In a recent decision, Ehling v Monmouth-Ocean Hospital Service Corp, cv-03305 (WJM), the US District Court for the District of New Jersey (Court) ruled that Facebook posts that are not made available to the general public are “protected communications” under the federal Stored Communications Act (SCA), which protects electronic communications that are configured to be private. The SCA was enacted in 1986, when computer networking was in its infancy, and years before the use of the World Wide Web became pervasive. As a result, the Court faced a challenge in applying this legislation to Facebook, a form of electronic communication that could not easily have been anticipated in 1986.
The plaintiff was a nurse and paramedic who worked for Monmouth-Ocean Hospital Service Corp (MONOC), a non-profit hospital service corporation. She had configured the privacy settings on her Facebook account so that only her Facebook friends could access her posts. Although she did not have any MONOC managers as Facebook friends, many of her MONOC co-workers were Facebook friends. In June 2009, the plaintiff made a Facebook post suggesting that the paramedics who had responded to a fatal shooting should not have saved the shooter. A co-worker who was one of her Facebook friends e-mailed a screenshot of that post to MONOC management.
In response, MONOC suspended the plaintiff with pay, and sent her a memo stating that management was concerned that the post reflected a “deliberate disregard for patient safety.” The plaintiff commenced legal proceedings, claiming that MONOC management had violated the SCA by improperly accessing her post about the shooting.
The Court reviewed the provisions of the SCA and noted that the statute protects: (1) electronic communications, (2) that were transmitted via an electronic communication service, (3) that are in electronic storage, and (4) that are not public. The Court concluded that Facebook posts that are configured to be private meet all four criteria set out in the SCA.
Having found the communications to be protected, the Court then considered whether the SCA’s “authorized user” exception applied. This exception is expressed to apply where, (i) access to the communication was “authorized”, (ii) “by a user of a wire or electronic communications service”, (iii) “with respect to a communication . . . intended for that user”. Access is not authorized if the purported “authorization” was coerced or provided under pressure.
The court found that access to the plaintiff’s Facebook post was “authorized”, as the plaintiff’s co-worker voluntarily provided the plaintiff’s Facebook posts to MONOC management without any coercion or pressure; the information was completely unsolicited. Further, access to the plaintiff’s Facebook post was authorized “by a user of that service”. The SCA defines a “user” as “any person or entity who, (a) uses an electronic communications service; and (b) is duly authorized by the provider of such service to engage in such use”. The co-worker was clearly a Facebook user, as he had an active Facebook account. Finally, the plaintiff’s Facebook post was “intended for” the co-worker. The privacy settings the plaintiff had selected for her Facebook account were such that her posts were visible to, and intended for, her Facebook friends. The co-worker was one of the plaintiff’s Facebook friends on the day she made the post about the shooting, so the post was intended for him.
As a result, the Court concluded that the authorized user exception applied and that MONOC management had not violated the SCA.
The court’s efforts to apply the SCA to Facebook highlight the continuing challenges that lawmakers and the courts face in keeping the law current with rapidly-evolving changes in technology.
For the full text of the decision, follow this link:
Summary by: Kathryn May