Wrath of Quon?

Posted on June 20, 2008 by Proskauer Rose LLP
The June 18, 2008 Ninth Circuit panel decision in Quon et al. v. Arch Wireless et al., No. 07-55282 (9th Cir. June 18, 2008) has sparked a flurry of news reports and speculation regarding employers’ ability to monitor employees’ e-mails and text messages. In fact, the decision appears to change very little for private employers who wish to review employee communications stored on, or sent through, their own servers and computers. However, Quon does limit employers’ ability to request from third-party providers the contents of employees’ electronic communications.

Quon is a police officer for the City of Ontario, California. He was issued a pager active on the Arch Wireless network. The Ontario Police Department (OPD) subscribed to an Arch plan whereby each officer received a quota of 25,000 text characters per month. The informal policy of the OPD was to make officers pay for overages.

Although the OPD disseminated to employees a computer use policy that included text message and e-mail auditing, thereby disclaiming any reasonable expectation of privacy in such communications, OPD officers were informed by supervisors that text messages sent from police-issued pagers would not be audited so long as OPD officers paid the overage fees.

When Quon and other officers exceeded their quotas several months in a row, the OPD requested that Arch provide to the OPD, qua employer, transcripts of those messages. OPD reviewed the transcripts and discovered that many of Quon’s messages consisted of personal and sensitive messages unrelated to work, contrary to OPD policy.

Quon and others whose text messages were audited sued Arch, based on violation of the Stored Communications Act, and Ontario, the OPD and various OPD officials for violation of the Fourth Amendment to the U.S. Constitution and the Privacy Clause contained in article 1, section 1 of the California Constitution. 

Arch is an “electronic computing service” under the Stored Communications Act

In a reversal of the trial court, the Ninth Circuit panel held that Arch violated the Stored Communications Act (SCA) when Arch turned over the contents of text messages in the absence of a court order or consent of addressees or intended recipients – in this case, Quon and third parties, including his co-plaintiffs. This determination turned on whether Arch was a “remote computing service” (RCS) or an “electronic communication service” (ECS) under the SCA. The court found that Arch was an ECS and that therefore Arch improperly surrendered the contents of plaintiff-appellants’ text messages without consent or court order. This holding applied to Arch as the service provider, not to Ontario or the OPD as employers.

Reasonable expectation of privacy

Further, the court held that as a public employer, the Fourth Amendment and California Privacy Clause applied to the OPD’s review of the text messages. The court engaged in the typical two-pronged Fourth Amendment analysis, under which a plaintiff must establish: (1) a reasonable expectation of privacy; and (2) an unreasonable search by a government actor.

The court squarely held that in the absence of other circumstances, users of text messaging “have a reasonable expectation of privacy in the content of their text messages vis-à-vis the service provider.” Slip Op. at 7020 (citing cases). However, the court noted that it “does not endorse a monolithic view of text message users’ reasonable expectation of privacy, as this is necessarily a context-sensitive inquiry.” Slip. Op. at 7021.

In Quon’s particular context, the court found that even though the OPD’s acceptable use policy covered text messages and disclaimed any reasonable expectation of employee privacy, the “operational reality” of the OPD was that officers were told their texts would not be audited so long as they paid text message overage fees. That operational reality distinguished Quon from other employment cases in which employees were informed that their communications were not private; in such cases, the court refused to find a reasonable expectation of privacy. Slip Op. at 7022-23.

Further, the Court found that the search was unreasonable because it was overbroad; the OPD need not have reviewed the contents of the text messages in order to assess whether OPD’s text messaging quota was too restrictive. See Slip Op. at 7025-7027.

Nothing in the case appears to restrict the ability of private employers with clear computer use policies disclaiming employee privacy to monitor employees’ e-mails (sent through the employer’s system) and text messages. However, Quon is an important reminder that employers should ensure their electronic communications policies and practices and statements to employees are consistent with formal employer policies.

A copy of Quon is available here.
Tags: , , , , , , , ,

Emerging Standards For Mobile Marketing

Posted on June 10, 2008 by Kristen J. Mathews
Many B2C companies are beginning to explore marketing to consumers’ wireless devices using text messaging (“SMS,” or “short message service”) and MMS messaging (“Multi-media Messaging Service”). They may even target their promotions based on where the recipient is physically located using the wireless device’s GPS technology. They also may target their promotions to teens and tweens. What legal issues should companies be aware of as they navigate through this relatively new area?
This question is very timely, as mobile marketing has received a lot of attention from regulators and industry organizations in the last few months.

Statutes. Statutorily, we have two federal laws that apply to mobile messaging: the Telephone Consumer Protection Act (the “TCPA”) and the Controlling the Assault of Non-Solicited Pornography and Marketing Act (the “CAN-SPAM Act”). Each of these laws apply to mobile promotional messaging, depending on the technology used to send the messages. We also have a host of state laws that apply, either expressly or implicitly, to mobile promotional messaging. In summary, the laws require that companies obtain express consent from individuals before sending promotional messages to their wireless devices. In some cases, specific consent language is required.

Mobile Marketing Association Guidelines. In addition to statutes, we also have various industry standards that apply to text messaging campaigns. The Mobile Marketing Association (MMA), for example, has a set of Consumer Best Practices Guidelines for mobile marketing, which is incorporated by reference into the carrier agreements under which short codes are issued by carriers to companies that want to launch text messaging campaigns. These best practices provide, among other things, requirements for consumer notices, consent and opt-out rights.
 
Wireless Association Standards for Location-based Marketing. The CTIA (The Wireless Association) recently issued a set of best practices that provide for, among other things, consumer notice and consent for location-based marketing, and consumer choice for sharing of location information with third parties. These guidelines also address retention and security of location-based information, abuse reporting and public self-certification of compliance with the best practices. (Self-certification, in itself, presents its own set of legal issues.)
 
Federal Trade Commission. Just this past May, the Federal Trade Commission (FTC) hosted a public town hall meeting, “Beyond Voice: Mapping the Mobile Marketplace.” Topics discussed included the evolution and future of mobile marketing, location-based marketing, consumer disclosures and consents, the challenges of small PDA screens for consumer notifications, teen and tween-targeted campaigns, parental controls and security issues with respect to data stored on mobile devices. Also in May, two consumer advocacy groups (the Center for Digital Democracy and the U.S. Public Interest Research Group) announced their plan to file a complaint with the FTC, asking it to examine behavioral advertising via mobile devices and to promulgate special rules regulating mobile marketing to children and teens.
 
It is reasonable to anticipate that the FTC will ultimately issue either guidelines or rules which apply to mobile marketing campaigns, in an attempt to set forth uniform requirements for mobile marketing. Until then, companies must navigate and synthesize the various sources of applicable laws and standards, and derive an approach that meets their business objective while avoiding backlash from the media, the industry, the wireless carriers and consumers.
Tags: , , , , , , ,