A Ruling That Eliminates Important Privacy Rights in Many Stored Internet Contents—And The Legal Challenge to It

18 U.S.C. § 2702, part of the Stored Communications Act, is one of those laws that you rely on every day but you have probably never heard of before.  The law blocks Internet communications and storage providers from disclosing the contents of your online accounts.  Think about the really private stuff you store online, like your emails, photos, text messages, and other communications.  Section 2702 is basically the Internet's privacy wall for all of those stored contents. Unless an explicit exception to the statute applies, such as the government coming with a warrant, your provider is not allowed to share your private account contents with others.

Or so everyone has thought.

On July 23, 2024, the California Court of Appeal handed down a surprising ruling in Snap, Inc. v. Superior Court (Pina), holding that the SCA does not apply to most remotely-stored online messages. The court interpreted the law's privacy bar to not apply if providers have a right of access to customer data for their own business purposes. In the court's view, the § 2702 disclosure bar can only apply if the companies have no right of access to user accounts beyond the access required for providing storage and processing. The court then applied that standard to the contents at issue in the case—a Facebook account, an Instagram account, and a Snapchat account—to hold that § 2702(a) does not bar their disclosure.

The case arose in a criminal prosecution, in which the defendant is trying to compel companies to turn over user messages from the victim's accounts. The defendant, Adrian Pina, is accused of murdering his brother Samuel.  Samuel purportedly had accounts with Instagram, Snapchat, and potentially other providers.  To help prepare his defense, the defendant wants the contents of his brother's accounts.  To that end, his counsel served subpoenas on Snap (which operates Snapchat) and Meta (which operates Facebook and Instagram) seeking disclosure of account contents.

Snap and Meta declined to produce account contents, however, invoking the privacy bar imposed by § 2702.  According to Snap and Meta, the privacy wall of § 2702 applies and protects their users' messages and account contents.  That's where the new ruling comes in: The Court of Appeal rejected the arguments of Snap and Meta, ordering them to comply with the subpoenas on the ground that the § 2702 privacy wall does not apply to Instagram accounts or Snapchat accounts—and perhaps lots of other kinds of accounts.

This is, I hope, not the end of the story.

I have joined the legal team representing Snap.  We have filed this Petition for Review asking the Supreme Court of California to review the Court of Appeal's decision and to reject its reasoning.  We hope that the Court will restore the proper role of § 2702 in protecting the privacy of everyone's online accounts.  Meta has also filed a Petition for Review, which you can read here.

I don't plan to blog about this case again, given my role as counsel for Snap.  But I did want to flag the case for interested readers.