The Wikimedia Foundation cosigned an amicus brief in Snap v. Pina, a case where the defendant, charged with murder, attempted to obtain the victim’s electronic communications to aid in preparing his defense. The lawsuit reached the Supreme Court of the state of California in the United States after the Court of Appeals ruled that the 1986 Stored Communications Act (SCA) does not protect user data used for “business purposes.” This ruling not only ignores decades of legal precedent, but also removes SCA safeguards that are critical for user safety. Our brief warns that this interpretation lets platform hosts and technology companies share user data—including with foreign governments—without warrants, which can endanger journalists, political activists, and vulnerable groups worldwide, including Wikimedia volunteers.
In early 2025, we cosigned an amicus brief in the Snap v. Pina case, which is presently before the Supreme Court of the State of California in the US, and that could have a significant impact on data privacy and safety online. The case is a murder trial, so we did not submit our brief in support of any of the parties, but strictly in relation to aspects of the lawsuit that concern data privacy and safety as well as user data disclosures. Whenever anyone accesses a webpage, they leave a digital “paper trail” of data that is stored by that platform’s host. Since that is also the case of the Wikimedia projects, we observe with concern any significant changes to data protection laws and regulations, especially how these might negatively affect the privacy and safety of users, both readers and Wikimedia volunteers.
In this case, the defendant’s lawyers issued a subpoena to request electronic communications from Snap Inc. and Meta Platforms. Both companies argued that the 1986 Stored Communications Act (SCA)—a leading electronic communications privacy statute in the US—would prohibit service providers from disclosing a user’s private data to anyone. The Court of Appeals of California ruled otherwise, and held that the SCA does not apply to private electronic data held by a platform host when said host uses that data for its own “business purposes,” for instance, targeted advertising. Consequently, the Court decided the requested data was excluded from the SCA’s protections because Snap and Meta had used the data in question for the “business purpose” of serving personalized ads to the victim. This ruling ignored nearly 40 years of established legal precedent.
The Court’s ruling effectively eliminates a legal requirement that interested foreign parties seeking to gain access to content data stored within the US—from individuals to organizations to governments—have to use specific frameworks, including the SCA, so that the relevant foreign and US authorities can coordinate a search warrant. This court-issued warrant is necessary in order to compel US service providers to disclose the data in question. As a result, the Court of Appeals’ decision threatens the privacy and safety of internet users in the US and abroad. The implications of this legal change are gravely dangerous: Foreign governments, especially authoritarian ones, are increasingly pressuring technology companies to comply with their demands, legal or otherwise. The appellate court’s ruling weakens the ability of US-based platform hosts to protect the data privacy and safety of their users against the threat posed by authoritarian government actions. The elimination of SCA safeguards means any interested foreign parties would have an easier time obtaining rulings in their favor, which could compel internet platforms to provide data on their users. This represents a threat to Wikimedia users, both readers and volunteers, since their data is stored in US servers. This is one of the reasons why we collect minimal data from our users and retain it sometimes for as little as 90 days. This is to ensure the privacy of our users is protected in the best way possible while still complying with applicable laws
Now that the California Supreme Court is set to decide this case, our amicus brief warns that adopting a “business purpose” theory of the SCA could weaken long-standing protections for user data. As it stands, this ruling would remove the restrictions that stop US technology companies from voluntarily disclosing user content data to any government and interested parties whenever these companies use it for their own “business purposes.” This would put user data privacy at risk not only in the US, but also worldwide, by allowing platform hosts to assist with government searches in many more situations than what the SCA currently allows. As a consequence, internet users, including journalists, political activists, and vulnerable communities, could be exposed to surveillance and persecution from anywhere in the globe.
There is an increasing desire by governments worldwide to regulate online services by means of legislation. Laws, like other tools, can be carefully developed and used to ensure the safety of people online or exploited as a blunt instrument for the sake of oppressing and repressing anyone who uses the internet. Removing safeguards, facilitating legal persecution, and creating backdoors to services, are a few proposals common to a growing worldwide trend of loosening digital privacy protections. Even when these proposed measures are well-intentioned, done without due consideration, they can promptly be exploited by malicious actors. For these reasons, the Wikimedia Foundation has also similarly warned against the potential threats posed by the United Nations (UN) Convention Against Cybercrime.
Therefore, in Snap v. Pina, we urged the Supreme Court of California to reject the Court of Appeal’s interpretation of the SCA in view of the danger it poses to the data privacy and safety of billions of internet users worldwide, both in the US and abroad, and to resolve the issues presented by this case on grounds other than a “business purpose” theory of the SCA. It is crucial to safeguard the data privacy and safety of everyone who uses the internet. Furthermore, in order to protect the online information ecosystem, it is particularly important to protect those who contribute to it, such as journalists and Wikimedia volunteers, from legal changes that can leave them particularly vulnerable to governmental oppression and retaliation for their contributions to the public interest and open knowledge.
We would like to thank our cosigners to this brief for their work: Bolo Bhi, Digital Rights Foundation, Open MIC, Software Freedom Law Center, Tech Global Institute, and the University of Colorado Boulder Law School.
Can you help us translate this article?
In order for this article to reach as many people as possible we would like your help. Can you translate this article to get the message out?
Start translation