California is home to a large number of tech companies who face regularly requests for data on their customers from both state and federal law enforcement agencies. Twitter, for example, reported 273 requests for account information in California from January to June this year.
The bill, which would require a judge's approval for access to a person’s private information, including data from personal electronic devices, email, digital documents, text messages and location information, had been passed in June by the state senate and will now return there for concurrence before heading to state Governor Jerry Brown for approval.
The legislation also prohibits access to electronic device information by means of physical interaction or electronic communication with the device, except with the specific consent of the authorized possessor of the device, or through other relevant provisions such as a warrant or in an emergency.
If California Electronic Privacy Act (CalECPA, SB 178) is approved as law, California would join states like Texas, Virginia, Maine, and Utah that have updated their privacy laws to require judicial oversight, including a warrant, for access to sensitive digital information, state Senator Mark Leno, a co-author of the bill, and the American Civil Liberties Union of California said in their statements.
CalECPA is backed by a number of technology companies including Apple, Facebook, Google and Twitter. The bill is co-sponsored by the American Civil Liberties Union of California, Electronic Frontier Foundation and California Newspaper Publishers Association.
The legislation "would prohibit a government entity from compelling the production of or access to electronic communication information or electronic device information, as defined, without a search warrant, wiretap order, order for electronic reader records, or subpoena issued pursuant under specified conditions, except for emergency situations, as defined," according to the version of the bill considered by the assembly.
The bill provides for government entities to obtain information in an emergency "involving danger of death or serious physical injury to a person," that requires access to the electronic information without delay.
But the government agency will have to within three days after obtaining the information, file with the appropriate court an application for a warrant or order authorizing obtaining the electronic information or a motion seeking approval of the emergency measures. The court can order the destruction of the information if it is not convinced that there was an emergency.
Law enforcement agencies in California, including the Sheriffs Association, District Attorneys Association and Police Chiefs Association are neutral on the bill, according to some of the backers of the bill.
Leno tweeted on Tuesday that the legislation "strikes just the right balance to protect digital privacy, spur innovation, and safeguard public safety."
Three previous digital privacy bills, authored by Leno, which were introduced between 2011 and 2013, were vetoed by the governor. Since then, the U.S. Supreme Court has ruled in Riley v. California that law enforcement must obtain a warrant before accessing data on a person's mobile phone after an arrest.