Bill Text

Bill Information


Add To My Favorites | print page

SB-1822 Privacy: online communications.(2003-2004)

SHARE THIS: share this bill in Facebook share this bill in Twitter
SB1822:v94#DOCUMENT

Amended  IN  Senate  April 20, 2004
Amended  IN  Senate  May 03, 2004
Amended  IN  Senate  May 25, 2004
Amended  IN  Assembly  June 24, 2004
Amended  IN  Assembly  July 23, 2004

CALIFORNIA LEGISLATURE— 2003–2004 REGULAR SESSION

Senate Bill
No. 1822

Introduced  by  Senator Figueroa
 (Coauthor(s): Senator Romero)
 (Coauthor(s): Assembly Member Jackson, Koretz)

February 20, 2004

An act to add Title 1.81.15 (commencing with Section 1798.88) to Part 4 of Division 3 of the Civil Code, relating to privacy, and declaring the urgency thereof, to take effect immediately.


LEGISLATIVE COUNSEL'S DIGEST


SB 1822, as amended, Figueroa. Privacy: online communications.
Existing law protects the privacy of personal information, including customer records and social security numbers. Existing law prohibits a person or entity located in California from initiating or advertising in unsolicited commercial e-mail advertisements, as defined, and prohibits a person or entity not located in California from initiating or advertising in unsolicited commercial e-mail advertisements sent to a California e-mail address.
This bill would allow a provider of e-mail or instant messaging services to review, examine, or evaluate the content of a customer’s e-mail or instant messages only if the review is for the automated and contemporaneous display of an advertisement to the user and other specified conditions are satisfied. The bill would provide that its provisions do not prevent a provider of e-mail or instant messaging services from evaluating the contents of e-mail or instant messages for specified purposes, including the removal of malicious programs. The bill would specify that its provisions do not imply consent to the examination of e-mail or instant messages if consent is otherwise required prohibit, under specified circumstances, a provider of an electronic mail or instant messaging service from knowingly divulging or deriving personally identifiable information, user characteristics, or content of an electronic mail or instant message while the electronic mail or instant message is being electronically stored by the provider. The bill would permit a provider to derive content from an electronic mail or instant message being electronically stored by the provider for the provider’s marketing purposes if specified conditions are met. The bill would require a provider of electronic mail or instant messages to delete an electronic communication when the customer has indicated he or she wants the communication deleted. The bill would specify that its provisions do not imply the consent of any party where the consent of the party would otherwise be required. The bill would also make a statement of Legislative findings regarding privacy of electronic mail and would provide that its provisions are severable.
The bill would declare that it is to take effect immediately as an urgency statute.
Vote: 2/3   Appropriation: NO   Fiscal Committee: NO   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 The Legislature finds and declares as follows:
(a) In today’s world of advanced communications technology, privacy is a major concern of consumers and of the Legislature.
(b) A key component of privacy is the trust consumers have in service providers who make promises to their customers and the public concerning the manner in which intimate and confidential data will be treated.
(c) There are currently widespread operational and legitimate electronic mail technologies and practices that scan incoming messages for appropriate and useful purposes including, but not limited to, the following:
(1) Spam filters.
(2) Translation of content into audio for the blind.
(3) Automatic sorting and forwarding.
(4) Blocking image advertisements and Internet Web bugs.
(5) Stripping hypertext markup language from incoming messages for transmission to hand-held devices.
(6) Virus scanning.

(d)In the context of electronic mail and instant messaging communications where electronic mail is scanned for purposes other than those listed in subdivision (c), full and informed consent or notification of parties to the electronic mail communication is both appropriate and necessary.

(d) California consumers deserve, and businesses want to assure, that the content and substance of electronic mail and instant messages will remain private and secure and will never be used improperly as a source of personal profiles on consumers.

SEC. 2.

 Title 1.81.15 (commencing with Section 1798.88) is added to Part 4 of Division 3 of the Civil Code, to read:

TITLE 1.81.15. PRIVACY OF ONLINE COMMUNICATIONS

1798.88.
 For the purpose of this title:

(a)“Deletes an electronic communication” means ____.

(b)“Electronic mail” or “e-mail” means an electronic message that is sent to an e-mail address and transmitted between two or more telecommunications devices, computers, or electronic devices capable of receiving electronic messages, whether or not the message is converted to hard copy format after receipt or is viewed upon transmission or stored for later retrieval. “Electronic mail” or “e-mail” includes electronic messages that are transmitted through a local, regional, or global computer network.

(c)“Instant messaging service” means a service that alerts a person when another person is online and allows them to communicate with each other in current time in private, online areas.

(d)“Provider of electronic mail or instant messaging service” means any person, including an Internet service provider, that is an intermediary in sending or receiving electronic mail or instant messages or that provides to users of the electronic mail or instant messaging service the ability to send or receive electronic mail or instant messages.

(e)“Spam” means an unsolicited commercial e-mail advertisement sent to a recipient who meets both of the following criteria:

(1)The recipient has not provided direct consent to receive advertisements from the advertiser.

(2)The recipient does not have a preexisting or current business relationship with the advertiser promoting the lease, sale, rental, gift offer, or other disposition of any property, goods, services, or extension of credit.

1798.88.1.(a)“Provider of electronic mail or instant messaging service” does not include a business’ provision of electronic mail or instant message services to its own employees, agents, and contractors for use in the operation of the business.

(b)A provider of electronic mail or instant messaging service may review, examine, or otherwise evaluate the content of a customer’s incoming, outgoing, or stored e-mail or instant messages only if the review is for the automated and contemporaneous display of an advertisement to the user while the user is viewing the e-mail or instant message and all of the following conditions are satisfied:

(1)The provider does not retain for any purpose, personally identifiable information or user characteristics obtained, derived, or inferred from the review, examination, or other evaluation of e-mail or instant messages, including, but not limited to, personally identifiable information or user characteristics derived from the contents of any e-mail or instant message, in whole or in part.

(2)The provider does not permit an employee or other natural person to have access to the information, except as described in subdivision (d).

(3)The provider does not transfer the information to third parties for any purpose, except as described in subdivision (d).

(4)The provider deletes an electronic communication no more than ____ days after the customer has indicated that he or she desires that communication be deleted in such a way that the communication is no longer obtainable in any retrievable format.

(c)This section does not prevent a provider of electronic mail or instant messaging service to California customers from reviewing, examining, or otherwise evaluating the contents of e-mail or instant messages for the purposes of maintaining e-mail or instant messaging accounts, including, but not limited to, identifying, filtering, or removing spam, computer viruses, or other malicious programs, providing search, address book, calendar, and other user initiated functions, customer support, or complying with valid legal process or statutory authority.

(d)Nothing in this section concerning the review, examination, or evaluation of e-mail or instant messages shall imply the consent of any party to that procedure where the consent of a party would otherwise be required.

SEC. 3.
(a) “Content” means any information regarding the substance, purport, or meaning of an electronic mail or instant message.
(b) “Customer” means the authorized subscriber or user of an electronic mail or instant message service or any other user with apparent authority to use the service.
(c) “Deletes an electronic communication” means to take reasonable technical measures to ensure the electronic mail is inaccessible and unretrievable in the normal course of business.
(d) “Derive” means to deduce or infer personally identifiable information, user characteristics, or content of an electronic mail or instant message.
(e) “Divulge” means to make personally identifiable information, user characteristics, or content of an electronic mail or instant message known to a person other than the addressee or intended recipient of the electronic mail or instant message.
(f) “Electronic mail” or “e-mail” means an electronic message that is sent to an e-mail address and transmitted between two or more telecommunications devices, computers, or electronic devices capable of receiving electronic messages, whether or not the message is converted to hard copy format after receipt or is viewed upon transmission or stored for later retrieval. “Electronic mail” or “e-mail” includes electronic messages that are transmitted through a local, regional, or global computer network. “Electronic mail” includes the subject line, the sender name, address, one or more recipient names, and text, including linked information and attachments.
(g) “Electronic mail or instant message service” means sending or receiving electronic mail or instant messages or providing to users of the electronic mail or instant messaging service the ability to send or receive electronic mail or instant messages, and includes identifying, filtering, or removing spam, computer viruses, or other malicious programs, and nothing in this title shall be construed to render illegal identifying, filtering, or removing spam, computer viruses, or other malicious programs.
(h) “Electronically stored” means both of the following:
(1) Any temporary, intermediate, or permanent storage of an electronic mail or instant message incidental to the transmission thereof.
(2) Any storage of that communication by a provider for purposes of backup protection of the communication.
(i) “Instant message” is any message provided by an instant messaging service.
(j) “Intended recipient” does not mean a provider of electronic mail or instant message services, unless the provider is an addressee of an instant message or electronic mail.
(k) “Lawful consent” means affirmative consent where the provider has clearly disclosed to the customer the type of information to be derived or divulged and the uses to which the information will be put.
(l) “Personally identifiable information” means any information that when it is disclosed identifies, describes, or is able to be associated with an individual and includes electronic mail address and IP address.
(m) “Provider of electronic mail or instant messaging service” means any person, including an Internet service provider and a provider of remote computing services, that is an intermediary in sending or receiving electronic mail or instant messages or that provides to users of the electronic mail or instant messaging service the ability to send or receive electronic mail or instant messages. “Provider of electronic mail or instant messaging service” does not include a person’s provision of electronic mail or instant message services to its own employees, agents, and contractors for use in its operations.
(n) “Provider’s marketing purposes” means any of the following:
(1) For the purpose of soliciting or inducing for consideration the purchase, rental, lease or exchange of products, goods, property, or services offered by the provider or any subsidiary, affiliated or related company or person of the provider.
(2) For the purposes of soliciting or inducing for consideration the purchase, rental, lease, or exchange of products, goods, property, or services offered by a person other than the provider.
(3) For the purposes of obtaining information to seek commercial advantage for the provider or any subsidiary, affiliated or related company or person of the provider.
(4) For the purposes of inducing the provider for consideration to divulge to another person personally identifiable information, user characteristics, or content or meaning derived from electronic mail or instant messages.
(o) “Spam” means an unsolicited commercial e-mail advertisement sent to a recipient who meets both of the following criteria:
(1) The recipient has not provided direct consent to receive advertisements from the advertiser.
(2) The recipient does not have a preexisting or current business relationship with the advertiser promoting the lease, sale, rental, gift offer, or other disposition of any property, goods, services, or extension of credit.

1798.88.1.
 (a) Except as provided in subdivision (c), a provider of an electronic mail or instant messaging service shall not knowingly divulge to any person or entity, including the provider itself, personally identifiable information, user characteristics, or content of an electronic mail or instant message while the electronic mail or instant message is being electronically stored by the provider.
(b) A provider shall not divulge to any person or entity, including the provider itself, personally identifiable information, user characteristics, or content of an electronic mail or instant message for the provider’s marketing purposes while the electronic mail or instant message is being electronically stored by the provider without the lawful consent of the author of the electronic mail or instant message to be divulged. This subdivision does not prevent a provider from divulging for marketing purposes aggregated data that demonstrates the number of instances customers have viewed or linked to an advertisement.
(c) Other than for the provider’s marketing purposes, a provider may divulge personally identifiable information, user characteristics, or the contents of an electronic mail or instant message being electronically stored by the provider pursuant to any of the following:
(1) To an addressee or intended recipient of the electronic mail or instant message or an agent of the addressee or intended recipient.
(2) With the lawful consent of the customer, addressee, or intended recipient or an agent of the addressee or intended recipient of the electronic mail or instant message.
(3) To a person employed or authorized by the provider where divulging the personally identifiable information, user characteristics, or contents is necessarily incident to the rendition of the electronic mail or instant message service.
(4) As may be otherwise necessarily incident to the rendition of the electronic mail or instant message service or to the protection of the rights or property of the provider of that service.
(5) To a law enforcement agency to comply with valid legal process.

1798.88.2.
 (a) Except as provided in subdivision (c), a provider of an electronic mail or instant messaging service shall not knowingly derive from electronically stored electronic mails or instant messages personally identifiable information, user characteristics, or content from electronic mails or instant messages.
(b) (1) A provider shall not derive personally identifiable information or user characteristics from electronic mail or instant message being electronically stored by the provider for the provider’s marketing purposes.
(2) A provider shall not derive content from an electronic mail or instant message being electronically stored by the provider for the provider’s marketing purposes unless all of the following are true:
(A) The derivation is automated.
(B) The derivation does not associate the contents of an electronic mail or instant message with personally identifiable information or user characteristics.
(C) What is derived is not divulged to any person, including the provider.
(D) The derivation is with the lawful consent of the customer.
(E) What is derived is not retained by the provider or any other person.
(3) This subdivision does not prevent a provider from deriving for marketing purposes aggregated data that demonstrates the number of instances customers have viewed or linked to an advertisement.
(c) Other than for a provider’s marketing purposes, a provider may derive and retain personally identifiable information, user characteristics, or the contents of an electronic mail or instant message for the purposes of divulging the information pursuant to any of the following:
(1) To an addressee or intended recipient of the electronic mail or instant message or an agent of the addressee or intended recipient.
(2) With the lawful consent of the customer, addressee, or intended recipient of the communication or an agent of the addressee or intended recipient.
(3) To a person employed or authorized by the provider where divulging the information is necessarily incident to the rendition of the electronic mail or instant message service.
(4) As may be otherwise necessarily incident to the rendition of the electronic mail or instant message service or to the protection of the rights or property of the provider of that service.
(5) To a law enforcement agency to comply with valid legal process.

1798.88.3.
 (a) No provider of electronic mail or instant messaging services may permit an employee or other natural person to have access to personally identifiable information, user characteristics, or the content in electronic mails or instant messages derived from electronic mails or instant messages, except as permitted by Sections 1798.88.1 and 1798.88.2.
(b) A provider of electronic mail or instant messages shall delete an electronic communication when the customer has indicated he or she wants the communication deleted.

SEC. 3.

 Nothing in this act shall imply the consent of any party where the consent of the party would otherwise be required.

SEC. 4.

 The provisions of this title are severable. If any provision of this title or its application is held invalid, that invalidity shall not affect other provisions or applications that can be given effect without the invalid provision or application.

SEC. 5.

 This act is an urgency statute necessary for the immediate preservation of the public peace, health, or safety within the meaning of Article IV of the Constitution and shall go into immediate effect. The facts constituting the necessity are:
In order to ensure privacy with regard to the impending introduction of new technology that permits the scanning of e-mail content for advertising purposes, it is necessary that this act take effect immediately.