BILL ANALYSIS �Ó
AB 691
Page 1
Date of Hearing: August 23, 2016
ASSEMBLY COMMITTEE ON JUDICIARY
Mark Stone, Chair
AB 691
(Calderon) - As Amended June 14, 2016
FOR CONCURRENCE
SUBJECT: REVISED UNIFORM FIDUCIARY ACCESS TO DIGITAL ASSETS ACT
KEY ISSUE: SHOULD CALIFORNIA enact THE REVISED UNIFORM
FIDUCIARY ACCESS TO DIGITAL ASSETS ACT (RUFADAA), DEVELOPED BY
THE UNIFORM LAW COMMISSION FOR ADOPTION IN all FIFTY STATES, IN
ORDER TO PROVIDE GUIDANCE to custodians of digital assets and
representatives of decedents' estates regarding THE DISCLOSURE
OF a decedent's ELECTRONIC COMMUNICATIONS AND digital assets?
SYNOPSIS
Current state law addresses the disposition of a person's
property and assets through a will or through intestate
succession, but is still inadequate to address many questions
concerning the right to access electronic assets or
communications that may be necessary to settle the estate of a
deceased user. For example, who gets access to our social media
and email accounts after we die? And what happens when the
content of a decedent's electronic communications, stored on a
provider's server, is needed by the decedent's representative to
�
AB 691
Page 2
properly settle the decedent's estate? Service providers report
being constrained by federal electronic communications privacy
laws that restrict to whom, other than the account holder, they
may disclose the contents or records of communications. The
response of state courts, according to proponents of the bill,
is often a confusing mix of contract law, property law, and
privacy law.
Prior versions of this bill would have enacted the
California-specific Privacy Expectation Afterlife and Choices
(PEAC) Act, but was ultimately held in the Senate at the end of
2015. As amended in the Senate earlier this year, however, this
bill instead seeks to enact a modified version of the Revised
Uniform Fiduciary Access to Digital Access Act (RUFADAA),
originally developed by the Uniform Law Commission for passage
in all fifty states. Consequently, the Judicial Council, the
Trust and Estates Section of the State Bar (TEXCOM), and the
California Judges Association have removed their opposition and
are now neutral on this bill.
This bill, backed by the Internet Association and a host of
online companies, seeks to provide a framework for custodians
and fiduciaries to work out access issues on their own and
limits court involvement to an option of last resort, rather
than requiring early court involvement in most cases to
authorize the release of digital assets. First, the bill
authorizes a decedent's personal representative or trustee
(fiduciary) to access and manage digital assets and electronic
communications, as specified. This bill authorizes a person to
use an online tool to give directions to the custodian of his or
her digital assets for the disclosure of those assets, and also
permits a person to give direction regarding the disclosure of
digital assets in a will, trust, power of attorney, or other
record if he or she has not used an online tool to do so. The
bill establishes a three-tiered system for determining the
user's intent for disclosure of his or her electronic
communications, with first priority given to the user's
�
AB 691
Page 3
designation through an online tool, followed in second priority
by any directions specified by the user in an estate plan for
the disposition of his or her digital assets. Finally, if the
user did not provide any direction regarding disclosure of
digital assets, the terms-of-service governing the account
apply. Once authorization of disclosure by the decedent is
determined, additional documentation, as specified, must be
given to the custodian by the representative or trustee of the
decedent's estate before disclosure is compelled. The bill also
seeks to establish that a fiduciary owes a duty of
confidentiality to the decedent, in addition to the duties of
care and loyalty.
As currently in print, this bill would broadly immunize
custodians from liability for any act or omission done in good
faith in compliance with these provisions. In order to address
the Committee's concern that this Act, should it become law,
would immunize the disclosure of information in a manner that
amounts to gross negligence or willful or wanton misconduct, the
author has agreed to take steps to revise the immunity
provisions at issue, as provided in subdivision (f) of Probate
Code Section 881 in this bill. Because this bill can no longer
be amended in this House, the author instead proposes that
another bill, Senate Bill 873, serve as companion legislation to
this bill and be appropriately amended to address the
Committee's concerns about immunity from liability. Amendments
to SB 873, which is to be heard by this Committee in the same
hearing as this bill, reflect the author's agreement and intent
to replace the version of Section 881 in this bill with the
version of Section 881 provided in that legislation in the event
that it is chaptered into law by the Governor.
The bill continues to be opposed by the ACLU and other privacy
advocates, who believe it still allows disclosure of digital
assets and electronic communications without sufficient
safeguards, and allows custodians to dictate terms of disclosure
and override contrary directions expressed by users, among other
�
AB 691
Page 4
things.
SUMMARY: Establishes the Revised Uniform Fiduciary Access to
Digital Access Act (RUFADAA) to specify rules for the disclosure
of electronic communications from a custodian of a person's
digital assets (custodian) to the personal representative of the
estate of a deceased user (representative) or trustee of the
deceased user's trust (trustee) for the purpose of administering
the estate or trust. Specifically, this bill:
1)Authorizes a decedent's personal representative or trustee
(fiduciary) to access and manage digital assets and electronic
communications, as specified.
2)Authorizes a person to use an online tool to give directions
to the custodian of his/her digital assets regarding the
disclosure of those assets.
3)Specifies that, if a person has not used an online tool to
give that direction, he or she may give direction regarding
the disclosure of digital assets in a will, trust, power of
attorney, or other record.
4)Requires a custodian, as specified, of the digital assets to
comply with a fiduciary's request for disclosure of digital
assets to terminate an account, except under certain
circumstances, including when the decedent has prohibited this
disclosure using the online tool.
5)Specifies that a user's direction through the online tool or
testamentary document would override a contrary provision in a
terms-of-service agreement.
�
AB 691
Page 5
6)Provides that a fiduciary's or designated recipient's access
to digital assets may be modified or eliminated by a user, by
federal law, or by a terms-of-service agreement when the user
has not provided any direction as specified by this bill.
7)Authorizes the custodian, in its sole discretion, to do any of
the following when disclosing the digital assets of a user:
a) Grant the fiduciary or designated recipient full access
to the user's account;
b) Grant the fiduciary or designated recipient partial
access to the user's account sufficient to perform the
tasks with which the fiduciary or designated recipient is
charged; and
c) Provide the fiduciary or designated recipient with a
copy in a record of any digital asset that, on the date the
custodian received the request for disclosure, the user
could have accessed if the user were alive and had full
capacity and access to the account.
8)Authorizes a custodian to assess a reasonable administrative
charge for the cost of disclosing digital assets and would not
require a custodian to disclose a digital asset deleted by a
user.
9)Provides that if a user directs or a fiduciary or designated
recipient requests a custodian to disclose some, but not all,
of the user's digital assets, the custodian need not disclose
the assets if segregation of the assets would impose an undue
burden on the custodian.
�
AB 691
Page 6
10)Authorizes the custodian, fiduciary, or designated recipient
to petition the court for an order, as specified, if the
custodian believes the direction or request imposes an undue
burden.
11)With respect to the content of electronic communications of
the user:
a) Provides that, if a deceased user consented to or a
court directs disclosure of the content of electronic
communications of the user, the custodian must disclose to
the personal representative of the estate of the user the
content of an electronic communication sent or received by
the user if the personal representative gives to the
custodian specified forms of documentation, including,
among other things: i) a written request for disclosure;
ii) a certified copy of the user's death certificate; iii)
a certified copy of the letter of appointment of the
representative; and iv) a copy of the user's will, trust,
or other record evidencing the user's consent to
disclosure, unless the user provided direction using an
online tool.
b) Provides that, unless otherwise ordered by the court,
directed by the user, or provided in a trust, the custodian
must disclose to a trustee that is not an original user of
an account the content of an electronic communication sent
or received by an original or successor user and carried,
maintained, processed, received, or stored by the custodian
in the account of the trust if the trustee gives to the
custodian specified forms of documentation.
12)With respect to the catalogue of electronic communication
�
AB 691
Page 7
sent or received by the user, and digital assets, other than
the content of electronic communications, of the user:
a) Provides that, unless the user prohibited disclosure of
digital assets or the court directs otherwise, the
custodian must disclose to the personal representative of
the estate of a deceased user a catalogue of electronic
communications sent or received by the user and digital
assets, other than the content of electronic
communications, of the user, if the personal representative
gives to the custodian specified documentation, including,
among other things: i) a written request for disclosure;
ii) a certified copy of the user's death certificate; and
iii) a certified copy of the letter of appointment of the
representative.
b) Provides that, unless otherwise ordered by the court,
directed by the user, or provided in a trust, a custodian
must disclose, to a trustee that is not an original user of
an account, the catalogue of electronic communications sent
or received by an original or successor user and stored,
carried, or maintained by the custodian in an account of
the trust and any digital assets, other than the content of
electronic communications, in which the trust has a right
or interest if the settlor of the trust is deceased and the
trustee gives to the custodian specified documentation.
13)Provides that the legal duties imposed on a fiduciary charged
with managing tangible property apply to the management of
digital assets, including all of the following: a) the duty
of care; b) the duty of loyalty; and c) the duty of
confidentiality.
14)Provides that a fiduciary with authority over the property of
a decedent or settlor has the right of access to any digital
�
AB 691
Page 8
asset in which the decedent or settlor had a right or
interest, as specified.
15)Requires a custodian, not later than 60 days after receipt of
the information required, as specified, to comply with a
request from a fiduciary or designated recipient to disclose
digital assets or terminate an account. Further provides that
if the custodian fails to comply with a request, the fiduciary
or designated recipient may apply to the court for an order
directing compliance.
16)Makes disclosure of the contents of the deceased user's or
settlor's account to a fiduciary of the deceased user or
settlor subject to the same license, restrictions, terms of
service, and legal obligations, including copyright law, that
applied to the deceased user or settlor.
EXISTING LAW:
1)Provides for the disposition of a testator's property by will.
(Part 1 of Division 6 of the Probate Code, commencing with
Section 6100.)
2)Provides that any part of the estate of a decedent not
effectively disposed of by will passes to the decedent's heirs
as prescribed. (Part 2 of Division 6 of the Probate Code,
commencing with Section 6400.)
3)Provides that title to a decedent's property passes on the
decedent's death to the person to whom it is devised in the
decedent's last will or, in the absence of such a devise, to
the decedent's heirs as prescribed in the laws governing
intestate succession. (Probate Code Section 7000.)
�
AB 691
Page 9
4)Provides that the decedent's property, including property
devised by a will, is generally subject to probate
administration, except as specified. (Probate Section 7001.)
5)Pursuant to the federal Electronic Communications Privacy Act,
restricts the ability of an electronic communication service
or remote computing service to share information with any
party but the user. (18 U.S.C. §§ 2510-22.)
FISCAL EFFECT: As currently in print this bill is keyed
non-fiscal.
COMMENTS: There can be no doubt that the number of people who
use electronic communication and social media has increased
astronomically in recent years, and continues to increase as new
services and platforms are developed and introduced. In 2014,
it was estimated that there were over 900 million Facebook
users, over 550 million users of Twitter, and hundreds of
millions more who use services like Google or Yahoo to send
email, pay their bills electronically, or store important
documents or pictures. For many users, social media and
electronic communications have expanded into almost every area
of daily life, often in ways not previously considered. As a
result, lawmakers are increasingly faced with novel policy
questions that arise from ways in which social media and the
Internet impact our daily lives.
In focusing on the impact of social media and the Internet on
our daily lives, perhaps not enough attention has been paid to
this increasingly important question: What should happen to all
of our email and social media accounts after we die? Current
law addresses the disposition of a person's property and assets
through a will or through intestate succession, but is still
inadequate to address many questions with respect to rights to
electronic assets or communications that may be necessary to
�
AB 691
Page 10
administrate the estate of a deceased user. For example, under
what circumstances should the administrator of an estate be able
to access the contents of the decedent's electronic
communications? Should the administrator of an estate be able
to access the entire history of a decedent's online stored
content, potentially even contents not needed to settle the
estate? Should a person's privacy settings that restrict the
audience that may view a person's content during life be honored
after death? This bill, introduced at the request of the
Internet Association and TechNet, seeks to provide a clear legal
framework to help courts resolve some of these questions.
According to the author:
With no statute currently in place in California
protecting the online information of the newly
deceased, families are left responsible for accessing
their loved ones information, often times causing
unnecessary financial and emotional burdens during a
time that is already painfully difficult. AB 691
addresses this issue by striking a balance between
providing a clear path for fiduciaries to access
relevant information to handle the deceased person's
estate, while respecting the privacy choices of not
just the deceased person but those with whom the
deceased was communicating.
Background on RUFADAA, the uniform legislation sought to be
enacted by this bill. In July 2014, the National Conference of
Commissioners on Uniform State Laws (NCCUSL, or "Uniform Law
Commission") approved the Uniform Fiduciary Access to Digital
Assets Act (UFADAA), which was recommended for enactment in all
states "to vest fiduciaries with the authority to access,
control, or copy digital assets and accounts[,] ... remove
barriers to a fiduciary's access to electronic records[,] and to
leave unaffected other law, such as fiduciary, probate, trust,
banking, investment, securities, and agency law." UFADAA was
recently revised to clarify the application of federal privacy
�
AB 691
Page 11
laws and give legal effect to an account holder's instructions
for the disposition of digital assets. According to NCCUSL, the
2014 UFADAA provided fiduciaries with default access to all
digital information, but the Revised Act (RUFADAA) protects the
contents of electronic communications from disclosure without
the user's consent, and fiduciaries can still access other
digital assets unless prohibited by the user.
NCCUSL states that RUFADAA was recently approved at the
statewide level and represents a consensus reached among
stakeholders, including technology firms, privacy advocates,
bankers, and the trust and estate bar. NCCUSL asserts that the
"consensus was the result of a concerted effort by all parties
over the last few months to agree on a reasonable regulatory
framework that will balance the privacy interests of internet
users with the need for fiduciaries to perform their tasks and
ensure the orderly transfer of a decedent's assets to heirs. It
gives legal effect to an internet user's wishes when they are
known, and provides reasonable default rules that apply if the
user has not expressed a contrary intent. The act represents
the best opportunity to enact uniform legislation for an
industry that operates in every state." RUFADAA has been
formally endorsed by the Association of American Retired Persons
(AARP), the Center for Democracy and Technology, Facebook,
Google, and the National Academy of Elder Law Attorneys.
(NCCUSL, Legislative Fact Sheet - Revised Uniform Fiduciary
Access to Digital Assets Act (2015).) To date, 10 states
(Colorado, Florida, Idaho, Indiana, Michigan, Oregon, Tennessee,
Washington, Wisconsin, and Wyoming) have enacted RUFADAA, and at
least 18 other states have introduced RUFADAA legislation this
year.
According to NCCUSL:
The purpose of the [RUFADAA] is twofold. First, it
gives fiduciaries the legal authority to manage
�
AB 691
Page 12
digital assets and electronic communications in the
same way they manage tangible assets and financial
accounts, to the extent possible. Second, it gives
custodians of digital assets and electronic
communications legal authority to deal with the
fiduciaries of their users, while respecting the
user's reasonable expectation of privacy for personal
communications. The general goal of the act is to
facilitate fiduciary access and custodian disclosure
while respecting the privacy and intent of the user.
It adheres to the traditional approach of trusts and
estates law, which respects the intent of an account
holder and promotes the fiduciary's ability to
administer the account holder's property in accord
with legally-binding fiduciary duties. The act
removes barriers to a fiduciary's access to electronic
records and property and leaves unaffected other law,
such as fiduciary, probate, trust, banking, investment
securities, agency, and privacy law.
Legislative history. Prior versions of this bill would have
enacted the Privacy Expectation Afterlife and Choices (PEAC)
Act, the California-specific approach to disclosure of a
decedent's electronic information that was held in the Senate
when the 2015 year session ended. The PEAC Act was opposed by
the Judicial Council and the Trust and Estates Section of the
State Bar (TEXCOM), among others, for a variety of reasons,
chief among them because it would have initially required court
involvement in most cases in order to authorize release of
digital assets to a fiduciary. As amended in the Senate earlier
this year, however, this bill instead would enact a modified
version of RUFADAA, which provides a framework for custodians
and fiduciaries to work out access issues on their own and
limits court involvement to an option of last resort.
Consequently, the Judicial Council, TEXCOM, and the CA Judges
Association have removed their opposition to this bill and
adopted a neutral position.
�
AB 691
Page 13
On the other hand, the Senate amendments to enact RUFADAA
instead of the PEAC Act have caused a number of consumer and
privacy advocates, including the ACLU and Consumer Watchdog, to
oppose the bill. These groups ("opponents") were neutral on the
approach taken by the PEAC Act, but are opposed to RUFADAA
because they believe it allows disclosure of digital assets and
electronic communications without sufficient safeguards, allows
custodians to dictate terms of disclosure and override contrary
directions expressed by users, and grants custodians overly
broad immunity from liability.
Scope of the bill. Unlike the broader approach of the RUFADAA
model act adopted by the NCCUSL, the scope of this bill does not
include powers of attorney, trusts, and conservatorships where
the principal, trustor, and conservatee, respectively, are still
alive. Instead, this bill has a more limited scope that applies
only to situations where a person has died, and electronic
information is being requested from the custodian by a
decedent's personal representative, administrator, executor, or
trustee for the purpose of ascertaining the decedent's assets
and liabilities.
Stronger privacy interest in contents of communications vs.
catalogue of communications. Under this bill, the "contents of
electronic communication" is defined to mean information
concerning the substance or meaning of the communication sent or
received by the user that is not readily accessible to the
public and is carried or maintained by the custodian providing
the electronic communication service, as specified. This is
distinguished from the "catalogue of electronic communications,"
which is defined as information that identifies each person with
which a user has had an electronic communication, the time and
date of the communication, and the electronic address of the
person. To remain consistent with federal law, under this bill
the term "electronic communication" is defined by reference to
the Electronic Communications Privacy Act of 1986 (ECPA). Like
�
AB 691
Page 14
ECPA, this bill recognizes the stronger privacy interest that
users have in the content of their communications through email
and on social media. This interest is reflected in the
requirements in the bill for disclosure of contents compared to
disclosure of the catalogue of electronic communications.
Three -tiered system for user authorization to disclose
electronic communications, including content. This bill
provides protections for a deceased user's private electronic
communications by establishing the circumstances under which the
custodian of the electronic communications could disclose those
communications. The bill establishes a three-tier priority
system for determining the user's intent for disclosure of his
or her electronic communications.
First in priority, this bill authorizes disclosure pursuant to
the user's designation through an online tool. According to
proponents, the online tool provides the most current reflection
of the user's intent for disclosure to another person. Second,
the user can provide directions in an estate plan for the
disposition of the user's digital assets. The custodian would
then be able to rely on the testamentary document containing
these disclosure instructions, which would then have legal
effect pursuant to this bill. Finally, if the user did not
provide any direction regarding disclosure of digital assets,
the terms-of-service governing the account would apply. If the
terms-of-service do not address fiduciary access to digital
assets, the default rules provided in this bill shall apply.
Opponents assert that, contrary to what the bill provides, an
online tool should take precedence over a user's testamentary
will only if the online tool is used later in time after the
will is executed. They state:
For those who do have a will or use an online tool,
�
AB 691
Page 15
however, the bill defeats the reasonable expectations
of most users because the bill stipulates that when a
tech company provides an online tool (to designate a
recipient and instruct the custodian which digital
assets to release), those user settings are
determinative of the user's wishes even if they predate
a will or other testamentary document. This priority
scheme is contrary to the normal rule and most user's
common understanding that a will is determinative of a
decedent's intentions if it comes after other
instructions. Online tools should not be allowed to
contradict a later testamentary document.
Documentation needed for disclosure once authorization
established. Authorization of disclosure is not alone
sufficient to compel disclosure under this bill; additional
documentation must be provided to the custodian by the
representative of the decedent's estate. With respect to the
content of electronic communications sent or received by the
user, the bill provides that if a deceased user consented to or
a court directs disclosure of such content, the custodian make
such disclosure to the personal representative of the estate of
the user if the personal representative gives to the custodian
all of the following: (1) a written request for disclosure in
physical or electronic form; (2) a certified copy of the death
certificate of the user; (3) a certified copy of the letter of
appointment of the representative, a small-estate affidavit, or
court order; and (4) a copy of the user's will, trust, power of
attorney, or other record evidencing the user's consent to
disclosure of the content of electronic communications, unless
the user provided direction using an online tool (in which case
the online tool evidences the user's content, making this
documentation unnecessary).
With respect to the catalogue of electronic communications sent
or received by the user and digital assets other than the
content of electronic communications, the bill requires the
�
AB 691
Page 16
custodian to make such disclosure to the personal representative
unless the user prohibited disclosure of digital assets or the
court directs otherwise. More specifically, if the user did not
prohibit such disclosure and there is no contrary direction from
the court, then under this bill the custodian shall make the
disclosure if the personal representative has given the
custodian all of the following: (1) a written request for
disclosure in physical or electronic form; (2) a certified copy
of the death certificate of the user; and (3) a certified copy
of the letter of appointment of the representative, a
small-estate affidavit, or court order. The bill specifies
similar documentation relevant to trusts to be provided to the
custodian by a trustee seeking disclosure of either the
catalogue or content of electronic communications.
For both the content and catalogue of electronic communications,
the bill also requires the personal representative to provide
any of the following additional documentation, if requested by
the custodian: (1) a number, user name, username, address, or
other unique subscriber or account identifier assigned by the
custodian to identify the user's account; (2) evidence linking
the account to the user; (3) an affidavit stating that
disclosure of the user's digital assets is reasonably necessary
for estate administration; and (4) an order of the court making
certain findings, as specified. Opponents of the bill assert
that some of these items of information--particularly the unique
subscriber information or other evidence linking the account to
the decedent for which records are being requested--should be
required to be provided in all cases rather than provided only
if requested by the custodian. They also recommend that the
bill should require the fiduciary to show that the information
contained in the account is necessary for the administration of
the estate, and not just in cases where the custodian has
requested production of a court order making such a finding.
Terms-of-service agreements. As discussed above, if the user
did not provide any direction regarding disclosure of digital
�
AB 691
Page 17
assets through an online tool or testamentary document (e.g. a
will), then under the third-tier of the rule, the
terms-of-service agreement governing the account would apply.
It should be noted that this bill does not change or impair a
right of a custodian or a user under a terms-of-service
agreement to access and use digital assets of a user, and does
not give a fiduciary or designated recipient any new or expanded
rights other than those held by the user for whom, or for whose
estate or trust, the fiduciary or designated recipient acts or
represents. This bill provides that a fiduciary's or designated
recipient's access to digital assets may be modified or
eliminated by a user, by federal law, or by a terms-of-service
agreement when the user has not provided any direction, as
specified.
Opponents contend that, in practice, the bill will ultimately
allow custodians to freely control the release and retention of
digital assets under the terms of service, because most users
will not have a will or make use of an online tool. They state:
(The bill) gives the terms of service written by a
custodian the controlling priority whenever there is no
will and no use of an online tool. Most Americans do
not have a will, and few will have the knowledge,
determination and foresight to use an online tool, in
the same way that most users do not adjust the
available settings on various electronic devices,
applications, and Internet web sites. The bill provides
no limitations or guidelines for the terms of service -
custodians are free to write any rules they wish. Nor
are custodians under any obligation to make online
tools readily detectable, clear or easy to use.
Fiduciary's duty of confidentiality. A decedent's fiduciary has
a duty to the decedent to execute the terms of the decedent's
testamentary documents. The fiduciary is also subject to
�
AB 691
Page 18
multiple statutory duties, including care and loyalty, to the
beneficiaries of the decedent's estate or trust, and is also
required to keep the beneficiaries reasonably informed and fully
disclose all material information necessary to protect the
beneficiaries' interests.
As stated by the author, most people expect the contents of
their electronic communications to remain private after they
pass away, and the recipients and senders of those messages
likely expect the same. Accordingly, this bill would also
establish that fiduciaries owe a duty of confidentiality in
addition to the duties of care and loyalty. To the extent the
decedent limits access to his or her electronic information so
that the information is only disclosable to or accessible by the
fiduciary, either through the online tool or pursuant to
testamentary documents, this bill inherently incorporates the
expectation that the fiduciary will maintain the decedent's
confidentiality upon receiving the electronic information.
Author's intent to narrow grant of immunity from liability
provided to custodians for compliance with this bill. As
currently in print, this bill simply provides that "a custodian
and its officers, employees, and agents are immune from
liability for an act or omission done in good faith in
compliance with this part [i.e. the entirety of RUFADAA]."
Subdivision (f) of Probate Code Section 881, as proposed by this
bill, would grant custodians broad immunity from liability as
long as they act in good faith in complying with the Act-with no
exception even for conduct amounting to gross negligence or
willful or wanton misconduct.
Opponents of the bill contend that the broad grant of immunity
in this bill gives custodians no incentive to act responsibly,
and increases the probability that cases of privacy invasion
will occur since there will be little consequence for careless
behavior, or even gross negligence. They state:
�
AB 691
Page 19
Is it possible that [custodians] will make mistakes -
both by releasing too much information without
authorization, or releasing it to the wrong person? We
think the history of digital records shows that it is
likely there will be mistakes. While mistakes cannot
be prevented they should be deterred. Unfortunately,
this bill does very little or nothing to give
technology companies an incentive to behave
responsibly. It gives custodians sole and complete
discretion to release all digital assets, and it gives
them complete immunity when they do it wrongly. . . The
only liability they would apparently not be absolved
for is for direct violation of a court order, which is
arguably beyond the province of the Legislature in any
event. The combination of total discretion and no
responsibility for unlawful conduct will give
custodians very little reason to behave with reasonable
prudence.
According to the Uniform Law Commission, the drafters of
RUFADAA, the release of digital assets or electronic
communications, if not done carefully, could result in harm or
an invasion of privacy. The ULC's official comments to RUFADAA
even state: "Access to a digital asset might invade the privacy
or harm the reputation of the decedent, protected person,
principal, or settlor; it might harm the family or business of
the decedent, protected person, principal, or settlor; and it
might harm other persons." (Uniform Law Commission, Revised
Uniform Fiduciary Access to Digital Assets Act (2015), p. 30.)
While the ULC's intent may have been to protect the custodian
from liability for disclosure of a digital asset as long as the
custodian was acting in good-faith compliance, this Committee
has a long history of ensuring that legislation it approves does
not provide blanket immunity from liability for acts rising to
�
AB 691
Page 20
the level of gross negligence or willful or wanton misconduct,
even when done "in good faith." (See, e.g. AB 83 (Feuer), Ch.
77, Stats. 2009, amending the California "Good Samaritan"
statute to grant qualified immunity to any person who renders
medical or non-medical aid in an emergency, so long as that
person acts in good faith and not for compensation, but
specifically exempting gross negligence and willful or wanton
misconduct.)
In order to ensure that this Act, should it become law, does not
immunize disclosure of information that amounts to gross
negligence or willful or wanton misconduct, the author has
agreed to take steps to revise the immunity provisions proposed
by this bill in subdivision (f) of Probate Code Section 881.
Because this bill cannot be amended in this House to address
this concern, the author instead proposes that another bill,
Senate Bill 873 (which is to be heard in this Committee on the
same date as this bill), be amended to accomplish this purpose.
Specifically, it is the author's intent that SB 873 shall be
enacted subsequent, and as a companion, to this bill so that in
the event that this bill, AB 691, is chaptered, the version of
Section 881 of the Probate Code reflected in SB 873 shall
replace the version of that same section provided by this bill.
The SB 873 amendments to Probate Code Section 881(f) appear
below for illustrative purposes:
Probate Code Section 881.
[. . .]
(f) (1) A custodian and its officers, employees, and
agents are immune from liability for an act or omission
done in good faith and in compliance with this part.
�
AB 691
Page 21
(2) The protections specified in paragraph (1) shall
not apply in a case of gross negligence or willful or
wanton misconduct of the custodian or its officers,
employees, and agents.
ARGUMENTS IN SUPPORT: The bill is supported by a coalition of
technology and business industry groups, including Google,
Yahoo, and Facebook, who state:
The technology industry supports AB 691 because it
carefully balances the rights of the decedent and
other third parties with the obligations and
requirements of handling an estate. It also stays
within the privacy framework set by the federal
Electronic Communications Privacy Act that restricts
the ability of an electronic communication service or
remote computing service to share information with
anyone but the user.
During the last Senate Judiciary hearing, the author
and proponents were instructed to negotiate in good
faith, reach a satisfactory solution, and return the
bill for consideration. That has been accomplished.
All of the opposition to AB 691 present at the
September 10, 2015 Senate Judiciary Committee hearing
has been removed. All those parties are either neutral
or in support.
ARGUMENTS IN OPPOSITION: The bill continues to be opposed by
the ACLU, the Electronic Frontier Foundation, and various
consumer groups. According to these opponents:
�
AB 691
Page 22
The bill continues to have serious privacy implications
that have not been adequately considered or addressed.
The bill would allow digital assets and the content of
electronic communications to be disclosed to trustees
and personal representatives without appropriate
safeguards. The bill also lacks adequate definitions of
key terms, permits custodians to dictate terms and
override contrary directions expressed by users, and
could be construed to require companies to give
trustees and personal representatives access to
electronic communications and content, even if the
information is encrypted or password-protected,
including by court orders requiring tech companies to
hack their own products as some electronic device
companies have been asked to do in criminal cases.
Moreover, because the bill grants companies sole
discretion to give up as much or as little information
as they wish, while also granting them immunity for
violations, there appears to be no recourse for
individuals whose privacy has been invaded.
REGISTERED SUPPORT / OPPOSITION:
Support
TechNet (sponsor)
AOL
California Bankers Association
�
AB 691
Page 23
California Chamber of Commerce
CompTIA
Facebook
Google
Internet Association
Match.com
State Privacy and Security Coalition, Inc.
Yahoo!
Opposition
American Civil Liberties Union of California
Consumer Federation of California
Consumer Watchdog
Electronic Frontier Foundation
�
AB 691
Page 24
Privacy Rights Clearinghouse
Analysis Prepared by:Anthony Lew / JUD. / (916) 319-2334