There's something of a buzz in the blawgs about a recent decision from the California Northern District Court in which the court ordered Google to close the email account of a non-party. According to Online Daily Media, in Rocky Mountain Bank -v- Google, Inc. the bank explained that it had sent a file containing a wealth of sensitive information about clients by email to the wrong Gmail address. The bank tried to contact the addressee but received no response. It then got in touch with Google, which said that it would reveal the account information for the addressee if a court so ordered. The court not only so ordered but also told Google, at the bank's request, to shut down the addressee's account.
I've been unable to find a copy of the judgment online, but Justia has basic information about the filing.
Much of the upset about the decision is based on a supposed infringement of the addressee's right under the U.S. constitution to free speech resulting from the cancellation of his Gmail account, although commentators have also doubted the validity of this argument.
It does, of course, seem unfair: you wake up one morning, all innocent in deed and word, and — poof! — your Gmail account is gone. It's certainly given me pause: I only recently moved my whole email operation to Gmail, which may have been a mistake. I reckon that whatever might be the contract (I use the term loosely) between me and Google, it's bound to say in so many words that they've got permission to shut me down for no reason at all.
So… two lessons, perhaps: 1). stay well away from the Rocky Mountain Bank; 2). keep worrying about laying up treasure in the cloud.
I was working on a draft on this for tomorrow, but glad you got to it first.
The order can be found here.
First, whether or not Google's terms of use claim that they can deprive someone of their account at any time for any reason, it seems pretty clear that this would be an illusory contract. It seems that this clause should be void, particularly if Google is affirmatively trying to switch to their platform.
Second, it seems that the third party should have some claim against the bank. The bank's own negligence is to blame and his (her?) account had to be closed as a consequence.
Simon's conclusion is entirely justified: be very wary of putting valuable data in the cloud. There was a fascinating panel at the ABA meeting this summer on legal ethics in cyberspace, in which one panelist compared the advertising of 'cloud' sites (including Google) with their actual terms of service. It turns out that clouds are formed with a considerable amount of puffery…. A number of groups are studying legal issues in cloud computing too.
Surely it should be possible for Google to provide to the account holder all the content of his account except that identified by the bank as mistakenly sent. Depending on the use made of the account (which may be minimal, if the person did not respond to the requests sent to him about the mistake), a restoration of the content should minimize the damages. In principle, though, I agree with James that the bank should be liable for the losses suffered by the account holder – regardless whether Google's terms of service 'permit' its move (which might or might not withstand a judicial order anyway.)
I meant in the previous comment a restoration of content to a different Google email address, if the first account is closed by court order. Since the email account is free, the damages would be limited to lost correspondence caused by the change of address. Could a mail rerouter solve that problem without recreating the risks that the bank was seeking to avoid?
Seems that the parties have since obtained court approval [PDF] to let Google re-institute the recipient's account now that the sensitive material has been contained.