Trump Is Paving the Way for Erosion of Immigrants’ Privacy Rights

Under Trump’s January 25 executive order, noncitizens who are not green card holders can be subjected to having their names and personal information released and shared without their knowledge or consent.

In a statement to Rewire, a DHS representative said the department is reviewing its privacy policies and relevant laws to "determine how to implement the directive in the President’s executive order." Scott Olson/Getty Images

Largely overlooked in President Donald Trump’s January 25 executive order to “enhance public safety” in the United States was a policy change effectively stripping foreigners and undocumented immigrants of privacy safeguards.

“Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act [of 1974] regarding personally identifiable information,” section 14 of the executive order reads.

American Civil Liberties Union (ACLU) attorney Esha Bhandari told Rewire in a phone interview that she can’t think of “a single good reason” the administration has chosen to target undocumented immigrants in this particular way.

“I haven’t seen any argument being made for any government problem this is attempting to solve,” the attorney said.

For weeks leading up to Trump’s inauguration, advocates raised concerns about the information to which his administration would have access—everything from the biometrics of Deferred Action for Childhood Arrivals (DACA) recipients to flawed state gang databases that seem to act as a dragnet for people of color and undocumented immigrants in particular. Much of the efforts to dismantle these state databases before Trump took office were unsuccessful. And now, with this latest move, advocates say their fears are being realized.

The Privacy Act of 1974 limited the government’s ability to publicly share personal information without permission. With the advent of computers, the law sought to address concerns about how the use of computerized databases could affect privacy rights. In other words, the Privacy Act was the government’s attempt to strike a balance between its right to maintain information on individuals and the individual’s right to have their privacy protected. Initially, undocumented immigrants were not protected under the Privacy Act, but in 2009, the Department of Homeland Security (DHS) updated its policy so that citizens’ and noncitizens’ data were stored in the same system, ensuring an equal level of protection.

But under Trump’s executive order, noncitizens who are not green card holders can be subjected to having their names and personal information released and shared without their knowledge or consent.

Specifically, DHS outlined in an implementation memo on February 20 how the department and its agencies will carry out Trump’s executive order:

The Department will no longer afford Privacy Act rights and protections to persons who are neither U.S. citizens nor lawful permanent residents. The DHS Privacy Office will rescind the DHS Privacy Policy Guidance memorandum, dated January 7, 2009, which implemented the OHS “mixed systems” policy of administratively treating all personal information contained in DHS record systems as being subject to the Privacy Act regardless of the subject’s immigration status. The DHS Privacy Office, with the assistance of the Office of the General Counsel, will develop new guidance specifying the appropriate treatment of personal information DHS maintains in its record systems.

How that guidance will take shape and which immigrant populations will have their private information shared is largely unknown, and that’s what’s most concerning to advocates. 

In a statement to Rewire, a DHS representative said the department is reviewing its privacy policies and relevant laws to “determine how to implement the directive in the President’s executive order.” The representative also said “there are several federal laws that govern the collection and release of personal information” and that the review is “on-going so no new policy decisions have been made.”

During the first weeks of his presidency, Trump said there would be a weekly list published of all the alleged crimes committed by undocumented immigrants. Such a report has yet to be released, but there has been the publication of the Declined Detainer Outcome Report, which outlined all of the jurisdictions that did not honor Immigration and Customs Enforcement (ICE) detainer requests. Trump’s executive order excluding noncitizens from Privacy Act protections could mean that lists featuring the photographs, names, and addresses of undocumented immigrants deemed “criminals” is not out of the realm of possibility.

Considering Trump’s anti-immigrant administration is broadening the definition of “criminal” to include everyone in the country without authorization, this means that any noncitizen could be subject to this erosion of privacy rights.

One Texas-based advocate, who spoke to Rewire on the condition of anonymity, said that sharing sensitive, once-private information across agencies may already be taking place. Government officials deported a man in Texas as part of February’s nationwide immigration sweeps and, according to the deported man’s wife, the only contact they ever had with the state was through paperwork with Child Protective Services (CPS). The man’s wife told the advocate that she is concerned CPS shared their home address with ICE. In an emailed statement to Rewire, Mary Walker, a media specialist with the Texas Department of Family and Protective Services, said that she checked in with local staff and “they are not aware of this situation having come up before.” Advocates have filed a Freedom of Information Act request on behalf of the family to learn more.

Whether or not agencies already have been sharing information, civil liberties advocates take issue with the way DHS moved to put the policy into place. According to the ACLU, the department could be violating oversight statutes. At a minimum, according to a letter the organization sent the White House counsel’s office and all pertinent federal agencies, federal law mandates that there be a 30-day minimum comment period and a “privacy impact assessment” of all systems previously protected by the Privacy Act in order to examine the risks of U.S. and non-U.S. citizens having their information shared in this manner. The government must identify procedures to provide Privacy Act protections to those who’ve recently changed their status to lawful permanent resident or U.S. citizen. DHS also must implement procedures to address constitutional and statutory obligations of the government to limit the collection and dissemination of private information and provide access to agency records.

The agency also must ensure any changes are consistent with United States obligations under existing international agreements. Trump’s order, however, could undermine U.S.-European Union agreements on data sharing for law enforcement and commercial purposes, because the United States can no longer guarantee protections for European citizens’ private information.

“Right now, it’s very unclear how the administration will back the assurances it made when it entered into this agreement with the European Union about how European data would be given certain protections,” Bhandari said. “The executive order gives no indication that there’s even an understanding this agreement exists, and there’s certainly no indication of how this information will continue to be protected.”

Millions at Risk, Including U.S. Citizens

Outside of assisting ICE to carry out mass deportations, this policy could put already vulnerable populations at greater risk. For example, employers whose undocumented employees have filed a complaint with the Department of Labor about workplace violations could access that information, potentially leading to retaliation. And those present in the United States as refugees could have their home addresses and information related to their finances and places of employment disseminated without their consent.

There are also looming concerns for those with U visas, which are visas for victims of crimes (and their immediate family members) who have suffered mental or physical abuse, and have assisted law enforcement and government officials in the investigation or prosecution of the criminal activity. Those with U visas are not green card holders or U.S. citizens, which would mean their information could be disseminated and shared without their consent or knowledge. Trump’s policy change also could violate the confidentiality provisions of the Violence Against Women Act, which limits the dissemination of personally identifying information of noncitizens who have been the victims of violence.

Bhandari told Rewire that people who have been victims of violence obviously have heightened concerns about their information and who has access to it. The “scariest part” about today’s climate, Bhandari said, is that it’s unknown how federal agencies will implement this new policy.

“Will DHS check with the State Department every time it needs to figure out how to treat a particular record?” Bhandari said. “The sheer number of employee hours this would require, the cost to the federal government, it’s unfeasible. It’s an implementation nightmare that puts a lot of people at risk.”

There are many federal agencies that have mixed systems of records, containing citizen and noncitizen information, and these agencies have sensitive missions that provide critical services to people, including the Department of State, the Department of Justice, and the Department of Health and Human Services. “These are agencies that protect people’s rights, that contain people’s health and medical information,” Bhandari said. “One clerical error can result in anyone’s information, citizen or noncitizen, being disseminated. What are these agencies going to do to ensure that people can trust them with their data?”

Michele Waslin, senior research and policy analyst at the American Immigration Council, echoed this concern. Waslin said in a phone interview with Rewire that the White House should have “a lot of concerns” regarding privacy and the sharing of information, but this policy shift doesn’t address that.

“There are already errors in databases. The government makes mistakes all the time,” Waslin said. “What if your information is unlawfully shared or shared in a way that puts you in danger? What kind of action could be taken against someone whose name is featured in a document, even if it’s not them? There are more questions than answers.”

There are a number of state and federal databases that collect information on undocumented immigrants, including the Department of Motor Vehicles, which grants driver’s licenses to undocumented immigrants in 12 states and the District of Columbia and has granted ICE access to that information in the past. Advocates have flagged these and other systems—including the previously mentioned gang databases, into which a person can be entered for subjective reasons, like tattoos—as potential vulnerabilities under an anti-immigration government.

Waslin noted that there has always been a firewall between the Internal Revenue Service and immigration officials so that information about taxpayers isn’t used against them for immigration enforcement (because, contrary to popular belief, unauthorized immigrants do pay taxes). If unauthorized immigrants are going to continue paying taxes, which nets local governments $11.74 billion annually, they should get an assurance their personal information won’t be used against them.

While it’s clear immigrants have a lot to fear about this policy shift, U.S. citizens should be concerned too. “We need to consider the reciprocal treatment of Americans’ data when abroad now that this new policy is in place,” the ACLU attorney said.

Authorized immigrants and U.S. citizens also should be concerned about sharing information if they fear that data can be used for other purposes in the future, Waslin said.

There is a push by advocates and civil liberties groups demanding that tech companies hold Trump’s administration accountable and be “even more vigilant in fighting for their users in the courts.” This comes as the U.S. House has moved to revoke broadband privacy rules aimed at blocking internet service providers (ISPs) from using their customers’ browsing history and app habits without their consent for advertising purposes. The effects of loosening privacy regulations are deeply concerning for advocates fighting for vulnerable populations in the United States.

Waslin added that she wants to see all federal agencies fighting to protect this information in equal measure.

After nationwide immigration sweeps that resulted in the detainment of nearly 700 people, some immigrants are refraining from accessing benefits to which their families are legally entitled and not reporting crimes such as rape out of fear of detainment and deportation. Any remaining trust could be lost if the government begins publicly releasing their personal information or sharing it with other agencies without their consent or knowledge.

At a bare minimum, Bhandari said, this policy shift will be hugely expensive and time consuming, relying on a largely inept system that has already been proven to be rife with mistakes and unable to handle processing information in a timely manner.

“This will have a large impact on human rights,” Bhandari said. “The right to privacy does not depend on immigration or citizenship status. This is a critically important, and in some instances, unlawful policy shift that will impact millions of people and there has been no attempt made by the administration to justify it. It’s simply not OK.”