For more than four decades, the third-party doctrine was understood as a bright-line, categorical rule: there is no legitimate privacy interest in any data that is voluntarily disclosed or conveyed to a third party. But this simple rule has dramatic effects in a world of ubiquitous networked computing, mobile technologies, and the commodification of information. The digital devices that facilitate our daily participation in modern society are connected through automated infrastructures that are designed to generate vast quantities of data, nearly all of which is captured, utilized, and stored by third-party service providers. Under a plain reading of the third-party doctrine, the substantial majority of that data receives no Fourth Amendment protection—no matter how sensitive or revealing

It is generally agreed that the balance struck in the third-party doctrine is no longer reasonable, as it fails to account for the far greater degree of privacy intrusion occasioned by warrantless government access to all of this personal data. Acknowledging that current approaches fail to adequately account for rapid advancements in information technology and analytics, the Supreme Court has responded in several recent cases by creating specific, narrow exceptions to the third-party doctrine for certain devices and data. But in the absence of a more generalized and coherent approach, lower courts have struggled to understand and apply these cases to other technologies and types of data, leading to uneven and often contradictory results.

This Article provides a new analytical framework for adapting the third-party doctrine to the new information environment. Drawing on the Court’s recent decisions, the Article advances a three-step approach for the development of workable, bright-line rules governing the search and seizure of different categories of data. It identifies both guiding principles and competing interests, as well as the specific factors to be considered in assessing the legitimacy and relative strength of those interests. It then explains the relationship between these factors and their role in the balancing process that produces appropriate and workable rules. The goal is to provide a consistent, practical framework to be applied more generally across the different categories of data generated by digital technologies and services.