On January 1, 2012, the California Reader Privacy Act went into effect. The Act requires all “book service providers,” i.e., book sellers, in the State to take certain steps when responding to governmental requests for user information and to make specific reports and disclosures regarding those requests.
The Act protects unauthorized disclosure of private information regarding books and book readers.
California consumers are increasingly utilizing digital book services and providers and in connection therewith such entities may collect detailed personal information about consumers such as books browsed, how much time is spent reading each page, and digital notes made in the margins. The Act is meant to address implicated privacy issues and codify the privacy and free speech safeguards for expressive records guaranteed by the California Constitution.
The Act prohibits book service providers—defined as any service that has as its primary purpose the “rental, purchase, borrowing, browsing, or viewing of books”—from knowingly disclosing the personal information of any of its users to a law enforcement agency except per a valid court order based on probable cause and a determination that the requesting agency has a compelling interest in obtaining the information that could not be obtained by less obtrusive means.
Prior to issuing an order to disclose user information, the book service provider must have been provided “reasonable notice” to allow it the opportunity to appear and contest the issuance of the order.
Once a book service provider receives a court order seeking disclosure of a user’s personal information, the service provider must notify the user so that he or she has a chance to appear or quash the order.
The Act also imposes certain reporting requirements on all book service providers. If a book service provider discloses the personal information of 30 or more California users in a year it is required to prepare a report that is to be made publicly available in an online searchable format. A book service provider with a commercial web site is required to either create a prominent hyper link to the report required under this Act or state that no report was prepared because the service provider was exempt from the reporting requirement. (because less than 30 disclosures were made).
The provisions of the Act are ignored at a book service provider’s peril. A service provider that violates the Act is subject to civil penalties to the user and/or Attorney General and the Act may be the basis of civil actions and liability brought by either the user or an attorney general or district attorney within two years of discovery of any violation of the Act.