Organizational Accountability, Government Use of Private-Sector Data, National Security, and Individual Privacy

Article Source: in Bulk Collection: Systematic Government Access to Private-Sector Data, Fred H. Cate and James X. Dempsey, eds., Oxford University Press, 2017, pp. 307-324
Publication Date:
Time to Read: 2 minute read
Written By:

 Martin Abrams

Martin Abrams

Search for the full article on Bing



Firms that collect data are accountable for its safety and remain accountable if the data is transferred to third-party vendors or partners. Accountability is hard to maintain when the government demands access to firm's data for police or intelligence purposes.


Policy Relevance:

International agreements require firms and lawmakers to oversee the United States government’s access to data from the private sector.


Key Takeaways:
  • As of 2015, under a regulatory Safe Harbor, European firms could transfer data to firms in the United States, so long as recipients safeguarded the data as if under European law; however, United States government agencies could demand access to the transferred data, and the European Union Court of Justice ruled that the Safe Harbor was invalid.
  • A new "Privacy Shield" agreement was negotiated between the United States and Europe, suggesting standards for the oversight needed to maintain accountability when a private firm grants government agencies access to data.
  • Generally, governmental access to data raises these four questions:
    • How should firms review and limit governmental requests for disclosure?
    • How can requests be parsed to ensure that disclosure is not only legal, but appropriate?
    • How can firms be transparent about requests for data and the scope of disclosures?
    • How can governmental entities be held accountable?
  • Accountability guidelines suggest that firms adopt internal procedures to review government demands for data; firms should:
    • Interpret demands narrowly.
    • Seek clarification or modification of overbroad or unlawful demands.
    • Require that demands be made in writing.
    • Request government to follow established legal processes.
    • Challenge illegal or overbroad demands in court.
  • Privacy authorities note that government agencies should be subjected to public-sector oversight, including scrutiny by lawmakers and oversight by dedicated data protection authorities or agencies.
  • Consistent with the Privacy Shield and new laws, United States agencies are now more transparent about governmental access to private-sector data; new layers of oversight and remediation have been added, such as the Privacy Shield Ombudsman, but it is unclear whether these measures are sufficient.



Fred H. Cate

About Fred H. Cate

Fred H. Cate is a Distinguished Professor and C. Ben Dutton Professor of Law at the Indiana University Maurer School of Law and director of the Indiana University Center for Applied Cybersecurity Research and Center for Law, Ethics and Applied Research in Health Information. He specializes in privacy, security, and other information law issues.

James Dempsey

About James Dempsey

James Dempsey is a lecturer at UC Berkeley School of Law. He has been a leading expert on privacy and Internet policy for three decades. Mr. Dempsey was the Executive Director of the Berkeley Center for Law & Technology (BCLT) from 2014 through May, 2021.