It is common language that they use, and I think it's highly problematic language. It's true that I used it, but there is a problem with relying on a reasonable expectation of privacy—which you actually see crop up very regularly in labour cases and other sorts of cases where they talk about what someone can reasonably expect. If there are privacy policies saying you shouldn't expect any sort of privacy, and if you have received clear notifications that they're going to collect all the information they can about you and will do absolutely everything they can to try to monetize it—they typically don't put it in that straightforward language, though that is essentially what they are often saying—then when you ask about what your reasonable expectation of privacy should be, the response is akin to the infamous Sun Microsystems' response, “You have no privacy. Get over it”. In that case, you have no reasonable expectation of privacy because you were told that you didn't have any, so get over it.
So in setting appropriate boundaries and standards and ensuring that we have effective tools to enforce those, we get away from the paradigm of saying, “You only get what you expect, and you shouldn't expect everything”, to saying “No, there are some minimum standards about what's appropriate and we have the tools to ensure that they're there and that they're going to be enforced”.