(By Benjamin Yamada, Student Attorney, TLPC)
On behalf of the Wikimedia Foundation and a diverse international coalition of clients, the TLPC recently filed an amicus brief urging the California Supreme Court to reject a controversial new reading of the Stored Communications Act (“SCA”) that significantly weakens online privacy protections. Student attorneys Fynn Fehrenbach, Telly Scott, and Benjamin Yamada led the development and drafting of the brief, supervised by Vivek Krishnamurthy, TLPC’s Director, and by Vanessa Racehorse on the CU Law Faculty. The other signatories of the brief drafted by TLPC are Bolo Bhi (Pakistan), Digital Rights Foundation (Pakistan) Open MIC (USA), Software Freedom Law Center (India), and Tech Global Institute (Canada).
The Case
In Snap, Inc. v. Superior Court (Pina), defendant Adrian Pina—accused of murdering his brother—subpoenaed Snap (Snapchat) and Meta (Facebook, Instagram) to disclose the victim’s private account contents. Pina’s defense counsel hoped to uncover potentially violent or aggressive posts that might support a self-defense claim.
Snap and Meta refused, invoking the SCA’s “privacy wall,” which typically bars providers from sharing users’ stored messages, photos, and other account data unless an explicit legal exception applies (like a warrant). The California Court of Appeals, however, devised a novel “business purpose” interpretation of the SCA. Under this approach, if a provider can access user data for any internal business reason—beyond basic storage and processing—the SCA’s privacy protections do not apply. The court concluded that platforms like Snapchat, Instagram, and Facebook presumably retain such a right of access; hence, § 2702(a)’s disclosure ban does not shield those accounts.
Why the Decision Matters
Until now, § 2702 has been understood as the critical backbone of user privacy online—both in the U.S. and abroad. Email providers, social networks, and cloud storage services rely on it to refuse third-party requests (or demands) to share user messages, photos, and more. By effectively discarding that shield whenever companies have a “business purpose” for stored content, the court’s ruling undermines years of established SCA jurisprudence. For users living under authoritarian regimes who depend on U.S.-based platforms to keep them safe from government persecution, this ruling creates a major vulnerability. Foreign authorities could use the “business purpose” logic to demand user data without going through proper judicial channels.
Our Argument
Our primary concern lies with preserving robust user privacy protections for everyone. We believe the Court of Appeal’s reasoning erodes crucial safeguards for Internet users everywhere. Specifically, we argue that Section 2702 has long been interpreted by users and lawmakers to be a “blocking statute” that prevents disclosure as a default, with only narrow exceptions. The new reading upends this consensus. Additionally, we argue that the “business purpose” theory proposed by the lower court overlooks the mutual legal assistance mechanisms whereby upright foreign governments can bypass the SCA’s robust blocking function. The “business purpose” theory renders these mechanisms moot.
The unified stance of our amici is clear: the Court of Appeal’s novel “business purpose” rationale breaks from longstanding SCA precedent and threatens to expose countless Internet users—including journalists, activists, and vulnerable communities—to unwarranted disclosures.
Our amicus brief is available below.