Over the last month, the Trump administration has waged a war on the rights of immigrants and foreigners — including by issuing a policy that strips away basic privacy protections that have been provided by Democratic and Republican presidents for decades.
This policy shift was tucked into Trump’s immigration enforcement executive order released on January 25. It could let the Trump administration release the names and private information of non-U.S. citizens — including refugees, college students, tourists, and people here on work visas. The new policy could also make it easier for Immigration and Customs Enforcement to obtain information from other agencies that can be used to detain or deport people.
What the executive order did was exclude all of these people from receiving the protections of the Privacy Act of 1974, which limits the government’s sharing of personal information without permission. Based on recent implementation memos, it appears that some federal agencies intend to put this policy change into effect in a way that violates existing law. That is why the ACLU is sending a letter to every federal agency calling on them to halt any plans they have to implement the order.
We are also — along with Human Rights Watch — writing to European Union officials to warn them that this new policy undermines U.S.-E.U. agreements on data sharing for law enforcement and commercial purposes because the U.S. would no longer be able to guarantee protections for European citizens’ private information.
Practically speaking, what could this policy lead to?
There are all kinds of personal information about noncitizens that the federal government collects that could be vulnerable to disclosure. Those who submit immigration applications, such as applications for student or fiancé visas, could have their personal information — including home addresses — shared publicly, threatening their safety. Immigrant workers who report violations of workplace laws to the Department of Labor could have their information more easily disclosed to hostile employers or immigration enforcement officials. The same could happen to refugees who have been resettled in the United States.
As a matter of longstanding policy many federal agencies provided certain Privacy Act protections to databases that are “mixed.” These databases contain the information of immigrants and visitors to the United States as well as that of citizens and green card holders — latter two categories being explicitly protected by the Privacy Act. These Privacy Act protections include limits, subject to exceptions, on the sharing of personal information without consent; the right to access your own agency records; and the right to request corrections to your records.
The Bush-era Department of Homeland Security recognized that applying privacy protections across-the-board in fact advanced its goals of promoting data integrity, reducing inaccuracies, enhancing information sharing with foreign allies, and building trust in the traveling public.
Changing this longstanding policy could also cost taxpayers millions of dollars. Federal employees will now have to undertake the herculean task of assessing which of the billions of records held in federal databases are entitled to Privacy Act protections. This is incredibly complex. Not only because a person’s immigration status may not be apparent from the record itself, but also because status can shift over time — as when someone becomes a green card holder. If the government makes errors, which are bound to happen, U.S. citizens and green card holders will unlawfully be denied their rights guaranteed under the Privacy Act.
That’s not all. Federal agencies would also have to make sure that any record does not contain information about someone from the European Union or other designated countries that are entitled to privacy protections as a result of the Judicial Redress Act, which was passed by Congress last year and was a precondition of the U.S.-E.U. “Umbrella Agreement.” The international compact, along with the Privacy Shield, enables the sharing of personal data for law enforcement and commercial purposes, respectively.
The U.S. government promised it would protect Europeans’ personal data as a condition of these agreements. But both agreements may be in jeopardy if the Trump administration goes forward with its plans.
This policy change is flawed, unwise, and will needlessly strip away the rights of millions. Privacy is a human right that isn’t just for American citizens and permanent residents. If the Trump administration intends to move forward, we will continue to fight the plan and its unlawful implementation.