Surveillance & Privacy

What the “Interior Security” Executive Order does to Foreigners’ Privacy Rights

Stewart Baker, Zachary Schreiber
Friday, February 3, 2017, 11:52 AM

Last week, Adam Klein and Carrie Cordero persuasively argued against a broad reading of the Privacy Act language in the Executive Order on “Enhancing Public Safety in the Interior of the United States.” While the Executive Order primarily focuses on immigration, Section 14 states:

Published by The Lawfare Institute
in Cooperation With
Brookings

Last week, Adam Klein and Carrie Cordero persuasively argued against a broad reading of the Privacy Act language in the Executive Order on “Enhancing Public Safety in the Interior of the United States.” While the Executive Order primarily focuses on immigration, Section 14 states:

Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.”

Always eager to pick a privacy fight (actually, the same privacy fight) with the United States, some Brussels officials immediately detected a plan to overturn a recently negotiated deal extending Privacy Act rights to some Europeans. There were quick calls to suspend Privacy Shield if adequacy protections were no longer met. The deal extending Privacy Act rights, however, was implemented by a separate statute—the Judicial Redress Act—which remains in effect. Perhaps President Trump will push back against Europe’s longstanding privacy protectionism, but, as Adam and Carrie demonstrated, this provision is not aimed at Europe.

This raises the question: What is the provision aimed at? The short (and only a bit unfair) answer it that it seems to be intended to roll back the excesses of the Ford administration.

More than 40 years ago, the Office of Management and Budget (“OMB”) issued guidance that agencies should, as a matter of privacy policy, afford Privacy Act rights to noncitizens if their data exists in a mixed-record system (meaning a system that contains both citizen and noncitizen personally identifiable information). Agencies, such as DHS, have put in place policies that follow this OMB guidance. For years, this has extended informal, administrative Privacy Act rights to noncitizens, to the extent their data existed in a mixed-record system.

Those days are now over, except for nationals of the European Union and perhaps of other nations that are willing to bargain on their behalf.


Stewart A. Baker is a partner in the Washington office of Steptoe & Johnson LLP. He returned to the firm following 3½ years at the Department of Homeland Security as its first Assistant Secretary for Policy. He earlier served as general counsel of the National Security Agency.
Zachary Schreiber is an associate at Steptoe & Johnson LLP, practicing primarily in complex commercial disputes and professional malpractice. He holds a J.D. from Columbia Law School, where he served as a senior editor of the Columbia Law Review. Prior to joining Steptoe, he clerked for Judge Victor Marrero in the United States District Court for the Southern District of New York.

Subscribe to Lawfare