Privacy Act Reforms Would Promote US Respect for Human Rights

 

2014-11-13 Privacy Act, umbrella_Blog

Today, Google called for reforms to the Privacy Act of 1974 that would enable EU citizens to challenge at least some US government breaches of data privacy before US courts.  This push for amendments to a decades-old and relatively little-known set of administrative laws may take some observers by surprise: why focus on the Privacy Act when, as Google points out, a range of reforms to US privacy practices—including the government’s secret surveillance of people around the world—are so badly needed?

CDT, however, agrees that Congress should act quickly revise the Privacy Act, as we have been urging it to do for many years.  Amending the Act to provide rights to EU citizens would by no means be a cure-all for excessive US government data collection practices that affect people beyond our borders, but it would be an important recognition of two fundamental human rights: the right to privacy and the right to a remedy.

CDT wholeheartedly supports the expansion of the Privacy Act to cover EU citizens.  These reforms would improve privacy protections, advance the rule of law, and demonstrate that the US is willing to take action in response to human-rights concerns.

It is no secret that in the wake of the Snowden revelations, which disclosed that the US National Security Agency (NSA) and its overseas partners are collecting vast amounts of personal data on a global basis, Internet and mobile-phone users in Europe and elsewhere have become hesitant about placing their trust in US privacy protections.  Although US-based Internet service providers and telecommunications companies are now among the most transparent in the world when it comes to disclosing government requests for private user data, the costs of this lingering lack of trust to the US economy, as well as US credibility in the human-rights sphere, remain high.  Particularly in the EU, where data-protection laws are so important that they have virtually become “Europe’s trademark,” there has been pressure for the US government (and US businesses) to respect users’ privacy on a variety of fronts, from commercial data collection to government surveillance.

It was in this context that US Attorney General Eric Holder announced last June that the Department of Justice would encourage Congress to adopt legislation providing greater protections for EU citizens whose data is held by US agencies.  For several years, the US and the EU have been negotiating what is known as the “Umbrella Agreement,” which will govern transfers of data between the two entities for law-enforcement purposes.  In order to conclude the negotiation process successfully, the DOJ is asking Congress to extend the protections found in the Privacy Act—which currently only apply to US citizens and permanent residents—to EU citizens.  Specifically, the DOJ has requested that Congress grant EU citizens the right to bring a case before a US court if they believe a US agency has misused their data in violation of the Act.  The EU’s data-protection laws allow US residents to seek a judicial remedy if any EU country violates their data-privacy rights, but at present, US law does not return the favor.

To be clear, the Privacy Act generally does not apply to classified data collected or held by the US intelligence agencies, thanks to a number of exceptions and loopholes found in the law.  (For more on these gaps, see the excellent summaries of the Act that Access and the Electronic Privacy Information Center have posted.)  This means that any reforms to the Act will not automatically solve any of the serious privacy problems that arise from the US’ secret surveillance programs.

However, the Act does apply to a wide range of personal information—including criminal, medical, financial, and educational records, among others—held by US agencies, meaning that the extension of the Act’s protections to EU citizens would be a step forward for data protection in a number of contexts.  It would also represent a significant advance in the US’ respect for two elements of human-rights law: the right to not to be subjected to arbitrary or unlawful government interferences with one’s privacy, and (relatedly) the right to obtain an effective remedy if the government does infringe upon one’s privacy rights.  Both of these rights are found in the International Covenant on Civil and Political Rights, to which the US is a party.  The right to a remedy is frequently overlooked in human-rights analyses, even by experts, and—in addition to its many other benefits—conferring such a right on EU citizens would be a valuable confirmation that this right is both real and important.

CDT wholeheartedly supports the expansion of the Privacy Act to cover EU citizens.  These reforms would improve privacy protections, advance the rule of law, and demonstrate that the US is willing to take action in response to human-rights concerns.

Share Post