Everything you need to know about the big new data-privacy bill in Congress

The United States and the European Union have agreed to a transatlantic data-sharing arrangement to protect U.S. companies’ overseas activities and European citizens’ privacy, but another initiative—signed into law on Feb. 24—could be just important to U.S.–E.U. relations and transnational privacy rights.

The Judicial Redress Act is considered essential to a broader agreement between the U.S. and Europe over the sharing of data in criminal and terrorism investigations. The negotiations over the newly announced E.U.–U.S. Privacy Shield may have received more attention, but the concerns at the heart of this bill are no less important.

Here’s what you need to know about the Judicial Redress Act, the full text of which you can read here.

What does the Judicial Redress Act do?

The bill authorizes the attorney general to extend the protections of the Privacy Act of 1974 to the citizens of designated foreign countries.

The Privacy Act empowers Americans to challenge U.S. companies’ disclosure of their private data to the government, as well as the government’s use of the data and any inaccuracies in resulting federal records about them.

Why is this important?

Government agencies regularly use warrants to compel U.S. tech companies to turn over user data—including that of foreigners—but only U.S. citizens, relying on the Privacy Act, can challenge those procedures.

Americans and Europeans may differ on many questions of governance, but they agree that privacy and checks on government power are important. Privacy is considered a fundamental right in the European Union, akin to freedom of speech in the United States.

What’s the status of the bill?

President Obama signed it into law on Feb. 24. 

The House passed its version on Oct. 20. It sailed through on a voice vote, indicating that there was no opposition. The Senate passed its version on Feb. 9, but it contained an amendment that set conditions on the attorney general’s ability to grant Privacy Act rights to foreigners. The House later passed the Senate’s version and sent it to Obama.

The amendment says that the attorney general can only add foreign countries to the Privacy Act list if he or she certifies that:

  1. The country has a deal with the U.S. regarding privacy protections for data shared in the course of joint investigations, or has “effectively shared” such information with the U.S. and adequately protects privacy;
  2. The country allows U.S. companies to transfer its citizens’ data between its territory and the United States; and
  3. The aforementioned data-transfer agreement does not “materially impede the national security interests of the United States.”

Conservative lawmakers are concerned that Privacy Shield, the newly announced data-transfer agreement, will impede national-security investigations. By requiring the attorney general to certify otherwise, this amendment raises the bar for implementing the law.

Sen. John Cornyn (R-Texas), the amendment’s sponsor, has criticized the Obama administration for making “concessions” by pushing the Judicial Redress Act in order to secure the law-enforcement data-sharing agreement.

Okay, and who’s on the other side? Who’s pressing for the bill?

The U.S. tech industry.

In a letter to House leaders a few days before the lower chamber passed the bill, a coalition of leading tech companies and trade groups called it “a critical step in rebuilding the trust of citizens worldwide in both the U.S. government and our industry.”

Last week, after the bill passed the Senate committee, the Information Technology Industry Council urged the full chamber to “quickly pass the Judicial Redress Act to improve national security and our collective economies.”

Edward Snowden‘s revelations about NSA surveillance didn’t just hurt Silicon Valley’s reputation at home and abroad. It also led the European Court of Justice to strike down the deal that Privacy Shield is meant to replace. That decision jeopardized the ability of U.S. companies to do business overseas. The tech industry is concerned about the broader consequences of not addressing some of the international community’s post-Snowden concerns.

Update 8:56am CT, Feb. 10: Updated to reflect Senate passage of modified version.

Update 4:22pm CT, FEb. 24: Updated to reflect President Obama signing the bill.

Illustration via Max Fleishman 

Eric Geller

Eric Geller

Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.