A new consumer privacy protection law, the Reader Privacy Act, was recently signed into law in California and will go into effect January 1, 2012. The Act will protect readers of e-books and other “paginated or similarly organized content,” excluding publications such as magazines and newspapers, from having their personal information turned over to government entities without the government entities first obtaining a court order. While the Act clearly applies to e-book providers such as the iBookstore and Amazon, some commentators are concerned that it may also apply to bloggers and the information posted in their online forums.

The Act prohibits “any commercial entity offering a book service to the public” (“Provider”) from disclosing or being compelled to disclose any personal information without a properly obtained court order. Under the Act, personal information includes information that can reasonably be associated with a particular user, including an IP address, where it can be related to a user or a book, “in whole or in partial form.” Exceptions to this requirement are limited, and include where the user has provided consent, where there is a good faith belief that failure to immediately disclose the requested information will result in “death or serious physical injury,” and where the Provider has a good faith belief that the “personal information is evidence directly related and relevant to a crime against the provider or that user.” The Act also has in place notice requirements for both the Providers and the users, where appropriate. Those Providers that release personal information in violation of the Act will be subject to civil penalties of $500 per violation.

While the Act provides much needed protections for consumer information, there is some concern that this restriction on Providers from supplying personal information may also apply to bloggers—especially those that host advertisements on their blogs—because hosting such advertisements may be considered commercial activities and, thus, make them a “commercial entity” under the Act. Supporters of the Act, including the Electronic Frontier Foundation (EFF), however, indicate that this was never the intent of the Act. They contend that the Act is specifically designed to address companies that are in the business of providing e-books. Similarly, other individuals support the EFF’s view by arguing that an individual is not an “entity” and that the Act did not contemplate URL pagination when covering “paginated or similarly organized content in...electronic...format.”

While there is arguably some ambiguity, it is likely that bloggers will not be covered by the Act. In either case, and despite the ambiguity, this Act is beneficial to consumers who may be damaged by the release of their book browsing habits to government entities. Such information may, at times, be very personal and reveal interests, disinterests, and medical concerns. Should bloggers also be subject to the Act, consumers would have additional privacy protection, but bloggers would face additional legal concerns regarding the information that they provide and collect through their blogs.

Arent Fox will continue to monitor the Reader Privacy Act and other privacy-related matters. Please contact Sarah L. Bruno or Eva J. Pulliam with questions.