The California Electronic Communications Privacy Act (“CalECPA”) was enacted several years ago to require government agencies to obtain a valid search warrant prior to requesting electronic information from service providers. These statutory protections can be enforced by business entities and individuals and extend to communication service providers which collect and store electronic information, including, but not limited to, emails, digital documents, pictures, videos, geolocation data, and Internet Protocol addresses.
This statute yields additional privacy protections when compared to the federal Electronic Communications Privacy Act which was passed as Public Law 99-508, Statute 1848, and codified under three separate titles. Title I, is referred to as the “Wiretap Act” and prohibits the unlawful interception of electronic communications. Title II, is referred to as the “Stored Communications Act” and protects content that is stored by service providers. Title III, is referred to as the “Pen Register Act” and addresses pen registers and trap-and-trace devices. It mandates government agencies to obtain a valid court order that authorizes the installation and use of pen register and trap and trace devices.
The CalECPA requires a valid search warrant in order to compel the production of or access to sensitive information such as emails that are stored on a computer server for more than 180 days, detailed geolocation, and sensitive metadata that is related to the consumer’s electronic communications. The statute does not allow government agencies to: (1) compel the production of or access to electronic communication information from a service provider; (2) compel the production of or access to electronic device information from any person or entity other than the authorized possessor of the device; or (3) access electronic device information through physical interaction or electronic communication with the electronic device unless it is voluntarily disclosed by the intended recipient.
Electronic communication information includes “any information about an electronic communication or the use of an electronic communication service” such as content and metadata – e.g., geolocation information and IP addresses. Also, “electronic device information” includes any information stored on or generated through the operation of an electronic device such as present and past device locations.
The CalECPA does not prohibit state law enforcement from utilizing administrative, grand jury, trial, or civil discovery subpoenas for the following reasons: (1) to require an originator, addressee, or intended recipient of an electronic communication to disclose any associated electronic communication information; (2) to require an entity that provides electronic communication services to its agents or representatives for carrying out their responsibilities; or (3) to require a service provider to submit subscriber information – e.g., name, address, telephone, email address, or IP address.
In short, government agencies can force the production of or access to electronic communication information from service providers (e.g., AT&T, Comcast, Verizon) or electronic device information from an individual other than the authorized possessor of the device only pursuant to the following: (1) search warrant, wiretap order, or electronic reader records order; or (2) a subpoena that is issued pursuant to existing state laws. It’s important to note that service providers (e.g., Facebook, Instagram, Twitter, Reddit) can voluntarily disclose protected information to state government officials. However, the electronic communication information must be destroyed within ninety days unless there is applicable exception. Finally, there is no private right of action (i.e., the right to file a legal action in court) against service providers for the disclosure of electronic information under this statute. So, in other words, officers, employees, representatives, or agents of the service providers cannot be sued for complying with this state law.
Our law firm assists clients in matters related to privacy and cybersecurity and the related state, federal, and international laws. Please contact our law firm to speak with an internet attorney at your earliest convenience.