Back to News & Commentary

California Social Media Privacy Laws Give Students, Employees Online Rights

Chris Conley,
Policy Attorney,
ACLU of Northern California Technology and Civil Liberties Project
Share This Page
October 1, 2012

On Thursday California Governor Jerry Brown signed two bills into law that will protect the privacy of employee and college student social media accounts in the state of California. While these bills aren’t perfect, they are an important first step towards recognizing that our rights—including our fundamental right to privacy—apply just as much in the online world as in the offline.

Can you imagine applying for a job and being asked to hand over the keys to your apartment so it could be searched? Or being a college athlete and having your coach demand to listen in on every phone call you make to your boyfriend or girlfriend? Of course not!

But there’s really not much difference between demanding the keys to your apartment and demanding the password to your email or social media account. In both cases, the other party is demanding the right to investigate almost everything about you—who your friends and romantic partners are, what you do when you’re not at work or at school, your health concerns, religious activities and political affiliations, and much, much more.

California’s new social media privacy laws take significant steps to address these issues. Both laws generally prohibit employers or schools from requesting or demanding your password or the contents of your personal accounts. And while both laws have investigation exceptions, the employer law makes it clear that even in the context of an investigation your employer cannot request your password—he or she can only request content relevant to the investigation. Again, this is the standard one would expect in the physical world: an employer investigating alleged misuse of funds might ask you to document your travel and spending, but he or she wouldn’t demand the keys to your house.

But, the battle for social media privacy isn’t quite over. For one thing, the student law passed in California does not make it clear that schools never have the right to demand a password or otherwise gain complete access to a student’s account, which is something that they have no business doing. Threats of violence or other emergencies are better handled by the proper authorities than by schools themselves. More importantly, the student law only applies to post-secondary students (universities, colleges, etc.), meaning that California’s high school students—who increasingly use social media to capture intimate details of their lives—don’t have the same protection. We hope to see both of these issues addressed in the near future.

Nonetheless, this is a victory for privacy and a step in the right direction. California employees and students should not have to choose between their job or their education and maintaining control of their own personal information. By enacting these laws, California has taken an important step in that direction. We hope Governor Brown will follow this with another victory for individual rights by signing the Location Privacy Act of 2012 into law as well.

We also hope that other states and the federal government will follow California’s lead. Similar bills have been introduced in Congress, the Password Protection Act (PPA) and the Social Networking Online Protection Act (SNOPA). So far, the legislation has not moved, but hopefully the California laws will help spur action in D.C.

And finally, if you agree that Americans shouldn’t have to choose between privacy and technology, be sure to follow our Demand Your dotRights digital privacy campaign on Facebook and Twitter.

Learn more about social networking privacy: Sign up for breaking news alerts, follow us on Twitter, and like us on Facebook.

Learn More About the Issues on This Page