Next week, the Uniform Law Commission (ULC), a nonpartisan, nonprofit organization dedicated to researching, drafting, and promoting the enactment of uniform state laws, will vote on whether to adopt a piece of model legislation called the Employee and Student Online Privacy Protection Act (ESOPPA). The vote is important because ULC is widely respected and circulates its draft legislation to legislators across the country.
ESOPPA is designed to prevent employers and colleges from demanding access to their employees’ or students’ private email and social media accounts. FIRE has supported state and federal legislation with that goal in mind, but we have serious concerns about aspects of ESOPPA that would undermine the bill’s intent. As we explained today in a letter to the ULC, the proposed model legislation’s exceptions are so broad that they may negate the laudable intention of the legislation.
For example, the model legislation would give public educational institutions the authority to require students to grant administrators access to their protected personal online accounts (accounts that the owner has restricted viewing access only to people whom they have given permission) for the purpose of “ensuring compliance, or investigating non-compliance, with federal or state law or an educational institution policy.” This very broad exception likely does not comply with the Fourth and Fifth Amendments to the U.S. Constitution. As we explained in our letter, “[t]he Supreme Court of the United States acknowledged in Riley v. California, 134 S. Ct. 2473 (2014), that searches of electronic devices and communications are particularly intrusive, and thus must comply with the Constitution, because of the vast amount of personal information contained in those mediums.”
For this and other reasons articulated in our letter, we have urged the ULC to reject its current draft of ESOPPA and work with us to fix the problems presented in the bill. As always, we are available and eager to help.