Why? I understand the subject is unpleasant but I don't see anything that remotely qualifies as legal over reach.
Users must sign a consent statement to a terms of services agreement. That is a voluntary action where users erode their own privacy protections and surrender their contributions. Anything that happens later is completely incidental and solely between the data owner (which is not the user) and the third party.
Irrelevant to the 4th amendment. A service's TOS does not absolve the government of its constitutional prohibition against unreasonable search and seizure. Buying data from a 3rd party service is still a search and seizure, much like paying a hitman is still first-degree murder. The question is whether it is reasonable.
Social media is not the third party once you surrender your data to them. You, the user/product, become the third party in any forthcoming transactions. The only legal challenge therein are details related to exposure of bulk PII which remain protected without regard for the fourth amendment by other laws.
This has been the case for decades. I remember before the internet publishers selling their users subscription and preference data to solicitors. People don’t gain new privacy protections where they never existed prior, especially if the absence of expectations is explicit and agreed upon by the user.
I’m confused. Aren’t we talking about the 4th amendment here? The implied “right to privacy” is only in relation to the government. To me, this means there is a categorical difference between random third parties buying data about you, and the government buying data about you.
No. The fourth amendment does not apply here. In US legal doctrine there is no right to privacy. The fourth amendment exists to provide a right against improper search and seizure.
Users must sign a consent statement to a terms of services agreement. That is a voluntary action where users erode their own privacy protections and surrender their contributions. Anything that happens later is completely incidental and solely between the data owner (which is not the user) and the third party.