You agreed to terms of service that gave the data to them. That would be a good canary case though, have a bank provide the same terms of service for their physical lock boxes, and see if that gets struck down, despite the TOS. If so, you have a case to annul the digital TOS as wel.

> if I upload something to the cloud it is considered the cloud provider's data

Is it? The cloud stores your data but the provider does not own your pictures or your PhD paper just because you uploaded them there. Any example of an EULA where a cloud provider assumes ownership of all data? Or you're thinking of situations like Facebook who I believe (may be wrong or misremembering) has this in their EULA - content uploaded become theirs.

On the other end of the spectrum as long as they don't know what's there (encryption?) it can't hurt them in the eyes of the law. If they can see what's there then authorities can still force them to act (identify the owner, remove the data, etc.).

> The cloud stores your data but the provider does not own your pictures or your PhD paper just because you uploaded them there.

I would assume that a bank does not regularly go rifling through the contents of everyone's safety deposit boxes and reporting items they believe are incriminating the way a cloud provider does.

https://www.nytimes.com/2022/08/21/technology/google-surveil...

Well, kind of.

Safe deposit boxes are still subject to AML regulations. Banks are required by law to snoop around on their customers and to try to determine if the deposit boxes are being used for money laundering. Banks do regularly rifle through customer records to build profiles about what they think their customers are doing. Federal AML regulations require it!

Regulations or the threat of potential regulations are behind pretty much all of these types of privacy invasions. No one is claiming to own your data, money, or possessions -- but there will be scrutiny in all cases due to the law.

This is why banks don't let random unknown people open safe deposit boxes. They're required to profile their customers.

They do not specifically require a bank to snoop in the contents of a safety deposit box. What I believe they require is that the bank snoop on the customer in general as part of KYC. My understanding is that because of this, banks typically only offer a deposit box for established customers with a meaningful transaction history with the bank.

Your response isn't really connected to the paragraph you quoted from my comment. My second paragraph explains why the situation is how it is.

But it is undisputed that neither the cloud provider nor the bank own what you put in there so I'm not sure why you'd hook into that point.

The rifling through your things is a strawman in this context. Both parties can and will do it if the law asks for it. It's logistically more complicated for a bank to do it for thousands of boxes but on the other hand all that stands between the bank and the content is one door they can easily unlock. It's far easier for a cloud provider to rifle through every account but on the other hand between them and the data there may be some practically unbreakable defense (encryption). Which is why Apple can get out of a search warrant while a bank cannot.

Physical items have ownership. If you store an item to a safety deposit box you are still owner of the item.

Data in general do not have ownership (there are some special cases like copyrightable data or personal data, where exclusive rights equivalent to ownership exist). So anyone who have lawful access to data can use them (unless there is some contractual restriction). So if you upload some general data to the cloud, your and cloud provider's relationship to the data is the same.