The Privacy Act of 1974: The American Bill of Rights on Data and Its Unfinished Business

Authors

  • Dongsheng Zang

DOI:

https://doi.org/10.5195/lawreview.2024.1051

Abstract

In the midst of the artificial intelligence (“AI”) revolution and the debates around it in 2023, this Article proposes to revisit the history of the Privacy Act of 1974, a federal statute that attempted to revolutionize the notion of privacy in response to automated data processing in the computer age. By recognizing that an individual should have the right to control data about herself, the 1974 Act went beyond the Warren-Brandeis framework of privacy based on tort law—the 1974 Act was essentially an American Bill of Rights on data.

The Article first tracks the conceptual development of this new idea of privacy by looking into congressional hearings and broad literature in the 1960s and early 1970s when the computer was introduced in federal government agencies. It describes the process from a theory of scholars and activists such as Alan Westin, to a consensus and policy position largely formed around the year 1971. Based on this central thesis, a “code of fair information practice” laid out five fundamental principles (openness, individual access, collection limitation, use and disclosure limitation, and information management) as the foundation for the 1974 Act. The Article then tracks privacy litigation subsequent to the 1974 Act. Here the Article demonstrates that in the decades after its enactment, the Act was substantially undercut in federal courts as the latter insisted on the old-fashioned tort law theory in interpreting the Act. Today, the Privacy Act of 1974 largely falls to oblivion—it is barely mentioned in the current debates on AI regulation.

The Article argues that the 1974 Act is an unfinished business not only because of its unfulfilled promises. While struggling at home, the ideas behind the 1974 Act were more successful abroad. This Article shows that the American congressional hearings and ideas behind the 1974 Act stimulated and facilitated first-generation data protection laws across the Atlantic during the 1970s. That central thesis has gained constitutional status in courts in Germany, India, South Korea and Taiwan, through the doctrine of informational self-determination. In the wake of the AI revolution, what we need is to learn from and strengthen the 1974 Act. What we need today is to finish what was left in 1974, and to develop a real American Bill of Rights on data.

Downloads

Published

2024-12-05

How to Cite

Zang, Dongsheng. 2024. “The Privacy Act of 1974: The American Bill of Rights on Data and Its Unfinished Business”. University of Pittsburgh Law Review 86 (1). https://doi.org/10.5195/lawreview.2024.1051.

Issue

Vol. 86 No. 1 (2024): Print Edition

Section

Articles

License

Copyright (c) 2024 Dongsheng Zang

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.


Authors who publish with this journal agree to the following terms:

    1. The Author retains copyright in the Work, where the term “Work” shall include all digital objects that may result in subsequent electronic publication or distribution.

    2. Upon acceptance of the Work, the author shall grant to the Publisher the right of first publication of the Work.

    3. The Author shall grant to the Publisher and its agents the nonexclusive perpetual right and license to publish, archive, and make accessible the Work in whole or in part in all forms of media now or hereafter known under a Creative Commons 4.0 License (Attribution-Noncommercial-No Derivative Works), or its equivalent, which, for the avoidance of doubt, allows others to copy, distribute, and transmit the Work under the following conditions:
      1. Attribution—other users must attribute the Work in the manner specified by the author as indicated on the journal Web site;
      2. Noncommercial—other users (including Publisher) may not use this Work for commercial purposes;
      3. No Derivative Works—other users (including Publisher) may not alter, transform, or build upon this Work,with the understanding that any of the above conditions can be waived with permission from the Author and that where the Work or any of its elements is in the public domain under applicable law, that status is in no way affected by the license.

    4. The Author is able to enter into separate, additional contractual arrangements for the nonexclusive distribution of the journal's published version of the Work (e.g., post it to an institutional repository or publish it in a book), as long as there is provided in the document an acknowledgement of its initial publication in this journal.

    5. Authors are permitted and encouraged to post online a pre-publication manuscript (but not the Publisher’s final formatted PDF version of the Work) in institutional repositories or on their Websites prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work. Any such posting made before acceptance and publication of the Work shall be updated upon publication to include a reference to the Publisher-assigned DOI (Digital Object Identifier) and a link to the online abstract for the final published Work in the Journal.

    6. Upon Publisher’s request, the Author agrees to furnish promptly to Publisher, at the Author’s own expense, written evidence of the permissions, licenses, and consents for use of third-party material included within the Work, except as determined by Publisher to be covered by the principles of Fair Use.

    7. The Author represents and warrants that:

      1. the Work is the Author’s original work;
      2. the Author has not transferred, and will not transfer, exclusive rights in the Work to any third party;
      3. the Work is not pending review or under consideration by another publisher;
      4. the Work has not previously been published;
      5. the Work contains no misrepresentation or infringement of the Work or property of other authors or third parties; and
      6. the Work contains no libel, invasion of privacy, or other unlawful matter.
         
    8. The Author agrees to indemnify and hold Publisher harmless from Author’s breach of the representations and warranties contained in Paragraph 6 above, as well as any claim or proceeding relating to Publisher’s use and publication of any content contained in the Work, including third-party content.