Click for next page ( 134


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 133
6 Privacy and Freedom of Information 6.1 INTRODUCTION Chapter 5 discussed how the United States and Germany differed in their approaches to resolving the tensions between formal and substan- tive values. Both countries subordinated the formal value of free speech to certain substantive values, but in the case of the United States, the trumping substantive value was an aversion to pornography, while for Germany it was an aversion to hate speech and its Nazi overtones. This chapter examines potential tensions between another substan- tive value (privacy) and a formal value (transparency in government, as exemplified by notions of "freedom of information," or FOI). The situa- tion is not quite the same as that in the earlier chapter, however. Free speech is more or less understood in the same way in both nations and it enjoys explicit constitutional protection, which can be abridged only in very limited circumstances. Privacy, on the other hand, is not interpreted in the same way in the two countries and, at least in the United States, arguments continue as to whether it enjoys constitutional protection. Freedom of information is also interpreted in different ways in the United States and Germany, and is not explicitly protected in either con- stitution. How privacy and freedom of information are actually inter- iRecall (Chapter 3) that formal values can be regarded as general principles by which individuals choose to live, while substantive values relate to specific aspects of one's envi- ronment and behavior. 133

OCR for page 133
34 GLOBAL NETWORKS AND LOCAL VALUES preted in the two countries determines when and how they are in tension as values. What kinds of information are explicitly designated as public in the pertinent statutes, and, at least in the United States, what protection of privacy is provided for in statute, determine when and how they are in tension as a legal matter. Although neither nation protects privacy or freedom of information as strongly as it does free speech, to the extent that they do provide pro- tection Germany puts greater emphasis on privacy and the United States favors transparency. Germany, and Europe more generally, have com- prehensive systems of law and regulation in place to protect privacy. The United States, by contrast, has a patchwork of incomplete protections. With respect to freedom of information, the situation is reversed. The United States has a comprehensive system that provides the public with access to an enormous range of information and data, while Germany has a patchwork system. With respect to freedom of information, both countries rely on ordi- nary legislation rather than constitutional law to specify which documents should be accessible to the public and under what terms. The situation with respect to privacy is somewhat different, in that German constitu- tional jurisprudence does recognize the right explicitly and many Ameri- can scholars argue that privacy protection is implicit in a number of con- stitutional provisions. Nevertheless, here too legislation plays the more important role in defining the meaning of the right. A further distinction between the tensions described in this chapter and the one addressed in the preceding chapter is that the threat to pri- vacy does not necessarily come about because of information made avail- able by the government; it often derives from information collected by and/or shared between private parties.2 Privacy and freedom of information are not always in tension; in some instances, society's commitment to freedom of information is the key to maintaining a person's privacy. That is, if an individual can invoke FOI rights to learn what personal information the government holds about him or her and how it has used the information, the government can be held accountable for any misuse. Thus, the person can effectively exercise some control over abuse of the information, which is one of the important dimensions of privacy. In many other cases, rights to privacy and FOI rights do not intersect at all for instance, data on the performance of the economy, on land use, 2The distinction is not always clear-cut. For example, personal data in a company's pos- session may enter government records (e.g., through a bankruptcy or other court proceed- ing). In such a case, information may be subject to FOI disclosure.

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 135 or on a host of other issues of importance to governments are not obvi- ously relevant to privacy.3 In other words, to the extent that privacy re- fers to keeping personal information private and under the control of the individual with whom it is associated, privacy rights need not conflict with the free disclosure of information relevant to the workings of gov- ernment. Even in these cases, however, the formal value of transparency of state activities is not necessarily viewed by governments as an unal- loyed good. That is, a question arises concerning the extent to which gov- ernments need to be able to deliberate in private or to control the release of raw data to prevent public panic (one end of the spectrum) or provide a desired spin (perhaps the other end). But despite these caveats, privacy rights and FOI rights do, in many instances, come into conflict. In these cases, privacy is in conflict not only with the formal value of transparency of state activities, but also with the public interest (e.g., in the prevention and prosecution of criminal of- fenses) or commercial interests (e.g., in the collection and exploitation of data). Global networks such as the Internet have raised the stakes signifi- cantly for both privacy and freedom of information. Clearly, they facili- tate dissemination of information held by both public and private institu- tions. But perhaps even more significantly, the capabilities of computers and software to mine, sort, and reorganize data have increased the ability of many institutions to exploit that information. They can more readily put it into useful formats and tease out of disparate databases compre- hensive and accessible profiles on private individuals and the actions of governmental bodies. 6.2 PRIVACY 6.2.1 The Values Involved Privacy is the epitome of a substantive value. It encompasses ideas of autonomy, dignity, and personal freedom and control, and it provides protection for the individual. Box 6.1 describes examples of what might be regarded as violations of privacy. Privacy is different from secrecy and confidentiality. Secrecy is a func- tional concept, requiring an agreement on the part of those who are party 3The development of new technologies make statements of this kind always subject to caveats. For example, the increasing capacity to mine nominally "anonymous" data to back out information about individuals is often acknowledged. Further, even when data are gathered remotely, low-orbit photoreconnaissance satellites with high resolution (or even photoreconnaissance aircraft) might yield data on the behavior of individuals.

OCR for page 133
36 GLOBAL NETWORKS AND LOCAL VALUES to some information to not share it with others. It generally does not require (or seek) the sanction of society, merely the commitment of those who share the information. Confidentiality is a more formal and social concept, a set of rules that govern the use of information held by institu- tions about individuals and the conditions under which that information can be shared. Privacy is quite distinct from both of these concepts; it refers to the right of individuals to control information about themselves- to keep it secret or to share it with others only as they see fit. Although privacy in essence serves individuals by protecting and empowering them, it also serves society and government. When a person believes that his or her privacy is threatened, that individual may become defensive, minimizing personal exposure by being cautious about ex- pressing views and disengaging from society as much as possible. But because democratic societies rely on full participation and free expression

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 137 by its citizens, the threat that gives rise to the individual's defensiveness becomes a threat to society as well. Obviously, privacy is not an absolute right. For example, commit- ments to maintain privacy may conflict with free expression (if, for ex- ample, that free expression might divulge private information). Societies have asserted a need (and therefore a right) to gather and use information about individuals for such purposes as taxation, census, and health; to hold people to their obligations as citizens; to serve them in accordance with their entitlements; and to support law enforcement efforts. Such societal assertions must be balanced against the desirability of the per- sonal right of individuals to know what information about them is being gathered and used; in that way, they can monitor the conformity of such use to law, and control any uses beyond those sanctioned purposes. Private institutions or other individuals do not have a constitutional right to violate an individual's privacy, although they may gain the privi- lege of using someone's personal information in certain ways under a contractual arrangement with that person. (On the Web, personal infor- mation is often collected under a theory of "implied consent," in which use of a Web site grants the site operator the right to collect certain per- sonal information automatically through "cookies" and the like (Box 6.2~. To illustrate the conflicting pressures, it is instructive to compare dis- closure policies for health records with policies for pizza-delivery records. There are many users who can legitimately argue for access to patient health records without the specific authorization of the patient. In order to meet a number of social, economic, and health needs, a society may allow access to some parts of health records by public health authorities, health researchers, fraud and abuse investigators, accreditation firms, and even law-enforcement agencies under some circumstances. Actually, elec- tronic databases may provide for greater privacy protection in these in- stances than traditional paper records because it is easier to limit access to only certain parts of the patient record. For pizza-delivery records, on the other hand, it may never be appropriate to allow for any nonconsensual disclosures because there are no overriding societal needs that justify it. The privacy interests of individuals are likely to be greater in their medical records, however, than in their pizza-delivery records. And, the public uproar over unauthorized release of medical records is inevitably much larger than in the case for pizza delivery records. Confidentiality of medical information has also been regarded as a prerequisite for free and candid discussions between health-care professionals and their patients. For these reasons, a culture of resistance to unauthorized disclosure of medical records is common in the health profession.

OCR for page 133
38 GLOBAL NETWORKS AND LOCAL VALUES 6.2.2 German and American Perspectives In 1983 the German Constitutional Court summarized the underlying value balance as follows: The individual . . . has the right to know and to decide on the information being processed about him. At the same time, as a social being the indi- vidual cannot avoid becoming the object of information processing. However, limitations to his basic right have only to be accepted when there is an overriding general interest and if that interest is molded into a law that follows the basic requirements of clarity and proportionality. To protect these principles a number of safeguards are required; these safeguards consist of data processing principles (correctness, timeliness, purpose limitation, fairly and lawfully obtained), derived rights (access, correction), and organizational safeguards (independent institutions).4 In the United States, the development of privacy policy has been slow and uneven, with the privacy of information collected and held by gov- ernment receiving much more attention than information collected and held by private companies and organizations. For example, the Privacy Act of 1974 (P.L. 93-579) and the subsequent Privacy Protection Study Commission both focused on information collected and held by the gov- ernment as the potential misuser of personal information. The Privacy 4BVerfGE 65,1 (41 95).

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 139 Act in particular provides a broad policy framework for privacy relevant to such information. Some specialized privacy protections applicable to nongovernmental entities emerged in the 1970s and 1980s, including the Fair Credit Report- ing Act of 1970, the Family Educational Rights and Privacy Act of 1974, the Cable Communications Policy Act of 1984, the Electronic Communi- cations Privacy Act of 1986, and the Video Privacy Protection Act of 1988. The privacy of health information was addressed in the Health Insurance Portability and Accountability Act of 1998 and the Children's Online Pri- vacy Protection Act of 1999. However, U.S. privacy policy remains un- settled, in part because of concerns about the costs (and other burdens) of compliance, ambiguity about the appropriate application of underlying philosophical principles (property and free speech, for example), and un- resolved political clashes between those who collect and process data and those who advocate for broad privacy protection. As the above paragraphs illustrate, the United States and Germany (which is much like the rest of Europe in this respect) approach privacy from very different political and legal traditions. The German approach is rooted in its experience with totalitarian regimes and military occupa- tion, which has given rise in Europe to a strong antipathy toward, even an anxiety about, invasions of privacy or illegal surveillance. On the other hand, Europeans, and Germans in particular, tend to trust their govern- ment more than Americans do and turn to it to protect their interests. Thus the first data-protection law in the world, the Hesse Data Protection Act, was passed in Germany in 1970, and it established an enforcement structure that became the model for data protection all over Europe. The act created a governmental structure to preserve each individual's pri- vacy rights, and it stipulated that the data-protection officer established under this act, though formally a public official, would be independent from all other branches of government.5 As importantly, the willingness to trust government has made it ac- ceptable for German privacy law to take a comprehensive approach. All record keepers, public and private, have to comply with fair information practices (Box 6.3~. Although earlier laws imposed different rules on pub- lic and private record keepers, more recent legislation dealing with the Internet largely removes that distinction. The 1997 Teleservices Data Pro- tection Act6 implementing the European Union directive on the protec- 5The Federal Data Protection Commissioner's independence is laid down in sect. 22 par. 4 sent. 2 and 3 of the Federal Data Protection Act. He is independent in the performance of his duties and subject to the law only. According to Art. 28 par. 1 subpart 2 of the European Directive the data protection authorities act with complete independence in exercising the functions entrusted in them. 6BGB1. I 1997 S. 1871-1872

OCR for page 133
40 GLOBAL NETWORKS AND LOCAL VALUES lion of privacy in the telecommunications sector,7 and the 2001 amend- ments to the German Federal Data Privacy Acts implementing the 1998 European Union's directive on data protection,9 apply to private compa- nies and individuals as well as to public authorities. German law does distinguish between privacy ("Schulz personenbezogener Daten") and busi- ness secrets, providing less protection for business secrets on the argu- ment that the individual rights at stake are not of the same order. Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommu- nications sector: Of ficial Journal L 024,30/01 /1998, p.0001-0008. Available online at . Federal Data Protection Act of December 20, 1990 (BGB1.I 1990 S.2954) as amended by law of May 23, 2001 (BGB1 I S. 904~. 9Council Directive 95/46/EC of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, art. 32, 1995 O.J. (L 281) 31,49 (requiring member states to adopt legislation conforming to terms of directive) [hereafter European Privacy Directive]. Available online at .

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 14 By contrast, the United States has a populist mistrust of governmental institutions and a strong tradition of relying on market forces not only to regulate the economy but to serve many social needs as well. Thus while the U.S. Congress has adopted legislation to protect personal privacy from encroachment by federal agencies,~ the regulation of private industry has moved more slowly and in a piecemeal manner. In practice, the U.S. norm is a patchwork of legislation and court decisions arising from epi- sodic scandals and political pressures from both industry and privacy advocates. Thus, highly specialized solutions have been crafted for dif- ferent technologies (e.g., statutory regimes specific to the protection of postal mail, telephone communications, e-mail, and other Internet com- munications) and for different subject areas (Box 6.4~. Finally, in U.S. law, privacy that is, the control of one's personal data is basically understood as a property right. Individuals can trans- fer or sell their property rights to a firm interested in its use or even to government, provided that the transfer is voluntary and the terms and conditions are fair. But the traditional European approach treats indi- viduals' interests in data about themselves as an inalienable liberty right- that is, a right that cannot be given up, even voluntarily. iFederal Privacy Act, 5 U.S.C. 552a.

OCR for page 133
42 GLOBAL NETWORKS AND LOCAL VALUES Yet despite the differences in legal traditions, both Germany and the United States over the last 25 years have developed what have become known as "fair information principles" that reflect substantial agreement on basic issues. This common ground is summarized in Box 6.3. The ques- tion is whether these commonalties coupled with the strong linking forces introduced by global networks in general as well as the more specific desire to exploit them for commercial uses will ultimately lead to harmoniza- tion, in which the United States moves toward the more comprehensive and integrated approach to privacy that is prevalent in Europe. If privacy is to be protected by direct legal enforcement, then there are two possible approaches (regardless of whether privacy rights are charac- terized as property or liberty interests). The first approach is to establish independent governmental data-protection authorities responsible for monitoring and enforcing fair information principles, as is done in the Ger- man system. This approach avoids the high transaction costs, and the diffi- culty of proving cause and establishing injury, that may make individual enforcement illusory. However, as a practical matter, it is difficult for pub- licly funded enforcement authorities to handle all individual complaints. The second approach is to allow individuals to bring lawsuits to pro- tect their privacy rights and to recover damages for injuries resulting from violation of those rights. This approach decentralizes enforcement of pri- vacy rights, but it may not be efficacious because it is difficult to prove cause, and the stakes involved in any particular invasion of personal pri- vacy may be so small that individuals are unwilling to pay the costs of litigation (though efficiency can be increased when numerous injury cases are grouped into class actions). 6.2.3 Technology and Privacy Individuals have many good reasons to want information about them- selves to be stored electronically and to be made available over communi- cations networks. The rapid and accurate transfer of electronically stored medical records can improve a person's medical care and might even save a life; stored credit card and address information makes Internet shop- ping convenient; and user-friendly online banking transactions have at- tracted millions of customers. Yet advances in information technology can also threaten privacy. A visitor to a Web site may involuntarily leave behind personal information that the Web site owner can later use for commercial purposes. Seem- ingly harmless fragments of information left at different sites can be com- bined into a potentially harmful aggregate. Even easier, cookies can be set in a user's hard drive, creating a built-in history of sites visited, mate- rial browsed, and purchases made. Such data can be used for marketing

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 143 purposes targeting an individual with ads that are customized to his or her tastes which may represent a convenience to some and little more than an annoyance to others. However, it is the absence of control over the collection or the use of the information that is the quintessential viola- tion of privacy, and it is not difficult to construct scenarios in which that violation can be harmful to individuals. Of course, personal information can be collected by Internet service providers as well as by Web site hosts. ISPs can and do record informa- tion on user actions for internal purposes or to comply with court orders, and this might include sites visited, the amount of information down- loaded, and when such visits occurred. Databases containing "public" information are another source of pri- vacy concern. Much of such information e.g., records pertaining to property tax, motor vehicles, drivers' licenses, convictions was hereto- fore not public because it was hard to access or extract from voluminous databases. Making such information easily available to the general pub- lic through the Internet may well be viewed as a violation of an individual's privacy rights because this allows it to be used for purposes other than those for which it was originally collected (together with the individual's implied or explicit consent). In the United States, for ex- ample, these databases have been a valuable source of information for telephone-solicitation operations. Other methods of data collection are possible as well, including records of cellular-telephone location, records of building ingress and egress (created when magnetic cards are used to gain access), and records of credit-card and telephone usage. And the World Wide Web itself is a source of information about individuals. Commercial transactions and political dialogues posted in forums create opportunities to collect infor- mation about personal interests and activities. Today, different structures exist for regulating personal data collec- tion and use in each of these areas of activity from local exchange to long distance telephone companies to cable television companies and Internet service providers. That is certainly a source of confusion and chaos. Tech- nological convergence, however, is leading companies to strive to become sole-source information providers and handlers, and the differing regula- tory traditions and customs that characterize each domain may well come to overlap, leading, at least initially, to greater turmoil even within na- tional borders. The technical convergence can also create the opportunity for a kind of regulatory arbitrage that can work to the detriment of pri- iiIn Germany, third-party access to all these kinds of information is severely controlled by law, so that the term "public" in this discussion is even more properly put in quotation marks.

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 159 "Laws, ordinances, official decrees and notices [and] also decisions and official grounds [for] decisions" cannot be copyrighted. The same applies to other official works published to satisfy the official goal of informing the public. But information collected and maintained by public agencies can be granted a private copyright when it is material actually written by private individuals. In the United States, some courts have held that certain state and local laws can sometimes be copyrighted, and have forced third parties to re- frain from reproducing or distributing primary legal information con- tained in such statutes and court decisions. For example, Peter Veeck posted on a private Web site the municipal building code for Denison, Texas. The text of this building code is actually owned by the Southern Building Code Congress International (SBCCI), a private, not-for-profit organization whose primary mission is to develop and maintain a set of model building codes. The SBCCI has developed the building code and gives it free to municipalities as an incentive for adopting it. However, sales of the code to engineers and architects is a revenue-generating enter- prise for SBCCI, and thus it sued Veeck for copyright infringement. The case is working its way through the U.S. court system; in February 2001, a panel of the Fifth Circuit Court of Appeals upheld by a vote of 2-1 that SBCCI had the right to force Veeck to refrain from publishing these mate- rials on the Web.25 It has been argued in the past that the private publication of govern- ment information is the only practical way to ensure its broad distribu- tion, and that the incentive of copyright protection is necessary to encour- age the involvement of the private sector. However, Internet and PC technologies have sharply reduced the costs and increased the ability of government agencies to publish their own material. As noted earlier, these same technologies have also created incentives for the private sector to create value-added products from the raw data produced by govern- ment agencies. The challenge is to develop appropriate criteria to protect private-sector innovations that enhance the usability of original govern- ment data without depriving the public of its access to that data.26 25The opinion of the panel can be found at . A press article on this controversy is in Daniel Fisher, 2001, "We Own That Law," Forbes, April 30, p. 60. 26This is a topic of ongoing debate in the United States. The Computer Science and Tele- communications Board is participating in a National Research Council project that addresses these issues for weather-related information.

OCR for page 133
160 Public Records Containing Personal Information GLOBAL NETWORKS AND LOCAL VALUES Public records that contain personal information create an obvious conflict between freedom of information and privacy rights. In principle, this is not a new concern, but advances in information technology have made it a practical concern. In the past, the cost and effort of extracting personal data from public records was so great that few attempted it. However, as such records are computerized and become available under freedom-of-information law, the threat to privacy becomes quite real. Whether privacy or freedom of information takes precedence depends on the particular situation. If the invasion of an individual's privacy is limited and noninjurious, one might argue that the cost is worth the ben- efit of retaining the public's access to government information. On the other hand, if the interest in access to public records is purely commercial and unrelated to the democratic and integrative functions of freedom of information, then one might argue that protection of individual privacy should be given greater weight. In addition to facilitating the mining of databases for personal infor- mation, technological advances affect the balance of rights in two other ways. First, information technology enables "profiling" the linking of data from a number of different sources to create much more serious in- vasions of individual privacy than would be possible with any single record. The possibilities for such profiling are thus an element in judging the harm to individuals that results from granting access to public records, though the number of actual instances in which an individual has been harmed by profiling is apparently small. Second, and on the other hand, information technology also facilitates the anonymization of data, a prac- tice that can help to protect privacy without compromising the public's access to the aggregated database.27 Some have argued that anonymizing data can reduce its worth be- cause the process essentially blocks certain information that might, in fact, be useful. But that raises the question of whether the competing prin- ciples of privacy and public interest have, in the past, been thoroughly weighed in deciding what information on individuals it is appropriate for governments to collect. In the past, the government may have had no alternative but to gather more information than it had a right to gather, in order to glean the information that it needed and to which it was entitled. The practice may not have been challenged because, as a practical matter, there were limitations on the misuse of the private data. However, the 27Such an outcome depends on the particulars of the data in question, because sometimes even anonymized data can be assembled in such a way as to uniquely identify an indi- vidual.

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 161 mere fact that the government has collected or is in possession of the ag- gregated database does not mean that it is actually entitled to use all of the data or to use it for any purpose. Because technology increases the ability to link information, the potential for such misuse by government- and others increases, and government agencies will have to revise their past approaches to collecting data and weigh the competing claims of pri- vacy and public need more rigorously. Notes, Drafts, and Intermediate Documents of Public Officials and Bodies Documents that shed light on the administrative aspects of government's decision-making process (e.g., preliminary or internal drafts) present thorny problems, and how far a society should go in pro- viding access to such documents is a matter requiring much further dis- cussion.28 On the one hand, transparency in the political and administra- tive decision-making process is of major importance in a democracy and one of the strongest arguments for a freedom-of-information principle. On the other hand, disclosure of every conversation and recorded thought between administrators or judges and their advisors would have a chill- ing effect on candid deliberation that would, in fact, reduce the quality of decisions. Government needs space and time in which to assess argu- ments and conduct internal debates with a certain degree of privacy of its own. Technology (though not necessarily as part of global networks) again complicates matters. In the past, a good deal of highly informal conversa- tion might have taken place on the telephone or in face-to-face meetings. It was possible to record these kinds of conversations, but not required.29 When they were recorded, they might well have been subject to freedom- of-information requests (or subpoena, as Richard Nixon learned). The applicability of freedom-of-information regulations in these instances was often debated, even litigated. But the participants had an option that al- lowed them to control the balance between privacy privilege and the public's right to information; except where public meetings were involved (itself a question of definition), they could decide whether or not to record the conversation. 28It was discussed in the United Kingdom. See "Your Right to Know. The Government's Proposals for a Freedom of Information Act," presented to Parliament by the Chancellor of the Duchy of Lancaster by Command of Her Majesty, December 1997. Available online at (03.03.2000~. 29Indeed, in many jurisdictions, it would be illegal to record such conversations for ex- ample, if the recording were carried out by third parties or without appropriate notice.

OCR for page 133
62 GLOBAL NETWORKS AND LOCAL VALUES Now, many of these same interactions are conducted through vehicles such as e-mail or bulletin board postings. Electronic records of these ex- changes exist and are frequently the subject of freedom-of-information requests. In effect, technology has shifted the balance and the control without any change in the substantive social and political facts. In this, as in other instances, each society must determine if the shift is consistent with its balance of the values involved. The technology itself should not be the determining factor. Records Associated with Publicly Funded Research A relatively new area of contention, particularly in the United States, is the public accessibility of research data produced with government grants. Although the principle of openness in research is, in and of itself, an important value in the scientific community, freedom-of-information requests for scientific data in recent years seem to have been motivated by political agendas outside that community. As scientists have become more engaged in issues with strong political overtones such as the health effects of tobacco, the environmental effects of industrial wastes, or the relative contributions of nature and nurture to I.Q., lawyers, lobbyists, and other advocates have sought access to scientists' raw data. The rea- sons for such requests vary, and how they are viewed depends on the eye of the beholder. What is seen by one party as a legitimate attempt to understand the basis of a scientist's conclusions can be seen by another as an effort to discredit or harass. The matter has been further complicated by the heightened concern about scientific fraud. Public bodies, including congressional commit- tees, have sought access to the notebooks of scientists in order to assess the veracity of their published works. They have used forensic approaches to determine the time sequence of notebook entries, the actual (expected) randomness in raw data, the inclusion or exclusion of data in final re- ports, and the laboratory instruments actually used in measurements. In so doing, they have tried to assess not only the integrity of scientists, but their competence as well. In some respects, this is a rather new facet of the issue of privacy. That is, to what extent is the practice of one's profession the way one thinks, how one creates, what one's personal style is like a public activ- ity for which the researcher must be accountable? Where should we draw the line between legitimate access and inappropriate revelation of one's personal information and idiosyncrasies? The balance to be struck must ensure accountability while respecting the intellectual process and avoid- ing the chilling effects of harassment or intimidation. The U.S. Congress attempted to balance these considerations in a law

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 163 recently enacted30 that requires all recipients of federal research grants to disclose research data in accordance with the provisions of the Freedom of Information Act. However, the law defines the term "research data" as "the recorded factual material commonly accepted in the scientific com- munity as necessary to validate research findings, but not" such things as trade secrets, commercial information, personnel and medical informa- tion, and any "similar information which is protected under law." In ad- dition, it limits the application of the new provision to "research data re- lating to published research findings," which it defines as either "[rJesearch findings [that] are published in a peer-reviewed scientific or technical journal" or those that are "publicly and officially cited . . . in support of an agency action that has the force and effect of law." It is too early to assess the effects of the law, because it is still being shaped as administrators develop rules for its enforcement and requests for infor- mation lead to court cases that will provide further interpretation. Cer- tainly, the issue remains one of great concern to the scientific community. 6.3.3 Global Networks Affecting Freedom of Information As with privacy, global networks exert direct and indirect pressure on national disclosure policies. Global networks are multiplying the op- tions through which citizens can gain access to information and are mak- ing it more difficult for nations to maintain restrictive policies. New Technical Options In the past, even if the public was legally entitled to access govern- mental files, in practical terms it was not easy to exercise this right. In the earliest times, the citizen had to go to the appropriate office and transcribe excerpts by hand. Photocopiers significantly reduced the logistical bur- den on these efforts. But the digital representation of public documents means that they can be searched, stored, and combined at will. Moreover, if these files are available online, access becomes so comfortable that it can become a routine operation for citizens. There has been considerable progress in this direction. Congressional legislation is available online; all of the opinions of the U.S. federal appel- late courts are available in full-text form and in popular word-processing formats on the Web, and a growing number of state courts and agencies 30Office of Management and Budget's Appropriations Act for Fiscal Year 1999, Public Law No. 105-227. See FOlA Update, VoL XIX. No. 4, available online at (03.03.2000~.

OCR for page 133
64 GLOBAL NETWORKS AND LOCAL VALUES also publish information on the Web. German authorities are moving into the same direction, albeit at a somewhat slower pace. All decisions of the Bundesverfassungsgericht are already available online free of charge. Other federal courts in Germany are planning to follow, and the Euro- pean Commission has launched a similar initiative. The Modest Effect of Globalization Although the Internet has had a strong impact on national policies concerning free speech and privacy, its effect on FOI policies is much weaker because it is the disclosure of information held by local govern- ments that is often at issue. Global networks do not change the local char- acter of the source. Thus, even under changed technological conditions, each country can in principle pursue its own policy. However, for a num- ber of reasons, this may be an unwise choice for nations where present policy appears to limit freedom of information, or at least to not promote it vigorously. First, global networks expose people to new ideas from other places. Thus citizens in a more restrictive nation who see examples of govern- mental openness in other nations may demand more openness and access at home.3~ Given the pronounced differences in regulatory traditions, there is a great potential for such policy diffusion. Of course, it took hun- dreds of years for the legal structure providing for freedom of informa- tion to spread beyond the borders of Sweden (where the first law on the subject was enacted in 1766~. But with the present high degree of connect- edness between nations it is inconceivable that a concept such as freedom of information could long remain contained within the borders of one or a few nations. Other hastening factors include the concept's inherently de- mocracy-promoting character, the United States' broad commitment to it, and its manifestation on the Web. In the United States, freedom-of-information norms are expressed in a collection of federal and state statutes: the Freedom of Information Act of 1966; 32 the Paperwork Reduction Act of 1980 (revised subsequently in 1995~;33 the Federal Register Act of 1935;34 and the Electronic Freedom of 3iOf course, such change is possible only when the government of the more restrictive nation is responsive to the popular will. Indeed, some government in general, those of the more authoritarian nations may impose restrictions on access to certain Internet content precisely in order to prevent their citizens from seeing the openness of other nations. 325 U.S.C. 552. 33Paperwork Reduction Act of 1980 (94 Stat. 2825; 44 U.S.C. 3503 note) [set out as a note under 3503 of Title 44, Public Printing and Documents]. 3444 U.S.C. 1505.

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 165 Information Act of 1996.35 Most American states also have freedom-of- information laws. These typically adopt the same norms as those of the federal laws. There are, however, some differences. Many states provide no deadlines for agency responses to private requests for information. Others are vague about the availability of judicial review. Still others require the identification of a legitimate private interest in the informa- tion requested. And some distinguish between requests that are made for personal reasons, which are favored, and those made by commercial enti- ties for a profit-making purpose, which are not favored.36 Germany, on the other hand, has not yet established a Freedom of Information Act at the federal level. The only applicable provisions are those of the German Basic Law art. 5, subsec. 137 and the Federal Law on Administrative Procedure 29, 30.38 These legal instruments, however, actually express a principle of secrecy rather than openness, restricting provision of information on administrative procedures to persons who take part in the procedures or who might be affected by their outcomes. This tradition obviously does not give rise to a general public right to government information, and no other specific law addresses such access. Still, there is currently some movement away from government se- crecy and toward greater transparency, both in Germany and throughout Europe. The general approach is to build on the foundation of individual rights, beginning with the existing rights of participants in particular pro- ceedings to obtain information pertinent to those proceedings. This is rather different from the American approach, which links freedom of in- formation to democratic oversight of governmental operations and thus grants rights of access to all citizens. Nonetheless, the strategy has al- ready been successful in several cases. For example, in 1994, the German Federal Freedom of Access to Environmental Information Act was adopted,39 implementing a European Union directive granting access to environmental information held by public authorities.40 35Electronic FOIA Amendments Act of 1996, P.L. 104-231, 110 Stat. 3048 (Oct. 2, 1996), amending 5 U.S.C. 552. 36Media requests, which obviously serve commercial, profit-making purposes, have al- ways been given exceptional status in the United States under the protection of the First Amendment of the Constitution (see Chapter 8~. 37Grundgesetz fur die Bundesrepublik Deutschland of May 23, 1949 (BGB1. I S. 1) as amended up to and including Gesetz zur Anderung des Grundgesetzes of July 16, 1998 (BGB1. I S. 1822~. 38Verwaltungsverfahrensgesetz vom 25 Mai 1976 (BGB1. I S.1253), as amended up to and including Gesetz of August 6, 1998 (BGB1 I 1998, 2022~. 39BGB1. I, 1490. 40Council Directive 90/313 /EEC of 7 June 1990 on the freedom of access to information on the environment, Official Journal L 158, 23/06/1990, p. 0056-0058. See . Note that the directive allows a number

OCR for page 133
66 GLOBAL NETWORKS AND LOCAL VALUES On the state level, the East German States of Brandenburg and Mecklenburg-Vorpommern provide a general right of access to informa- tion in their constitutions. General freedom-of-information acts were also enacted in Brandenburg and Berlin42 in 1998 and 1999, respectively. However, comprehensive nationwide or EU-wide legislation on freedom of information is not yet a reality, although it is becoming a goal. Indeed, the present coalition government in Germany has expressed its intention to enact a general freedom-of-information law on the federal level. In addition, Directorate General 13 of the European Commission has been working for more than 5 years on the development of a legal regime for freedom of information, seeking to implement the transparency guaran- tee of the Maastricht treaty. However, recently published drafts have been criticized for being too tentative (Box 6.9~. Second, the impact of global networks is not limited to disseminating a normative yardstick. A restrictive national policy with respect to free- dom-of-information principles can be undermined to a certain extent by use of the Internet. Ironically, this became obvious recently as drafts of the European Community's freedom-of-information regulation were leaked and published on the Internet. Third, and perhaps most important, economic considerations in a glo- balized world may provide an even stronger motivation for adopting free- dom-of-information principles in Germany. As the European Com- mission's "Green Paper on Access to Public Information"43 states, "Without user-friendly and readily available administrative, legislative, financial, or other public information, economic actors cannot make fully informed decisions." Therefore, the Commission notes, "the ready avail- ability of public information is an absolute prerequisite for the competi- tiveness of European industry. In this respect, EU companies are at a serious competitive disadvantage compared to their American counter- of exemptions that specify environmental information that can be withheld from the public. Specifically, it may be withheld if the release of the information affects the "confidentiality of the proceedings of public authorities, international relations and national defence; public security; matters which are, or have been, sub judice, or under inquiry (including disciplin- ary inquiries), or which are the subject of preliminary investigation proceedings; commer- cial and industrial confidentiality, including intellectual property; the confidentiality of per- sonal data and/or files; material supplied by a third party without that party being under a legal obligation to do so; material the disclosure of which would make it more likely that the environment to which such material related would be damaged." In addition, requests for information may be refused "where it would involve the supply of unfinished documents or data or internal communications, or where the request is manifestly unreasonable or formu- lated in too general a manner." 4iAkteneinsichts- und Informationszugangsgesetz (AIG) vom 10. Marz 1998 (GVB1. I S. 46~. 42Berliner Informationsfreiheitsgesetz vom 15. Oktober 1999 (GVB1. I, S.561~. 43COM (1998) 585 final.

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 167 parts, which benefit from a highly developed, efficient public-informa- tion system at all levels of the administration." In addition, public-sector information may itself be a vehicle for economic growth, as the public sector is the biggest single producer of information in areas such as legis- lation, statistics, culture, finance, geography, transport, and research. Box 6.10 provides more discussion. Because nations can determine their own FOI policies that are, in their essence, nonoverlapping, there is no particular need for international harmonization of freedom-of-information laws. It is important, how-

OCR for page 133
68 GLOBAL NETWORKS AND LOCAL VALUES ever, to ensure that international treaties do not hamper national free- dom-of-information policies. A case in point is internationally harmo- nized copyright law. So far, the pertinent international rules are silent with respect to copyrighting governmental information; neither the TRIPs agreements under the WTO treaty,44 the Berne treaty,45 nor the 44The TRIPS Agreement (Agreement on Trade-Related Aspects of Intellectual Property Rights) is Annex 1C of the Marrakesh Agreement Establishing the World Trade Organiza- tion signed in Morocco on 15 April 1994. It is available online at . 45Berne Convention for the Protection of Literary and Artistic Works of September 9,1886, as amended on September 28, 1979, UNTS No. 11850, available online at .

OCR for page 133
PRIVACY AND FREEDOM OF INFORMATION 169 World Intellectual Property Organization (WIPO) conventions46 deal with the issue. If they were extended to such information, the potential for conflict between treaty obligation and FOI for government data would be obvious. NOTE ADDED IN PROOF In the wake of the horrific events in New York City and Washington, D.C., on September 11, 2001, the "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terror- ism" (USA PATRIOT) Act was enacted into law (P.L. 107-56~. Reflecting congressional concern that the legislative tools available to law enforce- ment were inadequate in an advanced-technology environment in which terrorists can freely travel and operate relatively free of the constraints imposed by national borders, the act expanded government authority to monitor Internet traffic, to compel disclosure of information contained in public and private records if approved by the judicial branch, and to share information collected in grand jury investigations with "any Federal law enforcement, intelligence, protective, immigration, national defense, or national security official in order to assist the official receiving that infor- mation in the performance of his official duties."47 This legislation has implications for privacy interests of individuals vis a vis government, and a number of public interest groups have strongly criticized this legislation for weakening protection for these interests.48 In addition, in the freedom of information domain, the Bush adminis- tration has promulgated a policy that "discretionary decision by [a federal] agency to disclose information protected under the FOIA should be made only after full and deliberate consideration of the institutional, commercial, and personal privacy interests that could be implicated by disclosure of the information.... When [an agency] carefully considers FOIA requests and deciders] to withhold records, in whole or in part, [it] can be assured that the Department of Justice will defend [its] decisions unless they lack a sound legal basis or present an unwarranted risk of adverse impact on the ability of other agencies to protect other important records."49 46WIPO Copyright Treaty adopted by the Diplomatic Conference on certain copyright and neighboring rights questions, Geneva, on December 20, 1996 and WIPO Performances and Phonograms Treaty adopted by the Diplomatic Conference on December 20, 1996. Available online at . 47See . 48See, for example and . 49See .