Source/Privacy Rights: Difference between revisions
Line 274: | Line 274: | ||
===Are there any exceptions in American law to this right?=== | ===Are there any exceptions in American law to this right?=== | ||
Most recent US legislation regarding the right to privacy concerns the collection, retention, and transfer of personal data. Under the Department of Justice, the Office of Privacy and Civil Liberties (OPCL) enforces privacy laws, recommends privacy policies (including exceptions), and responds to data breaches (Office of Privacy and Civil Liberties, n.d.). | |||
'''Freedom of Information Act 1966 (as amended 2016)''' | |||
In 1966, Congress passed the Freedom of Information Act (FOIA). This act granted anyone the ability to request access to federal agency records but not the records of private companies. However, nine exemptions and three exclusions may prevent access to these records (Freedom of Information Act, n.d.). The exclusions are narrow and related to law enforcement and ongoing intelligence investigations and are unaffected by FOIA (Freedom of Information Act, n.d.). The exemptions authorize government agencies to withhold information from those requesting it (Freedom of Information Act, n.d.). The nine exemptions prevent the sharing of information if it is classified for national security, part of internal rules or practices, prohibited through other laws (such as the Privacy Act, see below), a trade secret, legally protected, a medical file, law enforcement records, regarding bank supervision, or locational information (Freedom of Information Act, n.d.). FOIA was most recently updated with the FOIA Improvement Act of 2016, which increased transparency and altered procedures (OIP Summary of the FOIA Improvement Act of 2016, 2016). | |||
'''Privacy Act 1974''' | |||
The Privacy Act of 1974 was an effort to balance the “governments’ need to maintain information” and the “rights of individuals to be protected against unwarranted invasions of their privacy” (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). It prevents agencies from disclosing records to any person or agency unless it falls into one of the twelve approved guidelines (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). The most used reasons which allow for disclosure are subsections 1, 2, and 3 of 5 US Code § 552a(b) (Overview of the Privacy Act: 2020 Edition, 2021). Subsection One allows for the disclosure of information between agencies on a need-to-know basis. Subsection Two allows the FOIA to overrule the Privacy Act with regards to when to disclose information. Subsection Three allows for disclosure to another party if their use is similar to the use for which the data was originally collected. This third exception is quite broad, which causes controversy (Overview of the Privacy Act: 2020 Edition, 2021). Other exceptions include use for public record (used for the Census or National Archive data), or requests by law enforcement or the court system. In addition to putting forth information disclosure guidelines, this act requires agencies to keep accurate records of how, where, and why they sent information if they had sent information (Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). | |||
'''Gramm-Leach-Bliley Act 1999''' | |||
The Gramm-Leach-Bliley Act (GLBA) was passed to regulate the transfer of consumers’ “nonpublic personal information” by financial institutions (FDIC, 2021). At its core, the law says financial institutions cannot pass along personal data to third parties unless the customer is put on notice, given the opportunity to opt out, and they do not opt out (FDIC, 2021). Exceptions to this rule appear in Sections 13-15 (FDIC, 2021, VIII-1.3). Section 13 permits the transfer of some personal data to a third party if they are performing services on behalf of the financial institution, but they must be contractually bound to not do anything else with the data (FDIC, 2021, VIII-1.3). Section 14 allows the bank to disclose information as needed to perform banking functions initiated by the customer, while Section 15 extends that disclosure to normal financial institution acts, such as fraud detection (FDIC, 2021, VIII-1.3). Of these exceptions, only Section 13 requires the customer to be notified that their information is being shared (FDIC, 2021). | |||
'''USA PATRIOT Act 2001 & USA Freedom Act 2015''' | |||
Enacted less than two months after the 9/11 attacks, the PATRIOT Act was passed with the intention of increasing homeland security by allowing surveillance techniques used in local crime to be used to fight terrorism (Highlights of the USA PATRIOT Act, n.d.; USA PATRIOT Act, n.d.). Most importantly, this law allowed for the sharing of information between law enforcement agencies at various levels without notice (Highlights of the USA PATRIOT Act, n.d.). This law wasn’t the most protective of civil rights and liberties and to rectify that President Obama signed the USA Freedom Act in 2015, ending government collection of metadata (Patriot Act, n.d.; Fact sheet, 2015). | |||
Resources | |||
Fact sheet: Implementation of the USA Freedom Act of 2015. (2015, Nov. 27). Central Intelligence Agency. https://www.intelligence.gov/index.php/ic-on-the-record-database/results/787-fact-sheet-implementation-of-the-usa-freedom-act-of-2015 | |||
Federal Deposit Insurance Corporation (FDIC). (2021, April). FDIC Consumer Compliance Examination Manual: VIII-1.1 Gramm-Leach-Bliley Act. Author. https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/index.html | |||
Freedom of Information Act, 5 U.S.C. § 552. (1966). | |||
Freedom of Information Act, The. (n.d.). Department of State. Retrieved Sept. 14, 2021, from https://foia.state.gov/learn/foia.aspx | |||
Highlights of the USA PATRIOT Act. (n.d.) Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/archive/ll/highlights.htm | |||
Office of Privacy and Civil Liberties. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/opcl | |||
OIP Summary of the FOIA Improvement Act of 2016. (2016, Aug. 17). Department of Justice. https://www.justice.gov/oip/oip-summary-foia-improvement-act-2016 | |||
Overview of the Privacy Act: 2020 Edition. (2021, Feb. 16). Department of Justice. https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/disclosures-third-parties | |||
Patriot Act. (n.d.) History.com. Retrieved Sept. 14, 2021, from https://www.history.com/topics/21st-century/patriot-act | |||
Privacy Act of 1974. 5 U.S.C. § 552a. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1279#vf4tzl | |||
Privacy Act, 5 U.S.C. § 552a(b). (1974). | |||
USA PATRIOT Act. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1281 | |||
Walls, T. (n.d.). FOIA v. Privacy Act: A comparison chart. IAPP. https://iapp.org/resources/article/foia-v-privacy-act-a-comparison-chart/ | |||
===Is this right enshrined in international and regional human rights treaties?=== | ===Is this right enshrined in international and regional human rights treaties?=== | ||
==Philosophical Origins== | ==Philosophical Origins== |
Revision as of 13:48, 22 October 2021
History
What is the oldest source in any country that mentions this right?
Most sources say that the first mention of this right is The Right to Privacy written by Samuel Warren and Louis Brandeis and published in the Harvard Law Review in 1890. Both were Boston attorneys and Brandeis would go on to serve as a United States Supreme Court Justice for 23 years (Louis Brandeis, n.d.). In this essay, they note that the legal scope of rights broadens over time and posit that the right to life has expanded to “the right to be let alone,” which had become an increasingly difficult feat with new technologies (Warren & Brandeis, 1890, 193, 195).
Warren and Brandeis (1890) acknowledge that, at the time, there was little-to-no legal protection of this right. They look at defamation law and determine while it alludes to privacy law, there are limitations to privacy protection from this area of law as it only considers a damaged reputation, not instances in which an individual wishes something remained secret (Warren & Brandeis, 1890, 197; Bycer, 2014). They also looked at copywriting and publishing law, which only applies to one’s own work (Warren & Brandeis, 1890, 199). They determine that the right to privacy can extend beyond these areas of law as the right should be able to wholly prevent the depiction of private life (Warren & Brandeis, 1890, 218). In the last part of this essay, they set out limitations to the right of privacy – privileged information remains under defamation law (to allow for the operation of courts), privacy ceases with consent to publish, gossip is not in the realm of privacy law, and intention and truth do not prevent a breach of such right.
However, Warren and Brandeis cite at least two instances that predate The Right to Privacy which discuss the right to privacy. The earliest is the citing of an 1820 statement from Lord Cottenham, who, in agreement with Lord Eldon, felt that were a king’s illnesses recorded by a doctor and published while that king was still alive, a court would not permit its publishing, as he claimed this circumstance would breach the king’s privacy (Warren & Brandeis, 1890, 205; Bycer, 2014). Additionally, they acknowledge that the right to privacy has already been regulated in France since 1868. Section 11 of the 1868 Loi Relative à la Presse (Press Law) says that all periodic writings about a private fact of life are violations punishable by a fine of 500 francs. Pursuit of the violation may only be undertaken by the affected party (Warren & Brandeis, 1890, 214, footnote 1).
Resources
Bycer, M. (2014). Understanding the 1890 Warren and Brandeis “The Right to Privacy” Article. National Juris University. Retrieved Sept. 10, 2021, from https://nationalparalegal.edu/UnderstandingWarrenBrandeis.aspx Louis Brandeis. (2020, Nov. 9). Britannica. Retrieved Sept. 8, 2021, from https://www.britannica.com/biography/Louis-Brandeis Warren, S. & Brandeis, L. (1890, Dec. 15). The right to privacy. Harvard Law Review 4(5), 193-220. http://links.jstor.org/sici?sici=0017-811X%2818901215%294%3A5%3C193%3ATRTP%3E2.0.CO%3B2-C
What is the oldest written source in this country that mentions this right? BUILD IN COLLAPSE EXPAND TOGGLE
Afghanistan
Albania
Algeria
Andorra
Angola
Antigua and Barbuda
Argentina
Armenia
Australia
Austria
Azerbaijan
The Bahamas
Bahrain
Bangladesh
Barbados
Belarus
Belgium
Belize
Benin
Bhutan
Bolivia
Bosnia and Herzegovina
Botswana
Brazil
Brunei
Bulgaria
Burkina Faso
Burundi
Cambodia
Cameroon
Canada
Cape Verde
Central African Republic
Chad
Chile
China
Colombia
Comoros
Democratic Republic of the Congo
Republic of the Congo
Costa Rica
Croatia
Cuba
Cyprus
Czech Republic
Denmark
Djibouti
Dominica
Dominican Republic
East Timor
Ecuador
Egypt
El Salvador
Equatorial Guinea
Eritrea
Estonia
Eswatini
Ethiopia
Fiji
Finland
France
Gabon
The Gambia
Georgia
Germany
Ghana
Greece
Grenada
Guatemala
Guinea
Guinea-Bissau
Guyana
Haiti
Honduras
Hungary
Iceland
India
Indonesia
Iran
Iraq
Republic of Ireland
Israel
Italy
Ivory Coast
Jamaica
Japan
Jordan
Kazakhstan
Kenya
Kiribati
Kuwait
Kyrgyzstan
Laos
Latvia
Lebanon
Lesotho
Liberia
Libya
Liechtenstein
Lithuania
Luxembourg
Madagascar
Malawi
Malaysia
Maldives
Mali
Malta
Marshall Islands
Mauritania
Mauritius
Mexico
Federated States of Micronesia
Moldova
Monaco
Mongolia
Montenegro
Morocco
Mozambique
Myanmar
Namibia
Nauru
Nepal
Kingdom of the Netherlands
New Zealand
Nicaragua
Niger
Nigeria
North Korea
North Macedonia
Norway
Oman
Pakistan
Palau
Panama
Papua New Guinea
Paraguay
Peru
Philippines
Poland
Portugal
Qatar
Romania
Russia
Rwanda
Saint Kitts and Nevis
Saint Lucia
Saint Vincent and the Grenadines
Samoa
San Marino
São Tomé and Príncipe
Saudi Arabia
Senegal
Serbia
Seychelles
Sierra Leone
Singapore
Slovakia
Slovenia
Solomon Islands
Somalia
South Africa
South Korea
South Sudan
Spain
Sri Lanka
Sudan
Suriname
Sweden
Switzerland
Syria
Tajikistan
Tanzania
Thailand
Togo
Tonga
Trinidad and Tobago
Tunisia
Turkey
Turkmenistan
Tuvalu
Uganda
Ukraine
United Arab Emirates
United Kingdom
United States
Uruguay
Uzbekistan
Vanuatu
Venezuela
Vietnam
Yemen
Zambia
Zimbabwe
Is there another noteworthy written source from the past that mentions this right?
The right to privacy has diverged in many ways since its most notable first mention in The Right to Privacy by Samuel Warren and Louis Brandeis. What started in 1890 as the idea of protection against gossip about oneself and the ability to enjoy life uninterrupted has evolved into various international and national conventions and laws.
The right to privacy was first enshrined at a supranational level before it was established in individual states (Krishnamurthy, 2020, 26). The right’s first appearance in legal documentation was in the United Nation’s (UN) 1948 Universal Declaration on Human Rights (UDHR). Article 12 of the UDHR (1948) states “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.” The UHDR is not a treaty, so the right was not yet entrenched and more of a suggestion for states to incorporate into their laws and practices.
Two years later, the Council of Europe passed the Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) which has similar tones in Article 8, though with an exception for national security in Article 8 (2) but is legally binding (1950). The ECHR was the first agreement at any level to express the right to privacy. Article 8 of the ECHR specifically protects one’s family life, personal life, correspondence, and home (Roagna, 2021, 9). Worldwide, the right to privacy became codified in 1966 with the passage of the UN’s International Covenant on Civil and Political Rights (ICCPR), in which Article 17 has almost identical language to the UDHR’s Article 12. In subsequent UN treaties, this right to privacy was explicitly granted to children and migrants as well (Convention on the Rights of the Child, 1989, Art. 16; International Covenant on the Protection of All Migrant Workers and Members of Their Families, 1990, Art. 14).
Complying with the ICCPR
In the United States, the right to privacy was not originally codified but established through a variety of Supreme Court cases beginning in the 1960s (Privacy, n.d.). In 1965, the Court ruled on Griswold v. Connecticut. The majority opinion written by Justice Douglas claims that the express personal freedoms named in the First, Third, Fourth, Fifth, and Ninth Amendments create an implied “zone of privacy” (Privacy, n.d.). Justice Harlan’s concurring opinion, referenced in later Supreme Court privacy cases, claims privacy zones derive from the Fourteenth Amendment (Privacy, n.d.). Later, legislation was passed regulating specific sectors, beginning in 1974 with the Family Educations Rights and Privacy Act (FERPA), which protects student data, and the Privacy Act which regulates the use of data by federal agencies (History of privacy timeline, 2021).
The European Court of Human Rights has refined the implementation of ECHR Article 8 through case law (Roagna, 2021, 7). In deciding these cases, the Court must decide if the complaint is related to Article 8 and, if so, if the right has been interfered with outside of the exceptions laid out in Article 8 (2) (Roagna, 2021, 11). For this reason, there is no clear-cut definition as to which national laws may conflict with Article 8 (Roagna, 2021, 12). The Court has provided protections for ‘quasi-familial’ relationships, relationships that may develop later (i.e., one has the right to adopt), the development of personality, photographs, and data collection, ruling these areas are part of private and/or family life (Roagna, 2021, 10-19). The Court has also provided lengthy protections to family life with a broad definition of family which evolves with European customs (Roagna, 2021, 27). The protection of a home has also been interpreted broadly, requiring continuous ties to a location, mostly due to the French translation of “home” to “domicile” (Roagna, 2021, 30-31). The Court rules for high protection of means of communication as it can be easily breached (Roagna, 2021, 32). This protection includes information gathered from monitored internet use and remains in places no matter the content of the message (Roagna, 2021, 32).
The Digital Era: Since these international conventions have become effective and enforceable, there has been a lot of technological change and little change in these agreements (Human right to privacy, n.d.). The UN Human Rights Committee (UNHRC) noted in General Comment 16, adopted regarding ICCPR’s Article 17 in 1988, that the legislation in many states was not enough to ensure the “protection against both unlawful and arbitrary interference,” and that data collection “must be regulated by law” (Krishnamurthy, 2020, 27; UN Human Rights Committee, 1994, para. 2 & 10). In essence, this comment was requesting states enact more protective privacy law legislation, and, specifically, data regulation law, as the right to privacy evolved to be dominated by electronic data (Krishnamurthy, 2020, 27).
There have been two approaches to this call for better data privacy regulation: general regulation and regulation by sector. The European Union has taken the general regulation approach with the passage of the 1995 European Data Protection Directive and the 2016 General Data Protection Regulation (GDPR). The GDPR affects people and companies worldwide, requiring that data collected is truly needed, accurate, processed safely, and that all of this is done in a clear, legal, and transparent way (Krishnamurthy, 2020; Wolford, n.d.). The United States has chosen to regulate privacy data by sector, beginning with FERPA in 1974 (Krishnamurthy, 2020, 29; History of privacy timeline, 2021). This approach has led to some strict laws preventing unauthorized access to personal information in some areas regulated by specific legislation (Krishnamurthy, 2020, 29). In areas without specific legislation, however, Americans take great liberties while collecting data (Krishnamurthy, 2020, 29). Put in combination with the lacking legislation preventing interference or data attacks, some question how compliant the United States is with Article 17 of the ICCPR (Krishnamurthy, 2020, 29). However, as of 2020, 29% of states are still drafting or have yet to draft such legislation (UN Committee on Trade and Development).
Resources
Convention for the Protection of Human Rights and Fundamental Freedoms. The Council of Europe. Nov. 4, 1950. https://rm.coe.int/1680a2353d Convention on the Rights of the Child. United Nations (UN) General Assembly (UNGA). Nov. 20, 1989. https://www.ohchr.org/en/professionalinterest/pages/crc.aspx History of privacy timeline. (2021). The University of Michigan. Retrieved Sept. 9, 2021, from https://safecomputing.umich.edu/privacy/history-of-privacy-timeline Human right to privacy in the digital age, The. (n.d.). American Civil Liberties Union. Retrieved Sept. 8, 2021, from https://www.aclu.org/other/human-right-privacy-digital-age International Covenant on the Protection of All Migrant Workers and Members of Their Families. UNGA. Dec. 18, 1990. https://www.ohchr.org/Documents/ProfessionalInterest/cmw.pdf International Covenant on Civil and Political Rights. UNGA. Dec. 16, 1996. https://www.ohchr.org/en/professionalinterest/pages/ccpr.aspx Krishnamurthy, V. (2020, Jan. 6). A tale of two privacy laws: The GDPR and the International Right to Privacy. AJIL Unbound 114, 26-30. doi:10.1017/aju.2019.79 Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy Roagna, I. (2012). Council of Europe human rights handbook: Protecting the right to respect for private and family life under the European Convention on Human Rights. Council of Europe. https://www.echr.coe.int/LibraryDocs/Roagna2012_EN.pdf UN Committee on Trade and Development. (2020). Data Protection and Privacy Legislation Worldwide. Retrieved Sept. 9, 2021, from https://unctad.org/page/data-protection-and-privacy-legislation-worldwide UN Human Rights Committee. (1994). General Comment 16. Thirty-third session. HRI/GEN/1/Rev. 1 Retrieved Sept. 9, 2021, from https://undocs.org/HRI/GEN/1/Rev.1 Universal Declaration on Human Rights. UNGA. Dec. 10, 1948. https://www.un.org/en/about-us/universal-declaration-of-human-rights Wolford, B. (n.d.). What is GDPR, the EU’s new data protection law? GDPR EU. Retrieved Sept. 9, 2021, from https://gdpr.eu/what-is-gdpr/
Is the identification of this right associated with a particular era in history, political regime, or political leader?
What specific events or ideas contributed to its identification as a fundamental right?
When was it generally accepted as a fundamental, legally-protectable right?
What historical forces or events, if any, contributed to a widespread belief in its importance?
Legal Codification
Is this right protected in the Constitutions of most countries today?
Is it contained in the US Constitution?
The right to privacy is not explicitly contained in the United States Constitution.
References
Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy
Has it been interpreted as being implicit in the US Constitution?
In the United States, the right to privacy was not originally codified but established through Supreme Court cases around the 1960s (Privacy, n.d.). Prior to this time, the Court recognized in Snyder v. Massachusetts (1934) that some concepts of fairness are fundamental, but not expressed. In 1965, the Court heard and decided Griswold v. Connecticut. In the majority opinion, Justice William Douglas argues that the Court had previously ruled on cases in which rights were not explicit in the Bill of Rights, but the rights were justifiable to the Court through the First and Fourteenth Amendments (Griswold v. Connecticut, 1965, par. 11). Later in the opinion of the court, he states that in other cases, such as Boyd v. United States (1886), Mapp v. Ohio (1961), and Poe v. Ullman (1961), the court used the ‘penumbras’ of the First, Third, Fourth, Fifth, and Ninth Amendments to make decisions on implicit liberties (Griswold v. Connecticut, 1965, pars. 14-15). Combined, these penumbras create what the Griswold v. Connecticut majority opinion calls “zones of privacy” (Privacy, n.d.). In a concurring Griswold opinion, Justice Arthur Goldberg argues that while liberties extend beyond the Bill of Rights, he, Chief Justice Earl Warren, and Justice William Brennan feel that the Due Process Clause of the Fourteenth Amendment does not include “all of the first eight amendments” (Griswold v. CT, 1965, par. 21). However, in a different concurring opinion, Justice John Marshall Harlan found “[t]he Due Process Clause of the Fourteenth Amendment stands […] on its own bottom” (Griswold v. CT, 1965, par. 53; Privacy, n.d.). Justice Harlan’s concurring opinion became the predominant argument used in later privacy cases (Privacy, n.d.).
In 1967, the Supreme Court decided the case of Katz v. United States (Katz v. US, n.d.). Katz, located in Los Angeles, had been using a public phone booth to inform bettors in Boston and Miami, and in an effort to convict him, federal agents tapped the phone booth (Katz v. US, n.d.). A lower court allowed this evidence to be admitted, but Katz claimed it was a violation of the Fourth Amendment (Katz v. US, n.d.). The Supreme Court sided 7-1 with Katz and establishes that “the Fourth Amendment protects people, not places” (Katz v. United States, 1967). In a concurring opinion, Justice Harlan established the Expectation for Privacy Test (Katz v. US, n.d.; Expectation of Privacy, n.d.). This test is two-fold – the individual must have an expectation for privacy which is rooted in law and society finds that expectation for privacy to be reasonable – and has been used as a basis for privacy since (Expectation of Privacy, n.d.).
After these two cases, the Supreme Court has continued to extend the right to privacy, notably so in three landmark cases: Eisenstadt v. Baird (1971), Roe v. Wade (1972), and Lawrence v. Texas (2003) through the use of the Fourteenth Amendment and Justice Harlan’s concurring Griswold opinion (Privacy, n.d.). Eisenstadt extended the use of contraceptives beyond married couples to individuals (Privacy, n.d.). Roe extended the right to privacy to the women’s right to have an abortion (Privacy, n.d.). Lawrence v. Texas overturned Bowers v. Hardwick (1986) and extended privacy to private conduct (Privacy, n.d.).
References
Expectation of Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 13, 2021, from https://www.law.cornell.edu/wex/expectation_of_privacy Griswold v. Connecticut, 381 U.S. 479 (1965). https://www.law.cornell.edu/supremecourt/text/381/479 Katz v. United States. (n.d.). Oyez. Retrieved September 13, 2021, from https://www.oyez.org/cases/1967/35 Katz v. United States, 389 U.S. 347 (1967). https://www.law.cornell.edu/supremecourt/text/389/347 Privacy. (n.d.). Cornell Law School Legal Information Institute. Retrieved Sept. 8, 2021, from https://www.law.cornell.edu/wex/privacy Snyder v. Massachusetts, 291 U.S. 97 (1934). https://www.law.cornell.edu/supremecourt/text/291/97
Are there any exceptions in American law to this right?
Most recent US legislation regarding the right to privacy concerns the collection, retention, and transfer of personal data. Under the Department of Justice, the Office of Privacy and Civil Liberties (OPCL) enforces privacy laws, recommends privacy policies (including exceptions), and responds to data breaches (Office of Privacy and Civil Liberties, n.d.).
Freedom of Information Act 1966 (as amended 2016)
In 1966, Congress passed the Freedom of Information Act (FOIA). This act granted anyone the ability to request access to federal agency records but not the records of private companies. However, nine exemptions and three exclusions may prevent access to these records (Freedom of Information Act, n.d.). The exclusions are narrow and related to law enforcement and ongoing intelligence investigations and are unaffected by FOIA (Freedom of Information Act, n.d.). The exemptions authorize government agencies to withhold information from those requesting it (Freedom of Information Act, n.d.). The nine exemptions prevent the sharing of information if it is classified for national security, part of internal rules or practices, prohibited through other laws (such as the Privacy Act, see below), a trade secret, legally protected, a medical file, law enforcement records, regarding bank supervision, or locational information (Freedom of Information Act, n.d.). FOIA was most recently updated with the FOIA Improvement Act of 2016, which increased transparency and altered procedures (OIP Summary of the FOIA Improvement Act of 2016, 2016).
Privacy Act 1974
The Privacy Act of 1974 was an effort to balance the “governments’ need to maintain information” and the “rights of individuals to be protected against unwarranted invasions of their privacy” (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). It prevents agencies from disclosing records to any person or agency unless it falls into one of the twelve approved guidelines (Walls, n.d.; Privacy Act of 1974, 5 U.S.C. § 552a, n.d.). The most used reasons which allow for disclosure are subsections 1, 2, and 3 of 5 US Code § 552a(b) (Overview of the Privacy Act: 2020 Edition, 2021). Subsection One allows for the disclosure of information between agencies on a need-to-know basis. Subsection Two allows the FOIA to overrule the Privacy Act with regards to when to disclose information. Subsection Three allows for disclosure to another party if their use is similar to the use for which the data was originally collected. This third exception is quite broad, which causes controversy (Overview of the Privacy Act: 2020 Edition, 2021). Other exceptions include use for public record (used for the Census or National Archive data), or requests by law enforcement or the court system. In addition to putting forth information disclosure guidelines, this act requires agencies to keep accurate records of how, where, and why they sent information if they had sent information (Privacy Act of 1974, 5 U.S.C. § 552a, n.d.).
Gramm-Leach-Bliley Act 1999
The Gramm-Leach-Bliley Act (GLBA) was passed to regulate the transfer of consumers’ “nonpublic personal information” by financial institutions (FDIC, 2021). At its core, the law says financial institutions cannot pass along personal data to third parties unless the customer is put on notice, given the opportunity to opt out, and they do not opt out (FDIC, 2021). Exceptions to this rule appear in Sections 13-15 (FDIC, 2021, VIII-1.3). Section 13 permits the transfer of some personal data to a third party if they are performing services on behalf of the financial institution, but they must be contractually bound to not do anything else with the data (FDIC, 2021, VIII-1.3). Section 14 allows the bank to disclose information as needed to perform banking functions initiated by the customer, while Section 15 extends that disclosure to normal financial institution acts, such as fraud detection (FDIC, 2021, VIII-1.3). Of these exceptions, only Section 13 requires the customer to be notified that their information is being shared (FDIC, 2021).
USA PATRIOT Act 2001 & USA Freedom Act 2015
Enacted less than two months after the 9/11 attacks, the PATRIOT Act was passed with the intention of increasing homeland security by allowing surveillance techniques used in local crime to be used to fight terrorism (Highlights of the USA PATRIOT Act, n.d.; USA PATRIOT Act, n.d.). Most importantly, this law allowed for the sharing of information between law enforcement agencies at various levels without notice (Highlights of the USA PATRIOT Act, n.d.). This law wasn’t the most protective of civil rights and liberties and to rectify that President Obama signed the USA Freedom Act in 2015, ending government collection of metadata (Patriot Act, n.d.; Fact sheet, 2015).
Resources
Fact sheet: Implementation of the USA Freedom Act of 2015. (2015, Nov. 27). Central Intelligence Agency. https://www.intelligence.gov/index.php/ic-on-the-record-database/results/787-fact-sheet-implementation-of-the-usa-freedom-act-of-2015
Federal Deposit Insurance Corporation (FDIC). (2021, April). FDIC Consumer Compliance Examination Manual: VIII-1.1 Gramm-Leach-Bliley Act. Author. https://www.fdic.gov/resources/supervision-and-examinations/consumer-compliance-examination-manual/index.html
Freedom of Information Act, 5 U.S.C. § 552. (1966).
Freedom of Information Act, The. (n.d.). Department of State. Retrieved Sept. 14, 2021, from https://foia.state.gov/learn/foia.aspx
Highlights of the USA PATRIOT Act. (n.d.) Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/archive/ll/highlights.htm
Office of Privacy and Civil Liberties. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://www.justice.gov/opcl
OIP Summary of the FOIA Improvement Act of 2016. (2016, Aug. 17). Department of Justice. https://www.justice.gov/oip/oip-summary-foia-improvement-act-2016
Overview of the Privacy Act: 2020 Edition. (2021, Feb. 16). Department of Justice. https://www.justice.gov/opcl/overview-privacy-act-1974-2020-edition/disclosures-third-parties
Patriot Act. (n.d.) History.com. Retrieved Sept. 14, 2021, from https://www.history.com/topics/21st-century/patriot-act
Privacy Act of 1974. 5 U.S.C. § 552a. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1279#vf4tzl
Privacy Act, 5 U.S.C. § 552a(b). (1974).
USA PATRIOT Act. (n.d.). Department of Justice. Retrieved Sept. 14, 2021, from https://bja.ojp.gov/program/it/privacy-civil-liberties/authorities/statutes/1281
Walls, T. (n.d.). FOIA v. Privacy Act: A comparison chart. IAPP. https://iapp.org/resources/article/foia-v-privacy-act-a-comparison-chart/