California Leads on Reproductive and Trans Health Data Privacy

In the wake of the Supreme Court’s Dobbs decision, anti-choice sheriffs and bounty hunters will try to investigate and punish abortion seekers based on their internet browsing, private messaging, and phone app location data. We can expect similar tactics from state officials who claim that parents who allow their transgender youth to receive gender-affirming health care should be investigated for child abuse.

So it is great news that California Gov. Gavin Newsom just signed three bills that will help meet these threats: A.B. 1242, authored by Asm. Rebecca Bauer-Kahan; A.B. 2091, authored by Asm. Mia Bonta; and S.B. 107, authored by Sen. Scott Wiener. EFF supported all three bills.

This post summarizes the new California data privacy safeguards and provides a breakdown of the specific places where they change California state law. For those interested, we have included the citations to these changes. These three new laws limit how California courts, government agencies, health care providers, and businesses handle this data. Some provisions create new exemptions from existing disclosure mandates; others create new limits on disclosure.

EFF encourages other states to consider passing similar bills adapted to their own state civil and criminal laws.

New Reproductive and Trans Health Data Exemptions from Old Disclosure Mandates

Law enforcement agencies and private litigants often seek evidence located in other states. In response, many states have enacted various laws that require in-state entities to share data with out-of-state entities. Now that anti-choice states are criminalizing more and more abortions, pro-choice states should create abortion exceptions from these sharing mandates. Likewise, now that anti-trans states are claiming that gender-affirming care for trans youth is child abuse, pro-trans states should create trans health care exceptions from these sharing mandates. California’s new laws do this in three ways.

First, an existing California law provides that California-based providers of electronic communication and remote computing services, upon receipt of an out-of-state warrant, must treat it like an in-state warrant. A.B. 1242 creates an abortion exemption. A provider cannot produce records if it “knows or should know” that the investigation concerns a “prohibited violation.” (See Sec. 8, at Penal Code 1524.2(c)(1)) A “prohibited violation” is an abortion that would be legal in California but is illegal elsewhere. (See Sec. 2, at Penal Code 629.51(5)) Further, warrants must attest that the investigation does not involve a prohibited violation. (See Sec. 8, at Penal Code 1524.2(c)(2))

Second, an existing California law requires state courts to assist in enforcing out-of-state judicial orders. This is California’s version of the Uniform Law Commission’s (ULC’s) Interstate Depositions and Discovery Act. It requires Calif