3 min read

Last week, the Electronic Frontier Foundation (EFF) issued a letter to support the petition for review filed by Richard Sander and the First Amendment Coalition in Sander v. State Bar of California case.

The opinion issued by First District Court of Appeal in August basically changes the California Public Records Act (CPRA) that could prevent California citizens from accessing public data that state and local agencies are generating.

The court ruled that in order to de-identify personal information, the State Bar of California has to create “new records” to “recode its original data into new values.” EFF has raised a question that the California Supreme Court has to address: does anonymization of public data amount to a creation of new records under the CPRA?

If the court’s opinion of creating new records becomes the standard across California, it will be against the purpose of CPRA. CPRA was signed in 1968, a result of a 15 year long effort to create a general records law for California.

Under CPRA, on public request, the governmental records should be shared with the public, unless there is any reason not to do so. This act enables people to understand what the government is doing and prevents government inefficiencies. This act is very important today as a vast amount of digital data is produced and consumed by governments.

In a previous hearing the California Supreme Court acknowledged that sharing this data to the public will prove useful:

“It seems beyond dispute that the public has a legitimate interest in whether different groups of applicants, based on race, sex or ethnicity, perform differently on the bar examination and whether any disparities in performance are the result of the admissions process or of other factors.”

However, when the case proceeded to trial, the petitioners were asked to show how it was possible to de-identify this data. But, according to CPRA, when government refuses to share the records requested by the public, they should show the court that it is not possible to release data and protect private information at the same time.

EFF further pointed that in another case, Exide Technologies v. California Department of Public Health, a different superior court in California has ruled the opposite way. The court ruled that the government agency must share the investigations of blood lead levels. But it should be shared in a format that serves the public interest in government transparency while at the same time protecting the privacy interests of individual lead-poisoning patients.

This requires California Supreme Court to settle how agencies should handle sensitive digital information under the CPRA. With the increase in the data collected by the state from and about the public, it is important that they give access to this data in order to maintain the transparency.

Read the full announcement on EFF’s official website.

Read Next

Senator Ron Wyden’s data privacy law draft can punish tech companies that misuse user data

Privacy experts urge the Senate Commerce Committee for a strong federal privacy bill “that sets a floor, not a ceiling”

Is AT&T trying to twist data privacy legislation to its own favor?