California Adopts Landmark Digital Privacy Law

California Adopts Landmark Digital Privacy Law

California Governor Jerry Brown has signed into law the California Electronic Communications Privacy Act (CalECPA).  The law seeks to update the federal  Electronic Communications Privacy Act which was first enacted in 1986.

CalECPA was passed in response to law enforcement increasingly seeking user data from new technologies – often without a warrant.  As the ACLU’s Nicole Ozer explained in TechCrunch,

[t]he numbers are startling. Google has reported a 180 percent jump in law enforcement demands for consumer data in just the past five years. Last year AT&T received more than 263,000 demands,Verizon reported that only one-third of its requests had a warrant, and Twitter and Tumblr received more demands from agencies in California than any other state.

This lead the tech industry and public interest groups pushed for California to update privacy protections. Adobe explained in a blog post following passage of the law that the law will help the tech sector in the long run.

Adobe believes that customer data stored online deserves the same protections as data stored at home or at work, and that full Fourth Amendment protections are essential to consumers trusting that their information is safe. Without trust, cloud computing can never realize its full potential.

Ozer noted that

[w]hile other states, such as Colorado, Maine, Texas and Utah, provide updated protections for electronic information, California’s law has the biggest impact not only because of its size but because of the prevalence of tech companies based in the state.

Under the new law, law enforcement will need to obtain a warrant to obtain a person’s electronic data (with exceptions for emergency situations).  Senator Mark Leno’s summary of the law is below.

Tech leaders continue to push for Congress to update the ECPA.