Should California’s marijuana customers be worried about the federal government charging them with a crime?
That’s the provocative question a reader asked us after we published Pot 101, an article that outlines what you can and can’t legally do under the state’s recreational marijuana law, Proposition 64.
The measure legalized recreational pot sales statewide on Jan. 1, 2018.
The reader, who requested that we not use her name, said she was asked to submit a copy of her photo ID to complete a marijuana purchase online, through a retail dispensary.
She was concerned her information, and that of all customers, could be obtained by the federal government should the dispensary ever be shut down.
The short answer to her question is: Yes. Federal law still classifies marijuana as an illegal drug and there are no current protections for recreational customers.
Days after California legalized retail pot sales, U.S. Attorney General Jeff Sessions rescinded an Obama administration memo that recommended a hands-off approach to marijuana prosecution. The move was seen as possibly paving the way for a federal crackdown on marijuana, though it’s uncertain whether that will happen.
To get a fuller picture, we spoke with marijuana policy experts about the likelihood of federal prosecutions and examined customer privacy and data collection practices at California’s marijuana dispensaries.
Like the state’s marijuana law itself, we found the answers aren’t always clear cut.
What information can dispensaries collect on recreational marijuana customers?
To buy recreational marijuana at a dispensary in California, customers must show a valid ID to prove they are 21 or older. A driver’s license or passport is sufficient.
This is the only information dispensaries are required to check for walk-in recreational customers under Proposition 64. The law does not instruct businesses to hold on to customer data following a purchase, said Tamar Todd, who helped draft the ballot measure, and is legal affairs director with the Drug Policy Alliance. But there’s also nothing in the law that prevents the businesses from asking for it and keeping it.
The half dozen dispensaries we contacted all told PolitiFact California they retain customer information. Most said they scan driver’s licenses, a process that in some cases automatically enters personal information into the store’s computer system. One dispensary, in addition to the scan, requires customers to fill out their names and phone numbers on a contact form. Another told us they type in customer initials and a date of birth if they’re uncomfortable giving their full name.
‘Find a different shop’
Many stores collect this data for marketing purposes, said Robert Mikos, a professor at Vanderbilt University in Nashville, Tennessee, who studies state and federal marijuana policy.
“As a consumer you might go into a store where they don’t give you the option to decline, stores are always trying to gather information,” Mikos said. “You might just find a different shop where they don’t collect that information.”
Marketing is part of why dispensaries track customer purchases. But so is the need to comply with state laws that limit the amount of cannabis sold to an individual each day, said Lauren Mendelsohn, a Sebastopol-based attorney who specializes in permitting and licensing for cannabis businesses. The law allows recreational customers to buy 1 ounce of cannabis per day, which is enough material to fill a few dozen joints. Alternately, they can purchase up to 8 grams of cannabis concentrates found in marijuana edibles such as candies, brownies and breakfast bars.
“They need to keep track of who bought how much and when they were there,” Mendelsohn said.
Under the law, dispensaries are instructed to retain some personal information for delivery orders to help ensure marijuana is not being diverted to those under 21, said Todd, of the Drug Policy Alliance. In those cases, the store retains copies of each delivery request.
To purchase medical marijuana, patients must show a doctor’s recommendation or a state-issued medical marijuana ID card when they visit dispensaries.
Amy Jenkins, a Sacramento-based lobbyist who represents the California Cannabis Industry Association, said she has not heard of dispensaries storing substantial personal information for those who buy recreational or medical pot.
She noted, however, that medical patients “like to be entered into the system just for convenience and ease when they come back in to acquire new products,” rather than bringing a letter from their doctor each time they visit.
There’s another form of information collection at dispensaries: Videotaping.
Dispensaries are required under the state’s emergency licensing regulations to videotape customers on-site, including each transaction, Todd said.
“I find it a little concerning in terms of privacy, especially for patients who are medical marijuana customers,” Todd said, citing health privacy laws. “It’s unnecessary to me, and has sort of a chilling effect on customers in subjecting them to unnecessary legal exposure.”
She said the surveillance requirement is part of the state’s six-month emergency rules that govern industry practices and were released in late 2017.
How worried should customers be about privacy?
Experts told us it’s very unlikely the federal government would target individual customers for enforcement.
“The concerns are pretty small and minor for consumers,” said Mikos, the Vanderbilt professor. “In part that’s because the federal government has never spent much effort actually cracking down and enforcing its marijuana ban against consumers. It’s always focused on big suppliers. And it’s left the handling of consumers to state authorities. So it’s very unlikely that the federal government would pursue legal action against consumers.”
Todd, of the Drug Policy Alliance, agreed.
“It’s very, very unlikely that there’s going to be targeting of individual customers. Many, many other targets would come first,” she said.
The chances the federal government would target medical marijuana customers appears even less likely because they have a form of legal protection. Since 2012, Congress has barred the U.S. Department of Justice from using its budgeted funds to prosecute individuals or suppliers who comply with state medical marijuana laws, Mikos said. The protection stems from an amendment authored by Reps. Dana Rohrabacher, R-Calif. and Earl Blumenauer, D-Ore.
For recreational pot consumers, there’s no such protection. Todd said there have been several bills submitted in Congress to strengthen protections for recreational customers, ranging from legislation to similarly restrict the DOJ from prosecuting customers who follow state law to a the broader proposal to legalize marijuana nationwide.
Are there any state laws to protect customer privacy?
In April 2017, Oregon passed a law prohibiting marijuana retailers from keeping or sharing customers’ personal information. Customers may still voluntarily sign-up for emails from shops to get coupons or discounts, according to an article by the Oregonian. Lawmakers in that state cited fears the Trump administration could crack down on the state’s cannabis industry.
Similar laws are already in place in Alaska and Colorado and self-imposed industry standards in Washington state, according to the Associated Press.
As of early February 2018, there were no formal proposals in the California Legislature to address privacy concerns at dispensaries. But at least one state lawmaker has explored the topic, said Jenkins, the cannabis industry lobbyist.
A state senator, who Jenkins declined to name, is examining the idea of legislation that would “further protect customers from dispensary operators that are seeking information beyond” verifying an ID card. She described it as an early “fact-finding inquiry,” to assess whether there’s a problem, noting the lawmaker has not committed to bringing a bill forward.
Our answer: Yes, with some caveats
Our reader asked whether marijuana customers can be charged by the federal government with a crime. Our answer is yes, but with some caveats.
Marijuana remains illegal under federal law. Additionally, the Trump administration has taken steps to make a crackdown on the industry easier.
We found California dispensaries do collect personal information, perhaps more than customers realize. While state law doesn’t require this collection, it also doesn’t block stores from asking for and retaining it.
Even so, marijuana policy experts believe it’s very unlikely federal authorities would target individual customers. They note medical marijuana customers have some legal protections, as long as they follow state medical marijuana laws. Recreational pot consumers don’t have the same safeguard.
It’s too early to say whether California or the federal government will pass legislation to bolster protections. Dispensaries, on their own, also could play an important role in guarding customer data.
Amy Jenkins, the cannabis association lobbyist, said the industry will respond to customer concerns.
“If there are privacy concerns,” Jenkins said, “or if there are behaviors and data collection occurring that shouldn’t be, I think we as an industry are going to do our best to better inform dispensary operators on what’s appropriate and what isn’t.”