Does Google Privacy Policy Compromise Attorney-Client Privilege?
During our interview with Ron Collins of Amicus Attorney, we got into an interesting discussion about Google's data policies and how they implicate A lawyer's duty of confidentiality and the attorney-client privilege. Many people are concerned that Google's sharing of information and scanning of email for advertising purposes constitutes a breach of confidentiality, a waiver of attorney-client privilege, or both.
It's an interesting question.
Google's privacy policy states that the company will not disclose "sensitive personal information" to third parties unless you opt-in. (There are rare times when they'll disclose sensitive information to the government.) Google does share non-personally identifiable information with third parties. It also shares information internally for purposes of "improving and providing" services.
In plain English, this means that your private emails to clients are not being advertised on the Internet, even though the Terms of Service state:
"[Y]ou give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones."
The TOS say that information can be used "publicly" to "promote" services. Yet, the Privacy Policy states that only "non-personally identifiable" information is disclosed to third parties. The two documents together govern Google's conduct, and your consent. This seems to mean that Google's public use of your data would be limited to non-sensitive data, such as your web searches or viewing habits, all stripped of your personal identity.
Duty of Confidentiality
Model Rule 1.6 governs lawyers' duty to preserve confidential information. The key provision for this discussion is 1.6(c), which states, "A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of ... information relating to the representation of a client."
The standard is not 100 percent protection or perfection. Google allows you to control some aspects of its data collection and sharing, links to which can be found in the privacy policy. As long the most restrictive settings are chosen, it is almost impossible to envision a scenario in which confidential information would leak and a duty would be breached.
Attorney-Client Privilege
You can't waive the privilege. Only the client can. So how would your use of Gmail or a Google App account constitute waiver?
The truly interesting question: Does a client's use of Gmail constitute a waiver, since the terms of service allow Google to access and use that information? Doesn't voluntary disclosure to a third party destroy the privilege? While Google only scans emails via robot, and not via human, the consent and disclosure of the information is what seems to matter - not what the third party does with it.
Related Resources:
- What Does it Take to Become a Glasshole? 50 Words and $1500 (FindLaw's Technologist)
- Instagram Asks Court to Dismiss Terms of Service Lawsuit (FindLaw's Technologist)
- DHS Still Okay With Warrantless, Suspicionless Searches at 'Border' (FindLaw's Technologist)