Home » Commentary » Strengthening Title 44 part 3: Privacy

Our mission

Free Government Information (FGI) is a place for initiating dialogue and building consensus among the various players (libraries, government agencies, non-profit organizations, researchers, journalists, etc.) who have a stake in the preservation of and perpetual free access to government information. FGI promotes free government information through collaboration, education, advocacy and research.

Strengthening Title 44 part 3: Privacy

Privacy

This is the third in a series of posts in which we elaborate on the reasons behind our recent recommendations for strengthening Title 44 of the U.S. Code.

We recommend strengthening the language of Title 44 to ensure the protection of the privacy of users of online government information.

Recommendation

Add a privacy provision for govinfo.gov

Add a privacy provision to §4101 (which defines the electronic directory and the system of online access — currently “govinfo.gov”). This provision would prohibit the use of technologies that track user individual-level activity. It would also prohibit GPO from cross-referencing any data gathered from web measurement and customization technologies against personally identifiable information to determine individual-level online activity, and from sharing any user data with other departments or agencies or non-government entities. It would also prohibit the use of third-party web measurement and customization technologies. Text for this section could be drawn from 5 USC 552a and from OMB memorandum M-10-22.

Current Law

Neither Chapter 19 nor Chapter 41 of Title 44 have any privacy provisions.

Some chapters of Title 44 explicitly refer to privacy protections provided in 5 USC 552a “Records maintained on individuals.”

Chapter 35 of Title 44 (“Coordination Of Federal Information Policy”) has a large section of privacy provisions — including agency websites (§3501 “Federal Management and Promotion of Electronic Government Services” popularly known as the “Paperwork Reduction Act”).

Analysis

Our recommendation fills a gap in the current law by adding privacy protections to Chapter 41.

It has become commonplace for websites to track user behavior and for companies to build user profiles based on user browsing across different websites. It is essential to assure the general public that it can search, browse, acquire and use government information without being tracked or profiled. Existing law is designed to allow government agencies to use modern web technologies to customize the behavior of websites while preventing those agencies from tracking indvidual-level activities. Chapter 41, which enables govinfo.gov, does not explicitly cite those privacy protections.

Our recommendation would make it clear that GPO’s online services are covered by existing legislation by incorporating some of the language from 5 USC 552a and OMB’s website privacy guidance memorandum directly into Chapter 41.

Our recommendation would also go further than existing legislation and guidance by prohibiting GPO from using third-party web measurement and customization technologies on govinfo.gov. Such technologies (e.g., Google Analytics) allow third-parties (e.g., Google) to collect information as users browse, search and access information from a website such as govinfo.gov. As far as we can tell, the only third-party customization that GPO currently uses on govinfo.gov is an html5 javascript library from Google. But GPO does still use Google Analytics on the Catalog of Government Publications and on its FDLP website. By adding to Chapter 41 an explicit prohibition of the use of third-party measurement and customization technologies, govinfo.gov would have the strongest privacy protection of any government agency.

Effects

Our recommendation would have several positive effects.

  • It would make user-privacy an integral part of GPO’s online services.
  • Instead of relying on existing laws and guidance, it would explicitly include privacy protections in Chapter 41 so that GPO’s online service would have privacy protections even if other privacy protections in the U.S. Code are weakened.
  • It would go further than existing law by protecting users of GPO services from being tracked by third-party services.

Endnotes

Authors:
James A. Jacobs, University of California San Diego
James R. Jacobs, Stanford University

CC BY-NC-SA 4.0 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.


Leave a comment

Your email address will not be published. Required fields are marked *

Archives

%d bloggers like this: