WASHINGTON, Feb. 28, 2017 — The American Civil Liberties Union pushed back today against a little-noticed policy change in last month’s immigration executive order that stripped away decades-old privacy safeguards for foreigners and immigrants in the United States.
The January 25 executive order excluded all noncitizens — except green card holders — from receiving the protections of the Privacy Act of 1974, which limits the government’s sharing of personal information without permission. The policy shift could let the Trump administration release the names and private information of refugees, college students, tourists, people in the U.S. on work visas, and others. The new policy could also make it easier for Immigration and Customs Enforcement to obtain information from other agencies that can be used to detain or deport people.
Based on recent implementation memos, it appears that some federal agencies intend to put the policy change into effect in a way that violates existing law by failing to follow procedures required by federal statutes.
In response, the ACLU sent a letter today to the White House counsel’s office and all federal agencies urging them to halt any plans they have to implement this section of the executive order.
“This policy change is flawed, unwise, and will needlessly strip away the rights of millions of people,” said Neema Singh Guliani, ACLU legislative counsel.
The ACLU is also sending today a joint letter with Human Rights Watch to European Union officials, warning them that the new policy undermines U.S.-EU agreements on data sharing for law enforcement and commercial purposes because the U.S. would no longer be able to guarantee protections for European citizens’ private information.
“The U.S. government promised it would protect Europeans’ personal data as a condition of key cooperation agreements, but those agreements may be in jeopardy if the Trump administration goes forward with its plans,” Guliani added.
A wide range of personal information collected by the federal government about noncitizens could be vulnerable to disclosure. For example, people who submit immigration applications for student visa or fiancé visas could have their private information — including home addresses — shared publicly, threatening their safety. Immigrant workers who report violations of workplace laws to the Department of Labor could have their information more easily disclosed to hostile employers or immigration enforcement officials. The same could happen to refugees who have been resettled in the U.S.
As a matter of longstanding policy followed by administrations of both parties, many federal agencies have provided certain Privacy Act protections to databases that are “mixed.” These databases contain the information of immigrants and visitors to the United States as well as that of citizens and green card holders — latter two categories being explicitly protected by the Privacy Act. These Privacy Act protections include limits, subject to exceptions, on the sharing of personal information without consent; the right of people to access their own agency records; and the right to request corrections to records.
The Bush-era Department of Homeland Security recognized that applying privacy protections across-the-board advanced its goals of promoting data integrity, reducing inaccuracies, enhancing information sharing with foreign allies, and building trust in the traveling public.
Changing this longstanding policy could also cost taxpayers millions of dollars. Federal employees will now have to undertake the huge task of assessing which of the billions of records held in federal databases are entitled to Privacy Act protections. This is incredibly complex. Not only because a person’s immigration status may not be apparent from the record itself, but also because status can shift over time — as when someone becomes a green card holder. If the government makes any errors, U.S. citizens and green card holders will unlawfully be denied their rights guaranteed under the Privacy Act.
Federal agencies would also have to make sure that any record does not contain information about someone from the European Union or other designated countries that are entitled to privacy protections as a result of the Judicial Redress Act, which was passed by Congress last year and was a precondition of the U.S.-E.U. “Umbrella Agreement.” The international compact, along with the Privacy Shield, enables the sharing of personal data for law enforcement and commercial purposes, respectively.
Today’s ACLU letter to the White House counsel and all federal agencies is here:
Today’s ACLU-Human Rights Watch letter to EU officials is here: