Publication Title

University of Pittsburgh Law Review

Keywords

Privacy Act of 1974, personal privacy, artificial intelligence, artificial intelligence

Document Type

Article

Abstract

In the midst of the artificial intelligence (“AI”) revolution and the debates around it in 2023, this Article proposes to revisit the history of the Privacy Act of 1974, a federal statute that attempted to revolutionize the notion of privacy in response to automated data processing in the computer age. By recognizing that an individual should have the right to control data about herself, the 1974 Act went beyond the Warren-Brandeis framework of privacy based on tort law—the 1974 Act was essentially an American Bill of Rights on data.

The Article first tracks the conceptual development of this new idea of privacy by looking into congressional hearings and broad literature in the 1960s and early 1970s when the computer was introduced in federal government agencies. It describes the process from a theory of scholars and activists such as Alan Westin, to a consensus and policy position largely formed around the year 1971. Based on this central thesis, a “code of fair information practice” laid out five fundamental principles (openness, individual access, collection limitation, use and disclosure limitation, and information management) as the foundation for the 1974 Act. The Article then tracks privacy litigation subsequent to the 1974 Act. Here the Article demonstrates that in the decades after its enactment, the Act was substantially undercut in federal courts as the latter insisted on the old-fashioned tort law theory in interpreting the Act. Today, the Privacy Act of 1974 largely falls to oblivion—it is barely mentioned in the current debates on AI regulation.

The Article argues that the 1974 Act is an unfinished business not only because of its unfulfilled promises. While struggling at home, the ideas behind the 1974 Act were more successful abroad. This Article shows that the American congressional hearings and ideas behind the 1974 Act stimulated and facilitated first-generation data protection laws across the Atlantic during the 1970s. That central thesis has gained constitutional status in courts in Germany, India, South Korea and Taiwan, through the doctrine of informational self-determination. In the wake of the AI revolution, what we need is to learn from and strengthen the 1974 Act. What we need today is to finish what was left in 1974, and to develop a real American Bill of Rights on data.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.