Compliance with out of state investigative requests, like warrants, just got a little trickier for California companies. Under existing law, California technology and communications companies are required to produce specified user data in response to an out of state warrant as if that warrant was issued by a California court. But now there is one caveat—companies do not have to do so when the warrant relates to an out of state abortion investigation. On September 27, 2022, California Governor Gavin Newsom signed a bill (AB-1242) that, in part, prohibits technology and communications companies headquartered or incorporated in California from providing user data to out-of-state law enforcement or government entities investigating abortions that would be lawful under California law. The new law also prohibits California companies from assisting the out-of-state entities in investigating or enforcing abortion violations. For California corporations, the law acts as a shield against warrants, court orders, subpoenas, or other legal processes from states attempting to enforce abortion laws that conflict with California law.
There are, however, limitations on both the types of companies subject to this law and the types of data covered. The law’s prohibitions on disclosure of user data only apply to corporations that “provide electronic communications services.” The law defines “electronic communication” as “any transfer of signs, signals, writings, images, sounds, data or intelligence of any nature in whole or in part by a wire, radio, electromagnetic, photoelectric, or photo-optical system.” This includes a host of technology and communications companies such as social media platforms, search engines, and wireless providers, among others. The law explicitly limits such companies from producing data that would reveal the “identity of the customers using those services, data stored by, or on behalf of, the customer, the customer’s usage of those services, the recipient or destination of communications sent to or from those customers, or the content of those communications.”
The California law adds to the existing uncertainty many large technology companies have faced since the Supreme Court overruled Roe v. Wade and Planned Parenthood v. Casey in its Dobbs v. Jackson Women’s Health Organization decision handed down in June. Companies headquartered or incorporated in California must now consider additional defenses they can raise in response to subpoenas, warrants, and orders from out-of-state entities that seek information regarding abortion procedures. Before the law was enacted, California corporations were required to comply with subpoenas, warrants, and other orders demanding that they produce records. Corporations responding to legal process generally were not provided information on the subject matter of the underlying investigations. Now, under the new law, out-of-state warrants must include an attestation that the evidence sought is not related to an abortion investigation or an attempt to enforce an anti-abortion law that creates liability for an abortion that otherwise would be legal in California. In other words, the burden is on the entity seeking the information to make that attestation, and corporations are entitled to rely on that representation when responding to a subpoena.
There is no doubt that this law will come with new challenges. Because many tech companies, regardless of whether they are headquartered or incorporated in California, also do business in other states with strict anti-abortion laws, they may face backlash from those states when refusing to disclose user data in compliance with California’s law. Although it remains to be seen how the law will work in practice, it is almost certain that the courts will become involved.