Consumer products increasingly record the content of user communications without regard to whether the recorded individual is the primary user—the purchaser of the product—or the secondary user—an individual who uses the product but is not the purchaser. The distinction between primary and secondary users proves significant when considering the enforceability of the product’s privacy policy, which purports to establish user consent to the collection of communications content but is only agreed to by the primary user, and protections available under federal and state statutes, many of which prohibit the recording of communications content without consent, and may thus benefit secondary users. This Note analyzes several privacy policies accompanying communications-capturing technologies as well as state eavesdropping laws and the Electronic Communications Privacy Act to demonstrate that the current consumer privacy regime does not adequately protect secondary users of communications-capturing technologies.
In designing protections for secondary users, this Note argues against requiring companies to provide front-end protection through notice of their privacy policies. Instead, this Note proposes a framework for incentivizing communications-capturing technology producers to distinguish between primary and secondary user data use on the back end.