Organizational Accountability, Government Use of Private-Sector Data, National Security, and Individual Privacy
ARTICLE SUMMARY
Firms that collect data are accountable for its safety and remain accountable if the data is transferred to third-party vendors or partners. Accountability is hard to maintain when the government demands access to firm's data for police or intelligence purposes.
POLICY RELEVANCE
International agreements require firms and lawmakers to oversee the United States government’s access to data from the private sector.
KEY TAKEAWAYS
- As of 2015, under a regulatory Safe Harbor, European firms could transfer data to firms in the United States, so long as recipients safeguarded the data as if under European law; however, United States government agencies could demand access to the transferred data, and the European Union Court of Justice ruled that the Safe Harbor was invalid.
- A new "Privacy Shield" agreement was negotiated between the United States and Europe, suggesting standards for the oversight needed to maintain accountability when a private firm grants government agencies access to data.
- Generally, governmental access to data raises these four questions:
- How should firms review and limit governmental requests for disclosure?
- How can requests be parsed to ensure that disclosure is not only legal, but appropriate?
- How can firms be transparent about requests for data and the scope of disclosures?
- How can governmental entities be held accountable?
- How should firms review and limit governmental requests for disclosure?
- Accountability guidelines suggest that firms adopt internal procedures to review government demands for data; firms should:
- Interpret demands narrowly.
- Seek clarification or modification of overbroad or unlawful demands.
- Require that demands be made in writing.
- Request government to follow established legal processes.
- Challenge illegal or overbroad demands in court.
- Interpret demands narrowly.
- Privacy authorities note that government agencies should be subjected to public-sector oversight, including scrutiny by lawmakers and oversight by dedicated data protection authorities or agencies.
- Consistent with the Privacy Shield and new laws, United States agencies are now more transparent about governmental access to private-sector data; new layers of oversight and remediation have been added, such as the Privacy Shield Ombudsman, but it is unclear whether these measures are sufficient.
QUOTE
TAGS
About Fred H. Cate
Fred H. Cate is a Distinguished Professor and C. Ben Dutton Professor of Law at the Indiana University Maurer School of Law and director of the Indiana University Center for Applied Cybersecurity Research and Center for Law, Ethics and Applied Research in Health Information. He specializes in privacy, security, and other information law issues.
See more with Fred H. Cate
About James Dempsey
James Dempsey is a lecturer at UC Berkeley School of Law. He has been a leading expert on privacy and Internet policy for three decades. Mr. Dempsey was the Executive Director of the Berkeley Center for Law & Technology (BCLT) from 2014 through May, 2021.
