Privacy settings do matter: subpoenas quashed for disclosure of social networking data

In a recent federal district court ruling noted and summarized by the always-astute privacy team at law firm Hunton & Williams, an individual user of Facebook, MySpace, and other less well known online communities, who is also a plaintiff in a copyright infringement lawsuit, successfully quashed a subpoena by the defendants in his case that sought to obtain private messages he had sent through the social networking sites. Lawyers for the plaintiff argued that the subpoenas were overbroad, that the information they sought was irrelevant to the case, and that the social networking companies’ disclosure sought in the subpoenas is prohibited under the Stored Communications Act (18 U.S.C. §121), which among other provisions says that “a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service” (§2702(a)(1)). The magistrate that first considered the motion originally rejected the argument under the SCA (and accepted only the claim that the subpoenas were overbroad, since they sought all of plaintiff’s communications on the sites). Not satisfied, the plaintiff moved for reconsideration of the magistrate judge’s ruling on the motion to quash the subpoenas, and the district court accepted plaintiff’s argument that the private messaging capability provided by sites like Facebook and MySpace are in fact electronic communication services under the definition in the law, and quashed the portions of the subpoenas concerning disclosure of the messages the plaintiff sent through the sites.

Still unresolved is whether the plaintiff’s comments and wall posts can similarly be considered as private communications, since they are more or less intended to be public content, at least “public” within the context of the online sites in question. The Stored Communications Act prohibitions on disclosure do not apply to “electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public” according to a clause in a different part of the Electronic Communications Privacy Act of 1986 (18 U.S.C. §2511(2)(g)(i)). The district court directed the parties to the suit to produce detailed information about the plaintiff’s privacy settings, and in so doing provide some indication of whether he intended his posts and comments to be publicly viewable. The implication is clear, at least from a personal privacy perspective: if you want any of your activity on social networking sites to be considered private in a legal context, you should configure the privacy settings made available by the site in such a way that conveys your intent to limit the disclosure of the information. If you make your personal information public, even within the confines of a social networking community, then the courts may consider that decision as contrary to any later assertion that you wanted the information to be private.