Oklahoma does … something?

23 January 2020

On January 13, 2020, the Oklahoma House received a nonsense bill. Rep. Collin Walke, ​Oklahoma E-Mail Communication Content Privacy Protection Act​, (2020). This bill is intended to “make it illegal for companies, like Google or Microsoft, that host email servers to glean information from users.” Collin Walke, ​Facebook Post​, Facebook (2020), https://www.facebook.com/Walkefor87/posts/2657786940984444 (last visited Jan 22, 2020).

The bill itself is pretty short. There is a general prohibition saying:

No email service provider shall conduct any form of scanning of the subject lines or body of any email communication sent to or by any of its clients nor shall such email service provider allow any other person, whether directly or indirectly, to perform a scan of any such email communications.

Oklahoma E-Mail Communication Content Privacy Protection Act, § 3.A.

That’s pretty heady stuff there. It would seem to prohibit things like spam or virus filters from operating. After all, both of those work by scanning the content of messages. Thankfully, the definitions of the bill tighten things up a bit:

“Scanning” means any process pursuant to which any part of the content of an email communication is analyzed, summarized, interpreted or otherwise examined by human action or by the use of software, analytical programs, algorithms or any other method that allows a person or business entity, including the email service provider, to acquire information about the email client which includes personal information about the client such as their name, mailing address, phone number or numbers, other email addresses, financial information or any other information about the email client which can be derived from the scanning of the client’s email communications

Oklahoma E-Mail Communication Content Privacy Protection Act, § 2.9.
Read moreIt’s hard being in court so much

It doesn’t help that they don’t define “email client,” but I think that we can safely assume that it means “a person using an email service” as opposed to the mail user agent (like Outlook or Thunderbird). But, making this assumption, the text appears to be aimed mainly at the large webmail providers who use some basic scanning of a message to display relevant ads to their users.

That said, the prohibition is pretty large. While the term “scanning” seems to narrow itself to what we might refer to as “Personally Identifiable Information” (or “PII”), it is important to note that this is inclusive language: “acquire information about the email client which includes personal information…” Thus, we should note that the intent here is not just to prohibit “scanning” messages to find PII, which the provider might use, but rather to prohibit gathering ANY data from the message that might be useful for any purpose.

What I’m uncertain of at the moment is how this bill would play with the long-standing ECPA which seems already to prohibit the interception and unauthorized use of stored communications. United States Congress, ​Electronic Communications Privacy Act​, Legal Information Institute (1986), https://www.law.cornell.edu/uscode/text/18/part-I/chapter-119 (last visited Jun 2, 2024).

Read moreSending email to wireless domains?

This is certainly a bill that I’ll be watching this year.

Mickey Chandler
Latest posts by Mickey Chandler (see all)