The proposed Judicial Redress Act has recently been touted as a critical step towards developing a revised “Safe Harbor 2.0″ framework. (See our prior posts on Safe Harbor here and here.) This post summarizes the essential provisions of the bill as passed by the House of Representatives and currently pending before the U.S. Senate.
As currently drafted, the Judicial Redress Act extends privacy protections and remedies available under the federal Privacy Act to qualifying non-U.S. individuals. The Privacy Act, enacted in 1974, provides individuals with limited rights to review, copy, and request amendments to records maintained by federal government agencies. Under the Judicial Redress Act, non-U.S. citizens of “covered countries” would have these same rights. “Covered countries” can include both countries and “regional economic integration organization[s].” In addition, under the bill, citizens of “covered countries” can compel federal agency compliance with the Privacy Act via civil action in federal court.
Under the bill, “covered countries” may be designated by the agreement of the Attorney General, Secretary of State, Secretary of Treasury, and Secretary of Homeland Security if:
- the country has “entered into an agreement with the United States that provides for appropriate privacy protections for information shared for the purpose of preventing, investigating, detecting, or prosecuting criminal offenses,” or
- the Attorney General has determined that “the country or economic integration organization, or member country of such organization, has effectively shared information with the U.S.” for law enforcement purposes “and has appropriate privacy protections for such shared information.”
In case of a civil enforcement action brought by a citizen of a “covered country,” federal government agencies retain the same privileges and defenses they would have in a similar action by U.S. citizens. Federal agencies cannot be compelled to disclose classified information under the Judicial Redress Act.
If passed, the Judicial Redress Act is likely to be only one step along the path to a renewed “Safe Harbor 2.0” agreement between U.S. and E.U. regulators. In addition to extending Privacy Act protections, E.U. regulators and privacy activists are likely to expect other demonstrations that E.U. privacy standards can be enforced within the United States.