By living in the United States, we are blessed with many freedoms such as freedom of speech, freedom of press, and freedom of information. But what exactly is “freedom of information” and how can it really exist with all the current regulations guarding the release of such information?
The Freedom of Information Act (FOI), is a federal freedom of information law, signed by President Lyndon B Johnsen in 1966, requiring the full or partial disclosure of previously unreleased information and documents controlled by the United States government upon request.
So can a federal law requiring the release of information upon request coexist with the recent Data Protection Act (DPA) and laws meant to protect our “digital privacy”?
5 Ways the Freedom of Information Act and the Data Privacy Act Coexist
1. The concepts of “data privacy” and “privacy” are different
The Data Privacy Act (DPA) may not have explicitly defined the terms “data privacy” or “privacy”. Although, we must know that these are two different concepts that function with two distinctive purposes.
“Data privacy” refers to the personal information of individuals, who are mentioned in the law as a “data subject”. These “data subjects” are provided certain rights in respects to the processing of their personal information as well as the security of personal information being processed and accountability for the transfer of information.
“Privacy” as a single concept is not so articulately defined in our laws. Although, in the Bill of Rights “privacy” is stated to be the right of individuals or citizens to be secure in their persons, houses, papers and effects against any unreasonable searches and seizures of whatever nature and for any purpose.
This means is that the “privacy” in the Freedom of Information Act (FOI) operates under different rules and is not necessarily affected by the stipulations of the Data Privacy Act.
As a “data subject” under the DPA, what we should be attentive of is the actual processing of our personal information. Processing is described as any operation or set of operations performed upon personal information including, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.
That being said, the act of processing personal information is different from the giving of public access to information in the matter of public interest. Therefore, the act of providing public access to information is not considered the same as “processing” of personal information as intended by FOI and DPA.
Besides, the disclosure and public access in the matter of public interest, is part of the Bill of Rights, as “the right of the people to information on matters of public concern”.
As the rights to public information are stemming from the American Constitution, they cannot just be reversed by the notion of “processing” of personal information provided for by the DPA. In other words, a law simply cannot be made to triumph over a provision of the Constitution.
3. Personal Information in the Data Protection Act does not Include Investigation into Public Officials
There may be certain types of sensitive personal information whose processing is prohibited apart from certain exceptions provided by the law. Looking at what may be considered as prohibited sensitive personal information, refers to any proceeding for any offense committed or alleged to have been committed by a public official.
That means is that if there’s any alleged wrongdoing by a public official, the public official cannot simply claim they have “sensitive information” that cannot be disclosed because there has to be court proceedings first where sensitive personal information may be involved.
4. The Data Privacy Act does not Protect the acts of Public Officials under their Job Function
Information about any individual who is or was an officer or employee of a government institution is outside of the scope of the law. Any such information about the acts of the public official on how he or she has performed his or her functions are not covered by the rights to data privacy.
This means is that the DPA cannot be used to deny access to the information being requested, since the DPA has nothing to do with information. Instead, it is the rules of the FOI that will deal with how this non-disclosure or disclosure of the public official’s personal information will be carried out.
5. Violating Rights to Privacy can Create Civil Liabilities in the FOI, but not the DPA.
The FOI creates liability for damages by any public officer, employee, or private citizen, who obstructs, defeats, violates, or impairs the constitutional rights to be secure in one’s person, house, papers and effects against unreasonable searches and seizures.
What this means is that the public official, whose right to privacy is protected, can sue anyone for damages, who may interfere with the public official’s right to privacy, but not the data privacy referred to in the DPA.
This right to sue for damages for violation of constitutional rights is a broad one, which is different from the right to restitution. Restitution, refers to the restoration of the thing itself, which means a rectification of any error in the processing of personal information by the data subject and nothing else.
At first glance, the right to privacy may defeat the public’s right to information on matters of public concern but this must be distinguished with the right to data privacy which operates under rules provided by the Data Privacy Act (DPA).
The DPA and the FOI do not outrightly clash, but the application of rules in both of the laws may need to be refined and consistent to fully carry out the public’s right to information on matters of public concern.