Systematic Government Access Project

In 2011, The Privacy Projects (TPP) launched an ambitious initiative to (1) illuminate the expansion of government demands for systematic access to digital data held in the private sector in key countries in North America, Europe, and Asia; (2) survey the current legal constraints on that access; and (3) invite stakeholders from key providers and users of electronic data transmission and storage services to come together to discuss the challenge and strategies for addressing it. The goal of the project is to raise awareness about the issue among key industry stakeholders and to begin the process of developing strategies for responding to it.

Government access to private-sector data is not a new issue; it has long been addressed in the United States and other countries, especially in the context of the privacy issues it raises. What we understand to be distinctive about the TPP initiative is that it addresses systematic government access to such data and that it focuses more on the business-to-business issues, rather than consumer issues, raised by such access. This project launched in 2011 and has been ongoing in various phases since then. Since then, the team that TPP assembled has been remarkably productive:

  • 13 country reports by leading experts. Nine have already been published in the Oxford International Data Protection Law (IDPL) journal, and the other four are due out soon.
  • An overview and other papers from Phase I, also published in IDPL in November 2012.
  • 5 roundtables – Washington in April 2012; London in June 2013; Brussels in November 2013; Montreal in May 2014; and, London in May of 2014 – bringing together companies (both US-based and Europe-based), academics, and civil society (plus, in Brussels, DPAs and EU representatives).
  • A Phase II comparative study. 
  • Comparative charts and website presenting the results of the Phase I and II research.
  • Press and blogsphere

TPP’s work in this area has been ongoing and the project has identified several themes, which have become immensely more salient with the Snowden leaks:

  • Systematic access demands do appear to be growing, although the recent disclosures make it clear that governments are not only demanding stored data in bulk but also are tapping into cables to collect or filter large swaths of data as it moves over the Internet.
  • There is a profound lack of transparency about countries’ laws and practices. Relevant laws are at best vague, and government interpretations of them are often hidden, especially in the national security realm.
  • In particular, published laws and policies do not expressly address the unique challenges of bulk collection.
  • Plummeting data storage costs and enhanced analytical capabilities spur governments’ appetites to collect more and more data.
  • As Internet-based services have become globalized, surveillance has become trans-border, posing increased legal and reputational risks to businesses operating globally.