CalECPA Passes In California, but Congress Must Act, Too

App developers and their industry partners earned a major victory last week when California passed S.B. 178 the California Electronic Communications Privacy Act (CalECPA) into law.  California becomes just one of three states to update its privacy laws to keep pace with dynamic and evolving technology.

We live in an exciting time, where consumers can communicate with each other through a variety of services like email, texting, or an app. Our laws however, remain outdated, stuck in the past.  And when it comes to privacy, the Federal government operates within the confines of the Electronic Communications Privacy Act (ECPA) - a law enacted in 1986.

While ECPA was forward looking when enacted, technology has far outpaced it, resulting in a law that is difficult to apply and offers minimal privacy protection in the Internet age. These inconsistencies and loopholes in ECPA are making businesses vulnerable to unreasonable government requests for data, contributing to consumer distrust.  Consumers correctly demand that their private information remain private, so when that information is disclosed, they may grow increasingly reluctant to embrace cutting edge technologies. 

That’s right – under current law, saved email messages and documents stored in the cloud for more than 180 days are accessible by government without a warrant. This is less protection than physical mail receives – a distinction that makes little sense given that most people rely on email to communicate rather than traditional mail services.

That’s why CalECPA is an important step forward to ensuring the privacy of California citizens. Specifically, CalECPA requires law enforcement to obtain a warrant before requesting the content of communications, including emails and texts, and for geographical location information. The law also applies to devices as well as online services that store user data; protecting data stored in the cloud for example.  This kind of legislation protects the fundamental privacy rights of state citizens while providing clear boundaries to both law enforcement and tech companies that shepherd this information.

Despite this common sense legislative update, Congress has yet to pass a law that would protect the privacy rights of all Americans. The Email Privacy Act, introduced by Reps. Yoder (R-KS) and Polis (D-CO) is the major ECPA overhaul that developers and the public need. The bill continues to gain traction with over 300 cosponsors in the U.S. House of Representatives, but faces opposition from some government agencies that seek broad power to access digital content without a warrant.

State legislation is an important signal to Congress that this is what the public requires.  Without federal reform, distrust between government, industry and consumers will only grow, threatening innovation and economic growth.  The Application Developers Alliance applauds lawmakers in California, and urges Congress to pass the Email Privacy Act in order to protect the privacy rights of all Americans in the digital era. 

Comments or questions? Email the Policy team at