Do You Own Your Data? Third-Party Doctrine Says No

Your data is yours, right? It seems like a simple question, but thanks to a little-known loophole in federal law, US regulators are can access your private data without a warrant as long as it’s being stored by a third party. The so-called “third-party doctrine” could be reconsidered in a case currently before the Supreme Court.

The case, Harper Vs. O’Donnell, pits Coinbase customer James Harper against the head of the Internal Revenue Service, Douglas O’Donnell. The case stretches back to 2016, when the IRS conducted a dragnet by demanding Coinbase hand over transaction records for more than 14,000 customers of the cryptocurrency trading platform.

Harper received a letter from the IRS warning that he had under reported his crypto income, a charge that Harper denied. But more importantly, Harper learned that the IRS had access to his transaction logs, his wallet addresses, and public keys–all without obtaining a court warrant. Harper’s lawyers argued that his constitutional protections–namely, the Fourth Amendment, which protects against unreasonable searches and seizures–had been violated by the IRS.

Lower courts repeatedly deined Harper’s claim, citing the third-party doctrine, which stems from a pair of Supreme Court cases in the 1970s. The Supreme Court ruled that “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” The First Circuit Court of Appeals ruled that Harpe’s records are owned by Coinbase, and thus fall within the third-party exception to the Fourth Amendment.

(Mike Flippo/Shutterstock)

The third-party doctrine may have made sense in the late 1970s, when most Americans had a little in the way of a digital footprint. However, in the year 2025, the vast majority of Americans have a substantial digital footprint. Harper’s lawyer argue that he should have “a reasonable expectation of privacy in financial records.” What’s more, they argue that if cellphone location tracking, or CSLI, data is partially protected–as the Supreme Court decided with the Carpenter Vs. United States case about seven years ago–then detailed financial records should have at least as much protection from warrantless searches.

Civil rights groups are taking notice of the case. The Cato Institute has filed an amicus brief with the Supreme Court on behalf of Harper, stating that the third-party doctrine poses a threat to the privacy rights of Americans. “The government has relied on the third-party doctrine to circumvent the warrant requirement and obtain Americans’ most sensitive records, including emails, Google search histories, financial records, and location histories,” the Cato Institute states. “Without judicial enforcement of Fourth Amendment protections, secretive and suspicionless digital record collection will become a routine tool of government regulation and control.”

The New Civil Liberties Alliance has also weighed in on Harper vs. O’Donnell. “The Supreme Court should take the opportunity to fix the third-party doctrine, which the government has relied on to strip away the Fourth Amendment rights of millions of Americans who share data, such as internet browsing histories and medical records, with third-party companies,” the group stated in February. “Digital records are a modern-day individual’s ‘papers’ and ‘effects’ that the Fourth Amendment explicitly safeguards against government’s prying eyes.”

Patchwork of Data Privacy Laws Sows Confusion

Data Privacy in the Crosshairs

The post Do You Own Your Data? Third-Party Doctrine Says No appeared first on BigDATAwire.