Header graphic for print
Workplace Privacy, Data Management & Security Report

Claims Against University for Accessing Facebook Account Allowed to Proceed

In a case reflecting the challenges faced by institutions of higher education in trying to prevent violence on campus, a judge in the U.S. District Court for the Eastern District of Pennsylvania declined to dismiss claims against Widener University by a former student under the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act (SCA) for accessing the student’s Facebook account without permission. Rodriguez v. Widener University, No. 13-1336 (E. D. Pa. June 17, 2013).

According to the court, friction between Rodriguez, a Navy veteran enrolled in a pre-med program, and the University apparently began when Rodriguez had a disagreement with his faculty adviser about creationism. Rodriguez was subsequently summoned to the Deans’ office where he was confronted with printed images from his Facebook account and an email that he had allegedly sent to 48 widener.edu addresses in which he said that he had recently been detained in a psychiatric ward in North Carolina and further stated:

"I am moving and operating in a cold-fury….I have been harassed about there being a God, and I can’t make anyone agree with me, but I promise you that my belief is the only thing keeping me from doing a significant amount of damage to a small town in NC; property, police and public citizens, all of which treated me lower than dirt…"

On his Facebook page, where he referred to himself as "Broseidon Steele," he had allegedly written, "I am Superman; and there’s no such thing as Kryptonite… Finally after years of patiently waiting, I will show you how to weapon eyes [sic]" and posted photographs of firearms. The University suspended Rodriguez in part due to the images of firearms and sent him for an involuntary mental health evaluation. He was also searched and allegedly found to possess a knife and some marijuana. According to the Court’s decision, after being committed involuntarily for seven days, during which time he missed an award ceremony and medical school admissions interview, Rodriguez was cleared to return to school.

Rodriguez sued the University under various legal theories including deprivation of his constitutional rights under 42 U.S.C. Sections 1983 and 1985, violation of the ECPA, violation of the SCA, violation of the Rehabilitation Act, and a state law claim of invasion of privacy. The Court dismissed most of his claims, but allowed Rodriguez to proceed on the ECPA and SCA counts to the extent they were based on the allegation that the defendants improperly accessed his Facebook images because they were not generally available to the public. Rodriguez also claimed the University had improperly accessed his email account, but since the email was sent to one of the individually-named defendants, the Court held that there was no improper access. Rodriguez also alleged that the University obtained information from his medical providers without authorization but the court did not address that part of his claim in its decision. It was not clear from the record how Defendants obtained access to Rodriguez’s private Facebook account, but the decision suggests a greater willingness by the courts to apply the provisions of the ECPA and SCA in situations where institutions or employers gather electronic  information without authorization.