Social media and civil discovery: What, if anything, is privileged?

June 4, 2014

Facebook Magnifying glassA few weeks back, we had a post about the treasure trove of information that social media offers to law enforcement in criminal cases.  But this treasure trove of personal information presented by social media isn’t useful only in criminal prosecutions: electronically-stored data from services such as Facebook are regularly sought after in civil litigation.

But how much of that data is subject to discovery, and how much is privileged?

There isn’t a simple answer.  The law is anything but settled on this issue, and the rulings that do exist are often in conflict with one another.

That being said, there is enough statutory and case law available to glean some general guidelines about what information on an individual’s Facebook page or Twitter account is subject to discovery.

Of course, “information” as used above is a broad term that encompasses quite a variety of data.  It includes Facebook wall posts, private messages, location data, photographs, and an array of other personal details such as a user’s individual “Likes” and app usage.

First, we have to start with the laws governing the disclosure of electronically stored communications: 1986’s Stored Communications Act (SCA) (enacted as part of the Electronic Communications Privacy Act).

If you want a fuller description of the SCA, check out this post from 2011.  But here’s a brief summary: the SCA prohibits online service providers from disclosing electronic messages to third parties without the consent of the sender or the recipient.  Both Facebook and MySpace have been specifically determined to be subject to the requirements of the SCA.

So what does this all mean in the context of civil discovery?  That a service provider such as Facebook cannot release communications that it has stored to a third-party without permission of the recipient or sender.  In other words, even if subpoenaed, Facebook would be prohibited by the SCA from releasing private communications to the opposing party.

Now, there are quite a few caveats here.  First, the SCA only protects against the unauthorized release of communications.  Although somewhat broad, in that it refers not only to private messages and wall posts, but also to Facebook “Likes” and user location data, there’s nonetheless quite a bit of information that this does not apply to.  For instance, data such as user login times and locations, browsing history, and other records related to a user’s account are unprotected by the SCA, and thus may be subject to discovery (typically, courts find that a user’s reasonable expectation of privacy in this information is waived since the vast majority of websites’ terms and conditions contain explicit provisions allowing the website to release that information).

However, just because stored data qualifies as “communications” and thus falls within the purview of the SCA doesn’t mean that it is categorically inaccessible to the opposing party.

If, for instance, the communication was, say, a Facebook wall post that was viewable to hundreds of the user’s Facebook friends, it may not be terribly difficult for the opposing party to obtain that information without the assistance of Facebook itself.  In addition, courts often interpret the SCA as protecting private communications between a very limited number of individuals (two, in most cases).  If a wall post was viewable by a large number of individuals, you may find that the SCA provides very little protection in these circumstances.  The same is true in regards to tweets on Twitter, which one court described as “an e-mail that is sent to a party and carbon copied to hundreds of others.”

Furthermore, the SCA doesn’t protect this information from discovery requests made directly to the party to whom it belongs (courts have actually gone as far as ordering a party to disclose his Facebook password to the other party to access the account).

Most of the time, though, courts aren’t going to give completely open access to one party’s account.  The same rules of discovery apply here as anywhere else: the request for information must be specific, and courts routinely quash subpoenas that are overbroad or may constitute a “fishing expedition.”  The information sought must be relevant to the matter being tried, and the party seeking this information “must show with some credible facts” that this information has been posted on the account at issue.

In certain circumstances, however, a court may order the release of large swaths of data, such as photographs and wall posts, where the physical or mental condition of the user is at issue.  This scenario is most common in personal injury cases, where one of the central questions is often whether and to what extent the alleged injury has impacted the plaintiff (the court in one case ordered the plaintiff to produce all photographs “added to any social networking site since the date of the subject accident that depicted the plaintiff, regardless of who posted the photograph”).

Nevertheless, as stated above, the law on this matter remains emphatically unsettled, so your individual experience may vary from what I’ve outlined.  But given the direction taken by the courts thus far, this roadmap may be a reasonably accurate indicator of where courts will be headed in the future.