Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 133
6
Privacy and Freedom of Information
6.1 INTRODUCTION
Chapter 5 discussed how the United States and Germany differed in
their approaches to resolving the tensions between formal and substan-
tive values. Both countries subordinated the formal value of free speech
to certain substantive values, but in the case of the United States, the
trumping substantive value was an aversion to pornography, while for
Germany it was an aversion to hate speech and its Nazi overtones.
This chapter examines potential tensions between another substan-
tive value (privacy) and a formal value (transparency in government, as
exemplified by notions of "freedom of information," or FOI). The situa-
tion is not quite the same as that in the earlier chapter, however. Free
speech is more or less understood in the same way in both nations and it
enjoys explicit constitutional protection, which can be abridged only in
very limited circumstances. Privacy, on the other hand, is not interpreted
in the same way in the two countries and, at least in the United States,
arguments continue as to whether it enjoys constitutional protection.
Freedom of information is also interpreted in different ways in the
United States and Germany, and is not explicitly protected in either con-
stitution. How privacy and freedom of information are actually inter-
iRecall (Chapter 3) that formal values can be regarded as general principles by which
individuals choose to live, while substantive values relate to specific aspects of one's envi-
ronment and behavior.
133
OCR for page 134
34
GLOBAL NETWORKS AND LOCAL VALUES
preted in the two countries determines when and how they are in tension
as values. What kinds of information are explicitly designated as public in
the pertinent statutes, and, at least in the United States, what protection of
privacy is provided for in statute, determine when and how they are in
tension as a legal matter.
Although neither nation protects privacy or freedom of information
as strongly as it does free speech, to the extent that they do provide pro-
tection Germany puts greater emphasis on privacy and the United States
favors transparency. Germany, and Europe more generally, have com-
prehensive systems of law and regulation in place to protect privacy. The
United States, by contrast, has a patchwork of incomplete protections.
With respect to freedom of information, the situation is reversed. The
United States has a comprehensive system that provides the public with
access to an enormous range of information and data, while Germany has
a patchwork system.
With respect to freedom of information, both countries rely on ordi-
nary legislation rather than constitutional law to specify which documents
should be accessible to the public and under what terms. The situation
with respect to privacy is somewhat different, in that German constitu-
tional jurisprudence does recognize the right explicitly and many Ameri-
can scholars argue that privacy protection is implicit in a number of con-
stitutional provisions. Nevertheless, here too legislation plays the more
important role in defining the meaning of the right.
A further distinction between the tensions described in this chapter
and the one addressed in the preceding chapter is that the threat to pri-
vacy does not necessarily come about because of information made avail-
able by the government; it often derives from information collected by
and/or shared between private parties.2
Privacy and freedom of information are not always in tension; in some
instances, society's commitment to freedom of information is the key to
maintaining a person's privacy. That is, if an individual can invoke FOI
rights to learn what personal information the government holds about
him or her and how it has used the information, the government can be
held accountable for any misuse. Thus, the person can effectively exercise
some control over abuse of the information, which is one of the important
dimensions of privacy.
In many other cases, rights to privacy and FOI rights do not intersect
at all for instance, data on the performance of the economy, on land use,
2The distinction is not always clear-cut. For example, personal data in a company's pos-
session may enter government records (e.g., through a bankruptcy or other court proceed-
ing). In such a case, information may be subject to FOI disclosure.
OCR for page 135
PRIVACY AND FREEDOM OF INFORMATION
135
or on a host of other issues of importance to governments are not obvi-
ously relevant to privacy.3 In other words, to the extent that privacy re-
fers to keeping personal information private and under the control of the
individual with whom it is associated, privacy rights need not conflict
with the free disclosure of information relevant to the workings of gov-
ernment. Even in these cases, however, the formal value of transparency
of state activities is not necessarily viewed by governments as an unal-
loyed good. That is, a question arises concerning the extent to which gov-
ernments need to be able to deliberate in private or to control the release
of raw data to prevent public panic (one end of the spectrum) or provide
a desired spin (perhaps the other end).
But despite these caveats, privacy rights and FOI rights do, in many
instances, come into conflict. In these cases, privacy is in conflict not only
with the formal value of transparency of state activities, but also with the
public interest (e.g., in the prevention and prosecution of criminal of-
fenses) or commercial interests (e.g., in the collection and exploitation of
data).
Global networks such as the Internet have raised the stakes signifi-
cantly for both privacy and freedom of information. Clearly, they facili-
tate dissemination of information held by both public and private institu-
tions. But perhaps even more significantly, the capabilities of computers
and software to mine, sort, and reorganize data have increased the ability
of many institutions to exploit that information. They can more readily
put it into useful formats and tease out of disparate databases compre-
hensive and accessible profiles on private individuals and the actions of
governmental bodies.
6.2 PRIVACY
6.2.1 The Values Involved
Privacy is the epitome of a substantive value. It encompasses ideas of
autonomy, dignity, and personal freedom and control, and it provides
protection for the individual. Box 6.1 describes examples of what might
be regarded as violations of privacy.
Privacy is different from secrecy and confidentiality. Secrecy is a func-
tional concept, requiring an agreement on the part of those who are party
3The development of new technologies make statements of this kind always subject to
caveats. For example, the increasing capacity to mine nominally "anonymous" data to back
out information about individuals is often acknowledged. Further, even when data are
gathered remotely, low-orbit photoreconnaissance satellites with high resolution (or even
photoreconnaissance aircraft) might yield data on the behavior of individuals.
OCR for page 136
36
GLOBAL NETWORKS AND LOCAL VALUES
to some information to not share it with others. It generally does not
require (or seek) the sanction of society, merely the commitment of those
who share the information. Confidentiality is a more formal and social
concept, a set of rules that govern the use of information held by institu-
tions about individuals and the conditions under which that information
can be shared. Privacy is quite distinct from both of these concepts; it
refers to the right of individuals to control information about themselves-
to keep it secret or to share it with others only as they see fit.
Although privacy in essence serves individuals by protecting and
empowering them, it also serves society and government. When a person
believes that his or her privacy is threatened, that individual may become
defensive, minimizing personal exposure by being cautious about ex-
pressing views and disengaging from society as much as possible. But
because democratic societies rely on full participation and free expression
OCR for page 137
PRIVACY AND FREEDOM OF INFORMATION
137
by its citizens, the threat that gives rise to the individual's defensiveness
becomes a threat to society as well.
Obviously, privacy is not an absolute right. For example, commit-
ments to maintain privacy may conflict with free expression (if, for ex-
ample, that free expression might divulge private information). Societies
have asserted a need (and therefore a right) to gather and use information
about individuals for such purposes as taxation, census, and health; to
hold people to their obligations as citizens; to serve them in accordance
with their entitlements; and to support law enforcement efforts. Such
societal assertions must be balanced against the desirability of the per-
sonal right of individuals to know what information about them is being
gathered and used; in that way, they can monitor the conformity of such
use to law, and control any uses beyond those sanctioned purposes.
Private institutions or other individuals do not have a constitutional
right to violate an individual's privacy, although they may gain the privi-
lege of using someone's personal information in certain ways under a
contractual arrangement with that person. (On the Web, personal infor-
mation is often collected under a theory of "implied consent," in which
use of a Web site grants the site operator the right to collect certain per-
sonal information automatically through "cookies" and the like (Box 6.2~.
To illustrate the conflicting pressures, it is instructive to compare dis-
closure policies for health records with policies for pizza-delivery records.
There are many users who can legitimately argue for access to patient
health records without the specific authorization of the patient. In order
to meet a number of social, economic, and health needs, a society may
allow access to some parts of health records by public health authorities,
health researchers, fraud and abuse investigators, accreditation firms, and
even law-enforcement agencies under some circumstances. Actually, elec-
tronic databases may provide for greater privacy protection in these in-
stances than traditional paper records because it is easier to limit access to
only certain parts of the patient record. For pizza-delivery records, on the
other hand, it may never be appropriate to allow for any nonconsensual
disclosures because there are no overriding societal needs that justify it.
The privacy interests of individuals are likely to be greater in their
medical records, however, than in their pizza-delivery records. And, the
public uproar over unauthorized release of medical records is inevitably
much larger than in the case for pizza delivery records. Confidentiality of
medical information has also been regarded as a prerequisite for free and
candid discussions between health-care professionals and their patients.
For these reasons, a culture of resistance to unauthorized disclosure of
medical records is common in the health profession.
OCR for page 138
38
GLOBAL NETWORKS AND LOCAL VALUES
6.2.2 German and American Perspectives
In 1983 the German Constitutional Court summarized the underlying
value balance as follows:
The individual . . . has the right to know and to decide on the information
being processed about him. At the same time, as a social being the indi-
vidual cannot avoid becoming the object of information processing.
However, limitations to his basic right have only to be accepted when
there is an overriding general interest and if that interest is molded into
a law that follows the basic requirements of clarity and proportionality.
To protect these principles a number of safeguards are required; these
safeguards consist of data processing principles (correctness, timeliness,
purpose limitation, fairly and lawfully obtained), derived rights (access,
correction), and organizational safeguards (independent institutions).4
In the United States, the development of privacy policy has been slow
and uneven, with the privacy of information collected and held by gov-
ernment receiving much more attention than information collected and
held by private companies and organizations. For example, the Privacy
Act of 1974 (P.L. 93-579) and the subsequent Privacy Protection Study
Commission both focused on information collected and held by the gov-
ernment as the potential misuser of personal information. The Privacy
4BVerfGE 65,1 (41 95).
OCR for page 139
PRIVACY AND FREEDOM OF INFORMATION
139
Act in particular provides a broad policy framework for privacy relevant
to such information.
Some specialized privacy protections applicable to nongovernmental
entities emerged in the 1970s and 1980s, including the Fair Credit Report-
ing Act of 1970, the Family Educational Rights and Privacy Act of 1974,
the Cable Communications Policy Act of 1984, the Electronic Communi-
cations Privacy Act of 1986, and the Video Privacy Protection Act of 1988.
The privacy of health information was addressed in the Health Insurance
Portability and Accountability Act of 1998 and the Children's Online Pri-
vacy Protection Act of 1999. However, U.S. privacy policy remains un-
settled, in part because of concerns about the costs (and other burdens) of
compliance, ambiguity about the appropriate application of underlying
philosophical principles (property and free speech, for example), and un-
resolved political clashes between those who collect and process data and
those who advocate for broad privacy protection.
As the above paragraphs illustrate, the United States and Germany
(which is much like the rest of Europe in this respect) approach privacy
from very different political and legal traditions. The German approach
is rooted in its experience with totalitarian regimes and military occupa-
tion, which has given rise in Europe to a strong antipathy toward, even an
anxiety about, invasions of privacy or illegal surveillance. On the other
hand, Europeans, and Germans in particular, tend to trust their govern-
ment more than Americans do and turn to it to protect their interests.
Thus the first data-protection law in the world, the Hesse Data Protection
Act, was passed in Germany in 1970, and it established an enforcement
structure that became the model for data protection all over Europe. The
act created a governmental structure to preserve each individual's pri-
vacy rights, and it stipulated that the data-protection officer established
under this act, though formally a public official, would be independent
from all other branches of government.5
As importantly, the willingness to trust government has made it ac-
ceptable for German privacy law to take a comprehensive approach. All
record keepers, public and private, have to comply with fair information
practices (Box 6.3~. Although earlier laws imposed different rules on pub-
lic and private record keepers, more recent legislation dealing with the
Internet largely removes that distinction. The 1997 Teleservices Data Pro-
tection Act6 implementing the European Union directive on the protec-
5The Federal Data Protection Commissioner's independence is laid down in sect. 22 par. 4
sent. 2 and 3 of the Federal Data Protection Act. He is independent in the performance of
his duties and subject to the law only. According to Art. 28 par. 1 subpart 2 of the European
Directive the data protection authorities act with complete independence in exercising the
functions entrusted in them.
6BGB1. I 1997 S. 1871-1872
OCR for page 140
OCR for page 141
OCR for page 142
OCR for page 143
OCR for page 159
OCR for page 160
OCR for page 161
OCR for page 162
OCR for page 163
OCR for page 164
OCR for page 165
OCR for page 166
OCR for page 167
OCR for page 168
OCR for page 169
Representative terms from entire chapter:
local values
40
GLOBAL NETWORKS AND LOCAL VALUES
lion of privacy in the telecommunications sector,7 and the 2001 amend-
ments to the German Federal Data Privacy Acts implementing the 1998
European Union's directive on data protection,9 apply to private compa-
nies and individuals as well as to public authorities. German law does
distinguish between privacy ("Schulz personenbezogener Daten") and busi-
ness secrets, providing less protection for business secrets on the argu-
ment that the individual rights at stake are not of the same order.
Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997
concerning the processing of personal data and the protection of privacy in the telecommu-
nications sector: Of ficial Journal L 024,30/01 /1998, p.0001-0008. Available online at
PRIVACY AND FREEDOM OF INFORMATION
14
By contrast, the United States has a populist mistrust of governmental
institutions and a strong tradition of relying on market forces not only to
regulate the economy but to serve many social needs as well. Thus while
the U.S. Congress has adopted legislation to protect personal privacy from
encroachment by federal agencies,~° the regulation of private industry
has moved more slowly and in a piecemeal manner. In practice, the U.S.
norm is a patchwork of legislation and court decisions arising from epi-
sodic scandals and political pressures from both industry and privacy
advocates. Thus, highly specialized solutions have been crafted for dif-
ferent technologies (e.g., statutory regimes specific to the protection of
postal mail, telephone communications, e-mail, and other Internet com-
munications) and for different subject areas (Box 6.4~.
Finally, in U.S. law, privacy that is, the control of one's personal
data is basically understood as a property right. Individuals can trans-
fer or sell their property rights to a firm interested in its use or even to
government, provided that the transfer is voluntary and the terms and
conditions are fair. But the traditional European approach treats indi-
viduals' interests in data about themselves as an inalienable liberty right-
that is, a right that cannot be given up, even voluntarily.
i°Federal Privacy Act, 5 U.S.C. § 552a.
42
GLOBAL NETWORKS AND LOCAL VALUES
Yet despite the differences in legal traditions, both Germany and the
United States over the last 25 years have developed what have become
known as "fair information principles" that reflect substantial agreement
on basic issues. This common ground is summarized in Box 6.3. The ques-
tion is whether these commonalties coupled with the strong linking forces
introduced by global networks in general as well as the more specific desire
to exploit them for commercial uses will ultimately lead to harmoniza-
tion, in which the United States moves toward the more comprehensive
and integrated approach to privacy that is prevalent in Europe.
If privacy is to be protected by direct legal enforcement, then there are
two possible approaches (regardless of whether privacy rights are charac-
terized as property or liberty interests). The first approach is to establish
independent governmental data-protection authorities responsible for
monitoring and enforcing fair information principles, as is done in the Ger-
man system. This approach avoids the high transaction costs, and the diffi-
culty of proving cause and establishing injury, that may make individual
enforcement illusory. However, as a practical matter, it is difficult for pub-
licly funded enforcement authorities to handle all individual complaints.
The second approach is to allow individuals to bring lawsuits to pro-
tect their privacy rights and to recover damages for injuries resulting from
violation of those rights. This approach decentralizes enforcement of pri-
vacy rights, but it may not be efficacious because it is difficult to prove
cause, and the stakes involved in any particular invasion of personal pri-
vacy may be so small that individuals are unwilling to pay the costs of
litigation (though efficiency can be increased when numerous injury cases
are grouped into class actions).
6.2.3 Technology and Privacy
Individuals have many good reasons to want information about them-
selves to be stored electronically and to be made available over communi-
cations networks. The rapid and accurate transfer of electronically stored
medical records can improve a person's medical care and might even save
a life; stored credit card and address information makes Internet shop-
ping convenient; and user-friendly online banking transactions have at-
tracted millions of customers.
Yet advances in information technology can also threaten privacy. A
visitor to a Web site may involuntarily leave behind personal information
that the Web site owner can later use for commercial purposes. Seem-
ingly harmless fragments of information left at different sites can be com-
bined into a potentially harmful aggregate. Even easier, cookies can be
set in a user's hard drive, creating a built-in history of sites visited, mate-
rial browsed, and purchases made. Such data can be used for marketing
PRIVACY AND FREEDOM OF INFORMATION
143
purposes targeting an individual with ads that are customized to his or
her tastes which may represent a convenience to some and little more
than an annoyance to others. However, it is the absence of control over
the collection or the use of the information that is the quintessential viola-
tion of privacy, and it is not difficult to construct scenarios in which that
violation can be harmful to individuals.
Of course, personal information can be collected by Internet service
providers as well as by Web site hosts. ISPs can and do record informa-
tion on user actions for internal purposes or to comply with court orders,
and this might include sites visited, the amount of information down-
loaded, and when such visits occurred.
Databases containing "public" information are another source of pri-
vacy concern. Much of such information e.g., records pertaining to
property tax, motor vehicles, drivers' licenses, convictions was hereto-
fore not public because it was hard to access or extract from voluminous
databases. Making such information easily available to the general pub-
lic through the Internet may well be viewed as a violation of an
individual's privacy rights because this allows it to be used for purposes
other than those for which it was originally collected (together with the
individual's implied or explicit consent). In the United States, for ex-
ample, these databases have been a valuable source of information for
telephone-solicitation operations.
Other methods of data collection are possible as well, including
records of cellular-telephone location, records of building ingress and
egress (created when magnetic cards are used to gain access), and records
of credit-card and telephone usage. And the World Wide Web itself is a
source of information about individuals. Commercial transactions and
political dialogues posted in forums create opportunities to collect infor-
mation about personal interests and activities.
Today, different structures exist for regulating personal data collec-
tion and use in each of these areas of activity from local exchange to long
distance telephone companies to cable television companies and Internet
service providers. That is certainly a source of confusion and chaos. Tech-
nological convergence, however, is leading companies to strive to become
sole-source information providers and handlers, and the differing regula-
tory traditions and customs that characterize each domain may well come
to overlap, leading, at least initially, to greater turmoil even within na-
tional borders. The technical convergence can also create the opportunity
for a kind of regulatory arbitrage that can work to the detriment of pri-
iiIn Germany, third-party access to all these kinds of information is severely controlled by
law, so that the term "public" in this discussion is even more properly put in quotation
marks.
PRIVACY AND FREEDOM OF INFORMATION
159
"Laws, ordinances, official decrees and notices [and] also decisions and
official grounds [for] decisions" cannot be copyrighted. The same applies
to other official works published to satisfy the official goal of informing
the public. But information collected and maintained by public agencies
can be granted a private copyright when it is material actually written by
private individuals.
In the United States, some courts have held that certain state and local
laws can sometimes be copyrighted, and have forced third parties to re-
frain from reproducing or distributing primary legal information con-
tained in such statutes and court decisions. For example, Peter Veeck
posted on a private Web site the municipal building code for Denison,
Texas. The text of this building code is actually owned by the Southern
Building Code Congress International (SBCCI), a private, not-for-profit
organization whose primary mission is to develop and maintain a set of
model building codes. The SBCCI has developed the building code and
gives it free to municipalities as an incentive for adopting it. However,
sales of the code to engineers and architects is a revenue-generating enter-
prise for SBCCI, and thus it sued Veeck for copyright infringement. The
case is working its way through the U.S. court system; in February 2001, a
panel of the Fifth Circuit Court of Appeals upheld by a vote of 2-1 that
SBCCI had the right to force Veeck to refrain from publishing these mate-
rials on the Web.25
It has been argued in the past that the private publication of govern-
ment information is the only practical way to ensure its broad distribu-
tion, and that the incentive of copyright protection is necessary to encour-
age the involvement of the private sector. However, Internet and PC
technologies have sharply reduced the costs and increased the ability of
government agencies to publish their own material. As noted earlier,
these same technologies have also created incentives for the private sector
to create value-added products from the raw data produced by govern-
ment agencies. The challenge is to develop appropriate criteria to protect
private-sector innovations that enhance the usability of original govern-
ment data without depriving the public of its access to that data.26
25The opinion of the panel can be found at
160
Public Records Containing Personal Information
GLOBAL NETWORKS AND LOCAL VALUES
Public records that contain personal information create an obvious
conflict between freedom of information and privacy rights. In principle,
this is not a new concern, but advances in information technology have
made it a practical concern. In the past, the cost and effort of extracting
personal data from public records was so great that few attempted it.
However, as such records are computerized and become available under
freedom-of-information law, the threat to privacy becomes quite real.
Whether privacy or freedom of information takes precedence depends
on the particular situation. If the invasion of an individual's privacy is
limited and noninjurious, one might argue that the cost is worth the ben-
efit of retaining the public's access to government information. On the
other hand, if the interest in access to public records is purely commercial
and unrelated to the democratic and integrative functions of freedom of
information, then one might argue that protection of individual privacy
should be given greater weight.
In addition to facilitating the mining of databases for personal infor-
mation, technological advances affect the balance of rights in two other
ways. First, information technology enables "profiling" the linking of
data from a number of different sources to create much more serious in-
vasions of individual privacy than would be possible with any single
record. The possibilities for such profiling are thus an element in judging
the harm to individuals that results from granting access to public records,
though the number of actual instances in which an individual has been
harmed by profiling is apparently small. Second, and on the other hand,
information technology also facilitates the anonymization of data, a prac-
tice that can help to protect privacy without compromising the public's
access to the aggregated database.27
Some have argued that anonymizing data can reduce its worth be-
cause the process essentially blocks certain information that might, in fact,
be useful. But that raises the question of whether the competing prin-
ciples of privacy and public interest have, in the past, been thoroughly
weighed in deciding what information on individuals it is appropriate for
governments to collect. In the past, the government may have had no
alternative but to gather more information than it had a right to gather, in
order to glean the information that it needed and to which it was entitled.
The practice may not have been challenged because, as a practical matter,
there were limitations on the misuse of the private data. However, the
27Such an outcome depends on the particulars of the data in question, because sometimes
even anonymized data can be assembled in such a way as to uniquely identify an indi-
vidual.
PRIVACY AND FREEDOM OF INFORMATION
161
mere fact that the government has collected or is in possession of the ag-
gregated database does not mean that it is actually entitled to use all of
the data or to use it for any purpose. Because technology increases the
ability to link information, the potential for such misuse by government-
and others increases, and government agencies will have to revise their
past approaches to collecting data and weigh the competing claims of pri-
vacy and public need more rigorously.
Notes, Drafts, and Intermediate Documents of Public Officials and Bodies
Documents that shed light on the administrative aspects of
government's decision-making process (e.g., preliminary or internal
drafts) present thorny problems, and how far a society should go in pro-
viding access to such documents is a matter requiring much further dis-
cussion.28 On the one hand, transparency in the political and administra-
tive decision-making process is of major importance in a democracy and
one of the strongest arguments for a freedom-of-information principle.
On the other hand, disclosure of every conversation and recorded thought
between administrators or judges and their advisors would have a chill-
ing effect on candid deliberation that would, in fact, reduce the quality of
decisions. Government needs space and time in which to assess argu-
ments and conduct internal debates with a certain degree of privacy of its
own.
Technology (though not necessarily as part of global networks) again
complicates matters. In the past, a good deal of highly informal conversa-
tion might have taken place on the telephone or in face-to-face meetings.
It was possible to record these kinds of conversations, but not required.29
When they were recorded, they might well have been subject to freedom-
of-information requests (or subpoena, as Richard Nixon learned). The
applicability of freedom-of-information regulations in these instances was
often debated, even litigated. But the participants had an option that al-
lowed them to control the balance between privacy privilege and the
public's right to information; except where public meetings were involved
(itself a question of definition), they could decide whether or not to record
the conversation.
28It was discussed in the United Kingdom. See "Your Right to Know. The Government's
Proposals for a Freedom of Information Act," presented to Parliament by the Chancellor of
the Duchy of Lancaster by Command of Her Majesty, December 1997. Available online at
(03.03.2000~.
29Indeed, in many jurisdictions, it would be illegal to record such conversations for ex-
ample, if the recording were carried out by third parties or without appropriate notice.
62
GLOBAL NETWORKS AND LOCAL VALUES
Now, many of these same interactions are conducted through vehicles
such as e-mail or bulletin board postings. Electronic records of these ex-
changes exist and are frequently the subject of freedom-of-information
requests. In effect, technology has shifted the balance and the control
without any change in the substantive social and political facts. In this, as
in other instances, each society must determine if the shift is consistent
with its balance of the values involved. The technology itself should not
be the determining factor.
Records Associated with Publicly Funded Research
A relatively new area of contention, particularly in the United States,
is the public accessibility of research data produced with government
grants. Although the principle of openness in research is, in and of itself,
an important value in the scientific community, freedom-of-information
requests for scientific data in recent years seem to have been motivated by
political agendas outside that community. As scientists have become
more engaged in issues with strong political overtones such as the health
effects of tobacco, the environmental effects of industrial wastes, or the
relative contributions of nature and nurture to I.Q., lawyers, lobbyists,
and other advocates have sought access to scientists' raw data. The rea-
sons for such requests vary, and how they are viewed depends on the eye
of the beholder. What is seen by one party as a legitimate attempt to
understand the basis of a scientist's conclusions can be seen by another as
an effort to discredit or harass.
The matter has been further complicated by the heightened concern
about scientific fraud. Public bodies, including congressional commit-
tees, have sought access to the notebooks of scientists in order to assess
the veracity of their published works. They have used forensic approaches
to determine the time sequence of notebook entries, the actual (expected)
randomness in raw data, the inclusion or exclusion of data in final re-
ports, and the laboratory instruments actually used in measurements. In
so doing, they have tried to assess not only the integrity of scientists, but
their competence as well.
In some respects, this is a rather new facet of the issue of privacy.
That is, to what extent is the practice of one's profession the way one
thinks, how one creates, what one's personal style is like a public activ-
ity for which the researcher must be accountable? Where should we draw
the line between legitimate access and inappropriate revelation of one's
personal information and idiosyncrasies? The balance to be struck must
ensure accountability while respecting the intellectual process and avoid-
ing the chilling effects of harassment or intimidation.
The U.S. Congress attempted to balance these considerations in a law
PRIVACY AND FREEDOM OF INFORMATION
163
recently enacted30 that requires all recipients of federal research grants to
disclose research data in accordance with the provisions of the Freedom
of Information Act. However, the law defines the term "research data" as
"the recorded factual material commonly accepted in the scientific com-
munity as necessary to validate research findings, but not" such things as
trade secrets, commercial information, personnel and medical informa-
tion, and any "similar information which is protected under law." In ad-
dition, it limits the application of the new provision to "research data re-
lating to published research findings," which it defines as either
"[rJesearch findings [that] are published in a peer-reviewed scientific or
technical journal" or those that are "publicly and officially cited . . . in
support of an agency action that has the force and effect of law." It is too
early to assess the effects of the law, because it is still being shaped as
administrators develop rules for its enforcement and requests for infor-
mation lead to court cases that will provide further interpretation. Cer-
tainly, the issue remains one of great concern to the scientific community.
6.3.3 Global Networks Affecting Freedom of Information
As with privacy, global networks exert direct and indirect pressure
on national disclosure policies. Global networks are multiplying the op-
tions through which citizens can gain access to information and are mak-
ing it more difficult for nations to maintain restrictive policies.
New Technical Options
In the past, even if the public was legally entitled to access govern-
mental files, in practical terms it was not easy to exercise this right. In the
earliest times, the citizen had to go to the appropriate office and transcribe
excerpts by hand. Photocopiers significantly reduced the logistical bur-
den on these efforts. But the digital representation of public documents
means that they can be searched, stored, and combined at will. Moreover,
if these files are available online, access becomes so comfortable that it can
become a routine operation for citizens.
There has been considerable progress in this direction. Congressional
legislation is available online; all of the opinions of the U.S. federal appel-
late courts are available in full-text form and in popular word-processing
formats on the Web, and a growing number of state courts and agencies
30Office of Management and Budget's Appropriations Act for Fiscal Year 1999, Public
Law No. 105-227. See FOlA Update, VoL XIX. No. 4, available online at
64
GLOBAL NETWORKS AND LOCAL VALUES
also publish information on the Web. German authorities are moving
into the same direction, albeit at a somewhat slower pace. All decisions of
the Bundesverfassungsgericht are already available online free of charge.
Other federal courts in Germany are planning to follow, and the Euro-
pean Commission has launched a similar initiative.
The Modest Effect of Globalization
Although the Internet has had a strong impact on national policies
concerning free speech and privacy, its effect on FOI policies is much
weaker because it is the disclosure of information held by local govern-
ments that is often at issue. Global networks do not change the local char-
acter of the source. Thus, even under changed technological conditions,
each country can in principle pursue its own policy. However, for a num-
ber of reasons, this may be an unwise choice for nations where present
policy appears to limit freedom of information, or at least to not promote
it vigorously.
First, global networks expose people to new ideas from other places.
Thus citizens in a more restrictive nation who see examples of govern-
mental openness in other nations may demand more openness and access
at home.3~ Given the pronounced differences in regulatory traditions,
there is a great potential for such policy diffusion. Of course, it took hun-
dreds of years for the legal structure providing for freedom of informa-
tion to spread beyond the borders of Sweden (where the first law on the
subject was enacted in 1766~. But with the present high degree of connect-
edness between nations it is inconceivable that a concept such as freedom
of information could long remain contained within the borders of one or a
few nations. Other hastening factors include the concept's inherently de-
mocracy-promoting character, the United States' broad commitment to it,
and its manifestation on the Web.
In the United States, freedom-of-information norms are expressed in
a collection of federal and state statutes: the Freedom of Information Act
of 1966; 32 the Paperwork Reduction Act of 1980 (revised subsequently in
1995~;33 the Federal Register Act of 1935;34 and the Electronic Freedom of
3iOf course, such change is possible only when the government of the more restrictive
nation is responsive to the popular will. Indeed, some government in general, those of the
more authoritarian nations may impose restrictions on access to certain Internet content
precisely in order to prevent their citizens from seeing the openness of other nations.
325 U.S.C. § 552.
33Paperwork Reduction Act of 1980 (94 Stat. 2825; 44 U.S.C. § 3503 note) [set out as a note
under § 3503 of Title 44, Public Printing and Documents].
3444 U.S.C. § 1505.
PRIVACY AND FREEDOM OF INFORMATION
165
Information Act of 1996.35 Most American states also have freedom-of-
information laws. These typically adopt the same norms as those of the
federal laws. There are, however, some differences. Many states provide
no deadlines for agency responses to private requests for information.
Others are vague about the availability of judicial review. Still others
require the identification of a legitimate private interest in the informa-
tion requested. And some distinguish between requests that are made for
personal reasons, which are favored, and those made by commercial enti-
ties for a profit-making purpose, which are not favored.36
Germany, on the other hand, has not yet established a Freedom of
Information Act at the federal level. The only applicable provisions are
those of the German Basic Law art. 5, subsec. 137 and the Federal Law on
Administrative Procedure §§ 29, 30.38 These legal instruments, however,
actually express a principle of secrecy rather than openness, restricting
provision of information on administrative procedures to persons who
take part in the procedures or who might be affected by their outcomes.
This tradition obviously does not give rise to a general public right to
government information, and no other specific law addresses such access.
Still, there is currently some movement away from government se-
crecy and toward greater transparency, both in Germany and throughout
Europe. The general approach is to build on the foundation of individual
rights, beginning with the existing rights of participants in particular pro-
ceedings to obtain information pertinent to those proceedings. This is
rather different from the American approach, which links freedom of in-
formation to democratic oversight of governmental operations and thus
grants rights of access to all citizens. Nonetheless, the strategy has al-
ready been successful in several cases. For example, in 1994, the German
Federal Freedom of Access to Environmental Information Act was
adopted,39 implementing a European Union directive granting access to
environmental information held by public authorities.40
35Electronic FOIA Amendments Act of 1996, P.L. 104-231, 110 Stat. 3048 (Oct. 2, 1996),
amending 5 U.S.C. § 552.
36Media requests, which obviously serve commercial, profit-making purposes, have al-
ways been given exceptional status in the United States under the protection of the First
Amendment of the Constitution (see Chapter 8~.
37Grundgesetz fur die Bundesrepublik Deutschland of May 23, 1949 (BGB1. I S. 1) as
amended up to and including Gesetz zur Anderung des Grundgesetzes of July 16, 1998
(BGB1. I S. 1822~.
38Verwaltungsverfahrensgesetz vom 25 Mai 1976 (BGB1. I S.1253), as amended up to and
including Gesetz of August 6, 1998 (BGB1 I 1998, 2022~.
39BGB1. I, 1490.
40Council Directive 90/313 /EEC of 7 June 1990 on the freedom of access to information on
the environment, Official Journal L 158, 23/06/1990, p. 0056-0058. See
66
GLOBAL NETWORKS AND LOCAL VALUES
On the state level, the East German States of Brandenburg and
Mecklenburg-Vorpommern provide a general right of access to informa-
tion in their constitutions. General freedom-of-information acts were also
enacted in Brandenburg and Berlin42 in 1998 and 1999, respectively.
However, comprehensive nationwide or EU-wide legislation on freedom
of information is not yet a reality, although it is becoming a goal. Indeed,
the present coalition government in Germany has expressed its intention
to enact a general freedom-of-information law on the federal level. In
addition, Directorate General 13 of the European Commission has been
working for more than 5 years on the development of a legal regime for
freedom of information, seeking to implement the transparency guaran-
tee of the Maastricht treaty. However, recently published drafts have been
criticized for being too tentative (Box 6.9~.
Second, the impact of global networks is not limited to disseminating
a normative yardstick. A restrictive national policy with respect to free-
dom-of-information principles can be undermined to a certain extent by
use of the Internet. Ironically, this became obvious recently as drafts of
the European Community's freedom-of-information regulation were
leaked and published on the Internet.
Third, and perhaps most important, economic considerations in a glo-
balized world may provide an even stronger motivation for adopting free-
dom-of-information principles in Germany. As the European Com-
mission's "Green Paper on Access to Public Information"43 states,
"Without user-friendly and readily available administrative, legislative,
financial, or other public information, economic actors cannot make fully
informed decisions." Therefore, the Commission notes, "the ready avail-
ability of public information is an absolute prerequisite for the competi-
tiveness of European industry. In this respect, EU companies are at a
serious competitive disadvantage compared to their American counter-
of exemptions that specify environmental information that can be withheld from the public.
Specifically, it may be withheld if the release of the information affects the "confidentiality
of the proceedings of public authorities, international relations and national defence; public
security; matters which are, or have been, sub judice, or under inquiry (including disciplin-
ary inquiries), or which are the subject of preliminary investigation proceedings; commer-
cial and industrial confidentiality, including intellectual property; the confidentiality of per-
sonal data and/or files; material supplied by a third party without that party being under a
legal obligation to do so; material the disclosure of which would make it more likely that the
environment to which such material related would be damaged." In addition, requests for
information may be refused "where it would involve the supply of unfinished documents or
data or internal communications, or where the request is manifestly unreasonable or formu-
lated in too general a manner."
4iAkteneinsichts- und Informationszugangsgesetz (AIG) vom 10. Marz 1998 (GVB1. I S. 46~.
42Berliner Informationsfreiheitsgesetz vom 15. Oktober 1999 (GVB1. I, S.561~.
43COM (1998) 585 final.
PRIVACY AND FREEDOM OF INFORMATION
167
parts, which benefit from a highly developed, efficient public-informa-
tion system at all levels of the administration." In addition, public-sector
information may itself be a vehicle for economic growth, as the public
sector is the biggest single producer of information in areas such as legis-
lation, statistics, culture, finance, geography, transport, and research. Box
6.10 provides more discussion.
Because nations can determine their own FOI policies that are, in their
essence, nonoverlapping, there is no particular need for international
harmonization of freedom-of-information laws. It is important, how-
68
GLOBAL NETWORKS AND LOCAL VALUES
ever, to ensure that international treaties do not hamper national free-
dom-of-information policies. A case in point is internationally harmo-
nized copyright law. So far, the pertinent international rules are silent
with respect to copyrighting governmental information; neither the
TRIPs agreements under the WTO treaty,44 the Berne treaty,45 nor the
44The TRIPS Agreement (Agreement on Trade-Related Aspects of Intellectual Property
Rights) is Annex 1C of the Marrakesh Agreement Establishing the World Trade Organiza-
tion signed in Morocco on 15 April 1994. It is available online at
PRIVACY AND FREEDOM OF INFORMATION
169
World Intellectual Property Organization (WIPO) conventions46 deal
with the issue. If they were extended to such information, the potential
for conflict between treaty obligation and FOI for government data would
be obvious.
NOTE ADDED IN PROOF
In the wake of the horrific events in New York City and Washington,
D.C., on September 11, 2001, the "Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terror-
ism" (USA PATRIOT) Act was enacted into law (P.L. 107-56~. Reflecting
congressional concern that the legislative tools available to law enforce-
ment were inadequate in an advanced-technology environment in which
terrorists can freely travel and operate relatively free of the constraints
imposed by national borders, the act expanded government authority to
monitor Internet traffic, to compel disclosure of information contained in
public and private records if approved by the judicial branch, and to share
information collected in grand jury investigations with "any Federal law
enforcement, intelligence, protective, immigration, national defense, or
national security official in order to assist the official receiving that infor-
mation in the performance of his official duties."47 This legislation has
implications for privacy interests of individuals vis a vis government, and
a number of public interest groups have strongly criticized this legislation
for weakening protection for these interests.48
In addition, in the freedom of information domain, the Bush adminis-
tration has promulgated a policy that "discretionary decision by [a federal]
agency to disclose information protected under the FOIA should be made
only after full and deliberate consideration of the institutional, commercial,
and personal privacy interests that could be implicated by disclosure of the
information.... When [an agency] carefully considers FOIA requests and
deciders] to withhold records, in whole or in part, [it] can be assured that
the Department of Justice will defend [its] decisions unless they lack a sound
legal basis or present an unwarranted risk of adverse impact on the ability
of other agencies to protect other important records."49
46WIPO Copyright Treaty adopted by the Diplomatic Conference on certain copyright
and neighboring rights questions, Geneva, on December 20, 1996 and WIPO Performances
and Phonograms Treaty adopted by the Diplomatic Conference on December 20, 1996.
Available online at .
47See .
48See, for example and
