California’s New Electronic Communications Privacy Act

California’s New Electronic Communications Privacy Act

On October 8, 2015, Governor Jerry Brown signed the California Electronic Communications Privacy Act (“CalECPA”), which took effect on January 1, 2016.  While not the first digital privacy legislation in the United States, CalECPA has been hailed as a landmark victory for digital privacy.

The law bars any state enforcement agency from acquiring “electronic communication information” without first obtaining a warrant.  The bill defines “electronic communication information” broadly to include private user data such as emails, text messages, and documents stored in the cloud.   It further requires state enforcement agencies to acquire a warrant before searching or tracking the location of electronic devices.  CalECPA provides exceptions to its warrant requirement, such as consent by the owner of a device or an emergency involving “danger of death or serious physical injury,” which would allow the agency to obtain the warrant within three days of obtaining the data.  CalEPCA also imposes new limits on agencies’ ability to access and review digital information obtained by warrant.  For example, the warrants must require that all information “unrelated to the objective of the warrant” not be subject to further review, use or disclosure.

CalECPA is the most expansive legislation on digital privacy in the country.  CalECPA was endorsed by Silicon Valley tech giants like Apple, Google, Facebook, and Twitter, all of which agreed that California’s archaic digital privacy laws were leaving their users vulnerable to warrantless searches.  In an age where digital communications have increasingly replaced non-digital communications like written “snail mail,” lawmakers believed it was time to protect Californians from having their information searched without their knowledge or consent.  For example, according to bill authors Senators Mark Leno and Joel Anderson, in 2014 AT&T received over 64,000 demands for location information.  In Twitter’s transparency report of 2015, it revealed that it received 4,363 government data requests in the first half of 2015. 

Naturally, CalECPA has its opponents.  Some law enforcement agencies are concerned that it might hinder their ability to investigate child pornographers and other people who commit online crimes.

CalECPA’s advocates hope that a federal legislation of this kind will be passed soon.  The proposed federal update to the Electronic Communications Privacy Act, called the Email Privacy Act, has 300 sponsors in the House of Representatives, but it remains unclear whether it will pass in its proposed form.   A House version passed in April 2016, while the Senate version languishes in committee.  Whether or not Congress follows California’s lead this year, CalECPA may signal a nationwide trend towards more privacy in digital communications.

Natalie Bermudez

Natalie Bermudez is an associate with Brown White & Osborn LLP. She specializes in civil litigation in federal and state court.
Natalie Bermudez