On April 27, the House of Representative unanimously passed the Email Privacy Act.  As previously reported, the proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant.

However, while there is widespread support to require

In a unanimous vote, the House Judiciary Committee approved the Email Privacy Act, a long-awaited update to the 30-year-old Electronic Communications Privacy Act (ECPA).  The proposed changes would strengthen the privacy protections for email and other cloud-storage services by closing a loophole that allowed law enforcement to access older data without obtaining a warrant. 

In a decision issued last week that is being described by some as a “landmark,” Judge Koh of the Northern District of California denied a motion to dismiss a complaint filed against Google alleging that its Gmail service unlawfully intercepts the contents of emails sent by and to Gmail users.  The case involves Google’s longstanding practice of targeting ads in Gmail based on keywords in emails.  The plaintiffs claim that this practice violates the federal Wiretap Act and analogous state wiretapping and eavesdropping statutes. 

 The court denied Google’s motion to dismiss as to all but one of these claims.  Most notably, the court held that the plaintiffs’ claim under the Wiretap Act can proceed, rejecting Google’s arguments that its practice of scanning the contents of emails is authorized under exceptions in the Wiretap Act for interceptions that occur (1) in the “ordinary course of business” or (2) with the consent of at least one party to a communication. 


Continue Reading Court Denies Google’s Motion to Dismiss Gmail Wiretap Claims

A federal district court in Michigan recently held that the federal CAN-SPAM Act preempts Michigan’s anti-spam law.  Unlike the federal law, Michigan’s statute offers individuals who receive unsolicited commercial email, or “spam,” a private cause of action.  The decision, by Judge Janet T. Neff of the Western District of Michigan in Hafke v. Rossdale

By Elizabeth Katz

Twenty-five years after authoring the Electronic Communications Privacy Act (“ECPA”), Senator Patrick Leahy has introduced a bill, the ECPA Amendments Act of 2011 (S. 1011), that is intended to adapt the Act to the privacy and security challenges of the 21st Century.  The bill would amend Title II of ECPA, commonly called the “Stored Communications Act” or “SCA,” which regulates the disclosure to private parties and the U.S. government of electronic communications in storage with certain service providers.  Much of S. 1011 increases the requirements that the U.S. government must satisfy to compel disclosure of covered communications.

The bill was introduced amid a flurry of activity in the Senate related to privacy and data security.  Last week, the newly formed Senate Subcommittee on Privacy, Technology and the Law held a hearing on privacy in the mobile communications context (which also touched on ECPA reform), and the Senate Commerce Committee held a similar hearing today (its sixth hearing on consumer privacy in the past 13 months).

After the jump is a summary of S. 1011’s key provisions.


Continue Reading Senator Leahy Proposes Amendments to ECPA

Today, the Federal Trade Commission announced that it has accepted, subject to final approval, a consent agreement from Google that would resolve the Commission’s allegations that Google engaged in deceptive trade practices when it launched its “Buzz” social networking service in February 2010. The FTC’s complaint alleges, among other things, that the launch violated Google’s  privacy policy in

Yesterday, the U.S. Supreme Court refused to reconsider Shlahtichman v. 1-800 Contacts Inc., in which the U.S. Court of Appeals for the Seventh Circuit held that an email confirmation of an online purchase is not “electronically printed” for purposes of the Fair and Accurate Credit Transactions Act of 2003 (“FACTA”).  Among other restrictions

Following last year’s Supreme Court decision in Quon v. Arch Wireless, a case that Yaron Dori and I explored in an earlier E-Commerce Law Reports article, courts across the country have been struggling to balance employers’ right to monitor employees’ electronic communications against employees’ privacy rights.  The latest volley in this area is an opinion released last week by a California appellate court in the case of Holmes v. Petrovich Development Company, LLC.

In Petrovich, the California Court of Appeal confronted the question of what happens when an employee uses her business email system to seek legal advice.  The plaintiff in the case, Julie Holmes, claimed that her employer and coworkers reacted negatively to her announced plans to take maternity leave, and she used her work email to contact a lawyer about a lawsuit against the company.  When the employer obtained those emails and introduced them as evidence against Holmes in the lawsuit, Holmes claimed that they were protected by the attorney-client privilege.

The court disagreed, finding that Holmes’ employer had made clear to her that business emails were not private and that office computers would be monitored to ensure that they were used only for business purposes.  Because of this clear policy, the court concluded that Holmes’ emails were “akin to consulting her attorney in one of defendants’ conference rooms, in a loud voice, with the door open, yet unreasonably expecting that the conversation overheard by Petrovich would be privileged.”


Continue Reading No More Secrets? Employee Emails Not Protected by Attorney-Client Privilege