Article Lead Image

House passes bill expanding foreigners’ data-privacy rights

'Trust is easily lost and hard to rebuild.'

 

Aaron Sankin

Tech

Posted on Oct 20, 2015   Updated on May 27, 2021, 6:53 pm CDT

The House of Representatives on Tuesday passed a bill aimed at expanding the rights of foreigners unfairly targeted by U.S. government surveillance.

The Judicial Redress Act passed the House on a voice vote, indicating overwhelming bipartisan support. The bill next goes to the Senate.

The legislation, which sailed through the House Judiciary Committee last month, would allow citizens of certain foreign countries to petition U.S. federal agencies to turn over records about them when those records are used as part of a criminal investigation.

If the records are found to contain errors, the petitioners can attempt to get them corrected and can also file civil suits against the government if the information was illegally given to law-enforcement agencies.

The bill contains significant exemptions for national-security investigations.

American citizens already have similar privileges both in the United States—under the 1974 Privacy Act—and in the European Union. By extending similar rights to E.U. citizens, the Judicial Redress Act would make possible passage of a sweeping U.S.–E.U. data sharing and protection agreement to replace the one that Europe’s highest court struck down in early October on privacy grounds.

The language in the bill, which was introduced by Rep. Jim Sensenbrenner (R-Wis.), does not specify which countries’ citizens would be covered. The Department of Justice must make those determinations, with approval from the Departments of Treasury, State, and Homeland Security.

“Today’s bipartisan passage of the Judicial Redress Act will help restore our allies’ faith in U.S. data privacy protections and helping facilitate agreements, such as the Data Protection and Privacy Agreement, that strengthen our trans-Atlantic partnerships with Europe,” Sensenbrenner, House Judiciary Committee Chairman Bob Goodlatte (R-Va.), and committee Ranking Member John Conyers (D-Mich.) said in a joint statement. “This bill benefits not only our own law enforcement, but is a sign of good faith to our partners abroad. We are pleased with the resounding bipartisan support that has been shown for this measure by our colleagues, and urge the Senate to take up this measure as quickly as possible.”

Executive-branch determinations about the law’s application to certain countries would be exempt from congressional or judicial review. The decisions would be contingent on the existence of comparable protections in those countries for U.S. citizens’ data privacy, as well as information-sharing agreements with American law enforcement agencies.

In an editorial in The Hill, Sensenbrenner framed the bill as a way to keep America safe from the threat of terrorism, a necessary precursor to the U.S.-E.U. data sharing agreement, and a way for the U.S. government to start rebuilding international trust after former NSA contractor Edward Snowden revealed its massive surveillance operations.

“Trust is easily lost and hard to rebuild,” Sensenbrenner wrote. “As the original author of the USA FREEDOM Act, I saw firsthand the damage the Snowden leaks did to our international reputation. It is my hope that passage of the USA FREEDOM Act, and the unequivocal end to mass, suspicion-less surveillance in the United States, was a first step toward normalizing relations with our allies. But the Judicial Redress Act is an important second step. In our complex digital world, privacy and security are not competing values. They are weaved together inseparably, and today’s policymakers must craft legal frameworks that support both.”

Silicon Valley’s rationale for backing the bill is quite similar to Sensenbrenner’s. The Snowden revelations significantly damaged the U.S. tech sector’s reputation as a safe place for foreigner individuals and corporations to store their data. Foreigners are now worried that anything they store on U.S. servers will be subject to NSA surveillance at a moment’s notice and with no disclosure.

study released in April estimated that American cloud storage firms alone will miss $47 billion in revenue over the next three years due to the Snowden leaks.

“We commend the House of Representatives for its consideration and passage of the Judicial Redress Act,” Computer & Communications Industry Association President Ed Black said in a statement. “These rights can be a step toward restoring mutual trust between Europe and the United States. The civil judicial remedies the Act would provide to our allies are already reciprocated for U.S. citizens in most EU member states, and as such, the bill’s passage is an issue of basic fairness. The Act would also form the basis for improved law enforcement, and potentially for commercial, data transfers across the Atlantic, and that has earned it broad support from a range of groups.”

The bill’s alteration to the Privacy Act began as a recommendation in a 2013 report issued by the President’s Review Group On Intelligence and Communications Technologies. President Barack Obama created the group in the wake of the Snowden revelations to recommend ways to reform the government’s electronic-surveillance and data-retention programs.

While the bill has the vocal support of tech giants like FacebookGoogle, and Microsoft, some Internet-freedom activists believe that it does not go nearly far enough to protect people’s rights.

“The bill under consideration fails to provide adequate protection to permit transborder data flows,” Electronic Privacy Information Center Executive Director Marc Rotenberg told the Daily Dot.

EPIC wrote an open letter to the House Judiciary Committee earlier this year expressing concerns that the Judicial Redress Act does not extend the full protections of the Privacy Act—those enjoyed by American citizens—to foreigners.

“[The Judicial Redress Act] limits the scope of the Privacy Act’s catchall provision…to only intentional or willful violations…which prohibits disclosure of personal information without consent unless the disclosure is subject to the enumerated exceptions,” the letter read. “Under the bill, non-U.S. persons will not be able to sue agencies for failure to comply with any other provision of the Privacy Act, nor will they be able to sue for an agency’s violation of its own regulations. In addition, a non-U.S. person will only be able to sue a ‘designated agency’ for improper disclosure of her personal information.”

The letter went on to assert that the legislation provides no mechanism for foreigners to challenge U.S. government decisions—like denials of visas—when those decisions are based on inaccurate or incomplete information.

Illustration by Max Fleishman

Share this article
*First Published: Oct 20, 2015, 7:03 pm CDT