BILL ANALYSIS �Ó
AB 691
Page 1
ASSEMBLY THIRD READING
AB
691 (Calderon)
As Amended April 30, 2015
Majority vote
--------------------------------------------------------------------
|Committee |Votes |Ayes |Noes |
|----------------+------+--------------------+-----------------------|
|Judiciary |10-0 |Mark Stone, Wagner, | |
| | |Alejo, Chau, Chiu, | |
| | |Gallagher, Cristina | |
| | |Garcia, Holden, | |
| | |Maienschein, | |
| | |O'Donnell | |
| | | | |
|----------------+------+--------------------+-----------------------|
|Privacy |11-0 |Gatto, Wilk, Baker, | |
| | |Calderon, Chang, | |
| | |Chau, Cooper, | |
| | |Dababneh, Dahle, | |
| | |Gordon, Low | |
| | | | |
| | | | |
--------------------------------------------------------------------
SUMMARY: Establishes the Privacy Expectation Afterlife and
Choices Act (Act) to provide a judicial framework for the
disclosure of electronic information from a communication service
provider, as defined, to the executor or administrator of the
estate of a deceased user of the service for the purpose of
�
AB 691
Page 2
administering the estate. Specifically, this bill:
1)Authorizes a probate court that has jurisdiction of a deceased
user's estate to order an electronic communication service or
remote computing service (provider) to disclose certain types of
information pertaining to the account of the deceased user that
is stored with the provider, if the court makes all findings of
fact specified to enable the disclosure of that type of
information.
2)With respect to a record of communications or other information
pertaining to a deceased user's account, but not the contents of
communications or stored contents, (hereafter "record" or
"catalog of communications"), the probate court must find all of
the following facts:
a) The user is deceased.
b) The deceased user was the subscriber to or customer of the
provider.
c) The account belonging to the deceased user has been
identified with specificity, including a unique identifier
assigned by the provider.
d) There are no other owners of, or persons or entities who
have registered with the provider with respect to, the
deceased user's account.
e) Disclosure is not in violation of another applicable
federal or state law.
�
AB 691
Page 3
f) The request for disclosure is narrowly tailored to the
purpose of administering the estate.
g) The executor or administrator demonstrates a good faith
belief that the information requested is relevant to resolve
issues regarding assets or liabilities of the estate.
h) The request seeks information spanning no more than 18
months prior to the date of death, or the requester has made
a request for information that specifically requests data
older than 18 months prior to the date of death.
i) The request is not in conflict with the deceased user's
will or other written, electronic, or oral expression of the
deceased user's intent regarding access to or disposition of
information contained in or regarding the user's account.
3)With respect to the contents of communications or stored
contents (contents), the probate court must find all of the
following facts:
a) The findings required by 2a) through 2h) above; and
b) The will of the decedent, or a choice made by the deceased
user within the product or service or otherwise regarding how
the user's contents can be treated after a set period of
inactivity after the user's death, or other event evidences
the decedent's express consent to the disclosure of the
requested contents.
4)Clarifies that the court must make all of the above findings of
�
AB 691
Page 4
facts based upon a sworn declaration of the personal
representative, or based upon other admissible evidence.
5)Requires a provider to disclose to the executor or administrator
of the estate the contents of the deceased user's account, to
the extent reasonably available, only if the executor or
administrator gives the provider all of the following:
a) A written request for the contents of the deceased user's
account.
b) A copy of the death certificate of the deceased user.
c) An order of the probate court with jurisdiction over the
estate of the deceased that includes all of the findings
required for disclosure of contents of communications or
stored contents. (see 3) above)
d) An order that the estate shall first indemnify the
provider from any and all liability in complying with the
order.
6)Prohibits a provider from being compelled to disclose a record
or the contents of communications if any of the following apply:
a) The deceased user expressed an intent to disallow
disclosure through either deletion of the records or contents
during the user's lifetime, or an affirmative indication,
through a setting within the product or service, of how the
user's records or the content of communications can be
treated after a set period of inactivity or other event.
�
AB 691
Page 5
b) The provider is aware of any indication of lawful access
to the account after the date of the deceased user's death or
that the account is not that of the deceased user.
c) Disclosure would violate other applicable law, including,
but not limited to, electronic communications privacy
provisions or copyright law.
7)Provides that a provider served with an order compelling
disclosure of deceased user records or contents may make a
motion to quash or modify the order within a reasonable time
after receiving the order, in which case the court shall do any
of the following:
a) Modify the order to the extent that the court finds that
compliance with the order would cause an undue burden on the
provider, or quash the order if the court finds that the
order cannot be modified so as to avoid the undue burden.
Further clarifies that a cost that the requester offers to
pay shall not be considered when a court is making a
determination whether a request constitutes an undue burden.
b) Quash the order if any of the applicable required findings
of fact 2) and 3), above) are not met.
c) Quash the order if the court finds, based upon the
preponderance of the evidence submitted by the provider or
any other person, that any of the circumstances set forth in
6) (above) apply.
8)Allows a provider to require the requester to pay the direct
costs of producing a copy of the record or other information
pertaining to the account of the deceased, when those records
are not already available for production during the ordinary
�
AB 691
Page 6
course of business.
9)Provides that disclosure of the contents of the deceased user's
account to the executor or administrator of the estate shall be
subject to the same license, restrictions, terms of service, and
legal obligations, including copyright law, that applied to the
deceased user.
10)Protects a provider from liability for good faith compliance
with a court order issued pursuant to the Act.
FISCAL EFFECT: None
COMMENTS: This bill, introduced at the request of the Internet
Association and TechNet, seeks to provide a clear legal framework
to help probate courts resolve questions about how to balance
competing privacy and estate administration concerns when a
decedent's estate representative seeks information or records
from, typically, the email or social media account of the deceased
user for the purpose of settling the estate.
According to the author, "The Privacy Expectations Afterlife
Choices Act ("the Act") ensures Californians have the right to
decide what happens to their online private lives after they die.
The Act honors individual choices while allowing fiduciaries to
get the information they need to settle an estate. This bill
strikes a balance between providing a clear path for fiduciaries
to access relevant information to handle the deceased person's
estate, while respecting the privacy choices of not just the
deceased person but those with whom the deceased was
communicating."
Stronger privacy interest in contents of communications vs. record
�
AB 691
Page 7
of communications. This bill adopts many key definitions
consistent with federal law, the Electronic Communications Privacy
Act of 1986 (ECPA). "Contents" are defined to mean information
concerning the substance, purport, or meaning of communications
and include the subject line of the communication. This is
distinguished from the "record" of communications, which means the
record of a communication sent or received by a user, not
including the contents but including things like the account logs
that record account usage, cell-site data for mobile phone usage,
and online addresses of other persons with whom the user has
communicated. Like ECPA, this bill recognizes the stronger
privacy interest that users have in the content of their
communications on social media and through email. This interest
is reflected in the requirements in this bill for disclosure of
contents compared to disclosure of the record of communications.
Contents of communications: Evidence of express consent by
decedent needed to authorize disclosure of contents of
communications. This bill establishes a checklist of eight
findings of fact that the court must make in order to authorize
disclosure of information to an estate administrator. These eight
findings (see Summary 2) apply to both the contents and the record
of communications. With respect only to the contents of
communication, this bill requires that the court find that the
will of the decedent, or a choice made by the deceased user within
the product or service or otherwise regarding how the user's
contents can be treated after a set period of inactivity after the
user's death, or other event evidences the decedent's express
consent to the disclosure of the requested contents. In other
words, there must be some evidence that the decedent expressly
consented to disclosure of the contents to authorize disclosure.
Otherwise, there is no disclosure of the contents. This bill
contemplates that evidence of express consent can come in the form
of 1) a decedent's will; 2) a choice made by the deceased user
within the product or service (e.g. a checkbox or setting within a
Facebook account); or 3) some other event. If any one of these
forms evidences the user's express consent to disclosure, then
that may be sufficient for the court to make the finding
�
AB 691
Page 8
authorizing disclosure.
It should be noted that in many cases, the decedent will have left
either no will, or a will that is silent with respect to
electronic communications or digital assets. In such cases, the
only expression of the decedent's wishes may be in the form of the
account settings within the service or platform itself.
Proponents note that the account setting may indicate how the
user's contents can be treated after there has been a set period
of inactivity, rather than a setting directly indicating consent
to disclosure after death. The settings may be more nuanced as
well, indicating the user's wishes with respect to some kinds of
contents but not other kinds. The way that settings are set up
will certainly differ between service providers, but this bill
respects this flexibility and leaves room for innovation by simply
looking to any evidence of consent to disclosure.
While the account settings provide a valuable opportunity to
indicate the user's wishes, it is also axiomatic that many users
of social media and email services do not closely monitor these
settings or make affirmative decisions with respect to every
checkbox within a list of account settings. As a result, in the
absence of a will or other event, it may be that the default
setting - either a checked box or an unchecked box, as determined
by the service provider - is the only indication of a user's
wishes with respect to the disclosure of information. Under this
bill, the default setting would have to "evidence express consent
to disclosure." Because the author seeks to establish a standard
that is strongly protective of privacy and to limit disclosure of
the contents of communications, this approach appears consistent
with the intent of the legislation.
Record of communications: Disclosure authorized if request for
record does not conflict with decedent's will or other expression
of intent regarding access to such information. With respect to
the record of communications, this bill requires that the court
�
AB 691
Page 9
find that the request for disclosure is not in conflict with the
deceased user's will or other written, electronic, or oral
expression of the deceased user's intent regarding access to or
disposition of information contained in or regarding the user's
account. In contrast to the more protective rule for contents of
communications (which have a greater expectation of privacy), this
bill does not specifically require express consent of the decedent
to authorize disclosure of the record of communications, and
recognizes that an expression of intent in the decedent's will
controls if there are any conflicting indications.
This bill also provides that a provider shall not be compelled to
disclose either the record or the contents under certain
circumstances. If disclosure would violate other applicable
privacy law or copyright law, then disclosure is not compelled.
Similarly, if the provider becomes aware that the account does not
belong to the deceased user, or that there is other lawful access
to the account after the user's death (indicating a shared account
with at least one other authorized, living user), then disclosure
would not be compelled.
Finally, disclosure is not compelled under this bill if the
deceased user expressed an intent to disallow disclosure through
either deletion of the records or contents during the user's
lifetime, or an affirmative indication, through a setting within
the product or service, of how the user's records or the content
of communications can be treated after a set period of inactivity
or other event. According to the author, this treats any evidence
that the user, while alive, took affirmative steps to delete
either the records or contents as sufficient to 1) establish that
the user did not expressly consent to disclosure, in the case of
contents; or 2) establish that disclosure would conflict with an
expression of the user's intent not to disclose, in the case of
communications.
Specific requests for information older than 18 months must be
�
AB 691
Page 10
honored, if made. Recent amendments to this bill remove the
requirement that the requester provided evidence of a need to
obtain information going back more than 18 months, or potentially
be denied access to such information. Because the request for
disclosure already must be narrowly tailored to the purpose of
administering the estate, there is less justification to impose an
arbitrary 18-month time limit on the information that may be
disclosed without requiring presentation of evidence not otherwise
defined in this bill. As amended, this bill instead requires the
provider to disclose information older than 18 months whenever a
specific request for information older than 18 months is made.
Rules for determining that a request for information creates an
undue burden for the provider. This bill authorizes a court, in
response to a motion to quash or modify an order compelling
disclosure of a user's records or contents, to modify the order to
the extent that it finds that compliance with the order would
cause an undue burden on the provider. This bill provides that
the term "undue burden" shall be interpreted consistently with
Code of Civil Procedure Section 2031.310, relating to undue burden
in response to a demand for inspection in civil discovery.
According to the author, the intent of the undue burden provision
is "to address scenarios where [the estate] demands production of
an overwhelming amount of contents, for example, dozens of
terabytes." Requests for large amounts of information may pose
cost and inconvenience problems for service providers, but such
concerns should be mitigated, however, when the requester is
willing to pay the costs of retrieving the information. In
response to concerns that the undue burden provision should not be
construed to prevent disclosure when the requester will pay the
provider's costs, the author has amended this bill to clarify that
1) a cost that the requester offers to pay shall not be considered
when a court is making a determination whether a request
constitutes an undue burden; and 2) a provider may require the
requester to pay the direct costs of producing a copy of the
record or other information when those records are not already
available for production during the ordinary course of business.
�
AB 691
Page 11
Analysis Prepared by:
Anthony Lew / JUD. / (916) 319-2334 FN: 0000293