Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

IV. Governance issues

Open government

The Freedom of Information Act (FOIA) was enacted in 1966 and has been amended several times.1 It allows for access to federal government records by any requestor, except those held by the courts or the White House. However, there are numerous exceptions, long delays at many agencies, and little oversight unless a requestor files a lawsuit to enforce its rights. It was amended in 1996 by the Electronic Freedom of Information Act to specifically provide access to records in electronic form.2 Recently, the Congress enacted a "critical infrastructure information" (CII) exemption to the FOIA for the newly formed Department of Homeland Security. This exemption would shield information voluntarily provided to the government by private entities on security information from the FOIA.3 Once disclosed to the government, CII could not be used against the company in civil litigation, and government agents who disclose the information would be subject to criminal penalties and fines. Since the creation of this loophole for the DHS, other agencies have sought similar exemptions from the FOIA. There are also laws in all states on providing access to government records.4

A 2007 report by OpenTheGovernment.org and People For the American Way Foundation documents how, at a time when technology should enable government openness, the executive branch limits public access to public information.5 According to the report, President Bush has used executive orders to limit use of the Freedom of Information Act and Presidential Records Act, expanded the power to classify information for national security reasons, and created a range of new categories of "sensitive" information. In some cases, the government has gone so far as to reclassify documents that had been available to the general public for many years.

In August 2007, the Senate passed a freedom of information bill introduced by Senators Leahy and Cornyn.6 The bill ensures that anyone who gathers information to inform the public, including freelance journalist and bloggers, may seek a fee waiver when they request information under FOIA. Further, the bill imposes a 20-day time frame for responding to requests, and allows FOIA requesters to obtain attorneys’ fees when they file a lawsuit to obtain records from the government and the government releases those records before the court orders them to do so. Finally, the bill creates an Office of Government Information Services in the National Archives, an ombudsman to mediate agency-level FOIA disputes, and a Chief FOIA Officer in every federal agency.7

Safe Harbor

The United States Department of Commerce and the European Commission in June 2000 reached an agreement on the Safe Harbor negotiations, allowing US companies to continue to receive personal data from Europe. This measure was taken in response to the European Union Data Protection Directive of 1995, which prohibited the transfer of data from European countries to nations that did not comply with adequate data protection principles. More than 500 companies have joined the Safe Harbor,8 which requires organizations to assert compliance with seven principles. These principles include permitting individuals to opt-out from collection of personal data, giving individuals access to their personal data, and ensuring data integrity and security.9

In April 2004, university academicians, at the request of the European Commission, released a study that revealed numerous deficiencies in the implementation of the Safe Harbor program.10 Based on the findings, the European Commission reported in October 2004 that a "substantial minority" of the companies on the Safe Harbor list had failed to comply with the principles. Some companies had not placed a visible privacy policy or given consumers control over the sharing of their data with third parties. The European Commission encouraged data protection authorities in the European Union to suspend data flows whenever there is, in the authorities' judgment, a substantial likelihood of a violation of the Safe Harbor Principles. To address deficiencies in the management and enforcement of Safe Harbor, the European Commission asked for greater guidance by the Department of Commerce and more proactive monitoring by the FTC.11

International obligations

The US is a member of the Organization for Economic Cooperation and Development (OECD), and also has observer status at the Council of Europe. The US has signed and ratified the Cybercrime Convention.12 The US is a member of the Asia-Pacific Economic Community, and participates in the Electronic Commerce Steering Group.13


[1] Katz v. United States, 386 U.S. 954 (1967).

[2] See, e.g., Griswold v. Connecticut, 381 U.S. 479 (1965); Whalen v. Roe, 429 U.S. 589 (1977); Paul v. Davis, 424 U.S. 714 (1976); Lawrence v. Texas, 539 U.S. 558 (2003).

[3] McIntyre v. Ohio Elections Commission, 514 U.S. 334 (1995).

[4] NAACP v. Alabama, 357 U.S. 449 (1958).

[5] See, e.g., California Constitution, Art. I § I.

[6] These 10 states are: Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington. See National Conference of State Legislatures, Privacy Protections in State Constitutions, available at [link].

[7] United States v. Miller, 425 US 435 (1976).

[8] See Lake v. Wal-Mart Stores, Inc., 582 N.W.2d 231 (Minn. 1998), for a review of state adoption of common law privacy torts.

[9] See generally Prosser & Keeton on Torts (5th ed. 1984).