The Third-Party Privacy Problem
You stand on a city street corner, and a driverless robotaxi crosses the road in front of you. To operate safely, the robotaxi identifies you as a person, tracks your movements, determines your relative location, and stores data about you. What are your privacy interests in these data?
This Article examines the “third-party privacy problem”—a phenomenon where technologies collect personal data from individuals who are neither users nor direct participants in a service. This concept merits further definition and exploration, especially as technologies like artificial intelligence systems process more data from more people. The one-to-one relationship at the heart of most privacy laws fails to capture all the privacy interests of third parties.
This Article explores the third-party privacy problem in the frame of European Union (“EU”) law, using data collected by vehicles’ externally facing sensors as a case study. The EU’s privacy and AI laws are among the most comprehensive in the world. If third parties’ privacy interests can be recognized and protected in the EU, it indicates that privacy and AI laws can work together to protect third-party data privacy. The Article finds these protections lacking and calls into question the role of privacy and AI law in safeguarding third parties.
PDF: https://journals.law.unc.edu/ncjolt/wp-content/uploads/sites/4/2026/04/Third-Party-Privacy-Problem-Final_V2.pdf
Author: David Sella-Villa
Volume 27, Issue 3