U.S. Congress Passes The Judicial Redress Act, But Does It Provide Effective Redress?

Author:Ms Cynthia O'Donoghue, Daniel Kadar, Kate Brimsted, Thomas Fischl, Philip Thomas, Katalina Bateman, Doretta Frangaki, Caroline Gouraud, Chantelle A. Taylor and Tom C. Evans
Profession:Reed Smith


In an uncharacteristically swift move, the United States Congress passed the Judicial Redress Act ("Act") on 20 October 2015. The Act proposes to extend safeguards implemented under the Privacy Act 1974, and, if brought into force, would allow non-U.S. citizens to bring civil actions against United States agencies in certain circumstances. To become law, the Act must now be passed by the Senate and signed by the president.

Scope of the right

At first glance, the Act appears to create a significant new right for non-U.S. citizens to bring actions against United States agencies and to obtain civil remedies arising out of the use of personal information. However, on closer reading, important distinctions emerge between the right created by the Act and the rights granted to United States citizens under the Privacy Act of 1974. The key limitations of the right created by the Act are that:

Actions may only be brought by natural persons residing in a "covered country". A country or regional economic integration organization (for example, the European Union) may only become "covered" by designation of the attorney general, with the concurrence of the secretary of state, the secretary of the treasury and the secretary of homeland security. One of two things must occur for the designation to be made: (i) the country or regional organization concerned must have entered into an agreement with the United States that provides for appropriate privacy protections for information shared for the purposes of preventing, investigating, detecting or prosecuting criminal offenses; or (ii) the attorney general must determine that the country has effectively shared information with the United States for the above purposes. There are two legal grounds on which an action can be brought, but the categories of agencies against which these actions can be brought differ. The first action may be brought against "agencies", such as the FBI or NSA, only where an agency has "intentionally or wilfully disclosed" an individual's personal information to a person or agency without that individual's consent. This prohibition on disclosure is, however, subject to several exceptions, including where disclosure is to another agency "for criminal law enforcement activity where the activity is authorised by law". The second action may be brought where an agency fails to amend a record or refuses to provide access to a record, and may only be brought against a...

To continue reading