier. Need a recipe for beef brisket? Just ask Siri. What time is the movie going to start? Ask Alexa. Need some music for your dinner party? Google Assistant has you covered, just ask. But how are Alexa and Siri at your beck and call? The answer is they’re always listening. What does that mean for you? It means that every sound they hear is analyzed and indexed.

Data Privacy

Privacy is the next big frontier in eDiscovery. Data privacy laws are constantly evolving. The General Data Protection Regulation (GDPR) (effective May 25, 2018) is the European Union (EU) and European Economic Area (EEA) law that relates to data protection and privacy. It also applies to the transfer of personal data outside of the EU and EEA. (The University of Michigan has a great timeline of the history of privacy law.) Practically, your personal data is the most valuable asset you have.

Understanding existing and pending privacy legislation is important. Currently 3 states have passed legislation, including California; 9 states, including Pennsylvania, have active bills; and 15 states have introduced legislation that ultimately died or was postponed. At some point there could be federal legislation that governs privacy similar to GDPR.

Do these devices violate wiretapping laws? Unclear.

An issue worth exploring is whether these devices fall under the purview of wiretapping laws. In Hall-O’Neil v. Amazon, a class action case in the Western District of Washington, Plaintiffs allege that Alexa enabled devices collected and recorded confidential conversations with minors. Hall-O’Neil v. Amazon.com Inc. et al., 2:19CV00910. It is important to keep an eye on these and other similar cases to understand the privacy issues at play with these types of devices.

How Do We Handle Evolving Privacy Issues in the Legal World?

So, what does this mean for legal professionals? One thing to consider is attorney-client privilege issues. With the global pandemic requiring a major shift to working from home you should carefully consider the ramifications of having a virtual assistant in your home while you’re working on client matters—you may be violating attorney-client privilege. Out of an abundance of caution you probably want to unplug your virtual assistant before getting to work.

On the flip side, if someone has a virtual assistant and it was present during a key meeting or event you might want to investigate subpoenaing the recordings, which carries with it additional issues such as who owns the data related to virtual assistants, how long is the data retained, and how do you obtain it.  Law enforcement agencies have been subpoenaing virtual assistant data for years to obtain voice clips and time stamped logs of user activity in crime investigations.

What’s the Best Practice?

With so many questions and so few real legal precedents it’s best to proceed with caution with the use of these devices. It’s also very important, from an eDiscovery perspective, to make sure you’re aware of the potential for important data to be found on these devices during the discovery process.

SMGG leverages KLDiscovery’s portfolio of eDiscovery solutions and consultative expertise to assist with tackling these challenges.  Call the litigation attorneys of Strassburger McKenna Gutnick & Gefsky to assist you with your federal litigation needs. Lynne Hewitt is CEDS certified and co-chairs the firm’s eDiscovery Committee and Litigation Practice Group with attorney Gretchen Moore. Attorney Moore can be reached at gmoore@smgglaw.com or 412-281-5423.