HB 57: Protecting Your Digital Data with a Warrant
To track the status of this bill, find it on our Legislation Tracker. Click here to contact the sponsor of the bill to share your thoughts, or click here to email your Senator and Representative about it.
This summer, the U.S. Supreme Court issued its opinion in Carpenter v. U.S., holding that “the fact that [your digital] information is held by a third party does not by itself overcome the user’s claim to Fourth Amendment protection.” Put simply, the Court recognized that digital data being passed through and held by a third party does not diminish your expectation of privacy.
This ruling, however, pertained only to cell phone location information—and as a U.S. Supreme Court ruling, it only sets the floor below which law enforcement may not descend. State legislatures can—indeed, should—set the bar higher, as Justice Alito wrote in the Riley case:
“…It would be very unfortunate if privacy protection in the 21st century were left primarily to the federal courts using the blunt instrument of the Fourth Amendment. Legislatures, elected by the people, are in a better position than we are to assess and respond to the changes that have already occurred and those that almost certainly will take place in the future.”
As such, Representative Craig Hall has sponsored House BIll 57, which states that an individual who transmits electronic data through a remote computing service is presumed to be the owner of that data and maintains a reasonable expectation of privacy in the data stored by that remote service.
HB57 then also states that a government entity may not obtain, use, copy, or disclose that data without first obtaining a warrant—unless the owner has consented or a judicially recognized exception to a warrant exists.
It is essentially impossible to operate in a digital environment without sending sensitive data through a third party relay or service. We store our information in the “cloud” all the time. This law—the first of its kind in the nation, so far as our research has revealed—would make clear that we maintain a privacy interest in our data being held by a third party.