In the digital age, users store vast amounts of data—often data considered to be private—in the cloud. The privacy of this data is increasingly determined by the policies of the companies storing it. But how does the law currently protect that data from law enforcement? Do users maintain a reasonable expectation of privacy in the information they have uploaded to the cloud? And if so, can service providers’ terms of service affect users’ reasonable expectations of privacy? This Note answers those questions by examining the main legal protections relevant to data stored in the cloud: the Stored Communications Act and the Fourth Amendment. After analyzing these protections, this Note determines that data stored in the cloud may be protected by the Act. But more importantly, this Note analyzes the history of the third-party doctrine and determines that users do have a reasonable expectation of privacy in information stored in the cloud until the third-party doctrine is triggered. And this triggering can occur due to provider access pursuant to the terms of service.
In light of these findings, this Note concludes by suggesting that providers implement standard, scope, and notice provisions in their privacy policies or terms of service in order to enhance the protection of user privacy while also providing reasonable means for providers to secure and maintain their networks.