Responding to posts by Ben Wittes, Orin Kerr, and David Cole (at Just Security), I would like to take the debate in a somewhat different direction. David makes an argument, based in part on international law, that there is or should be a global right to privacy. This argument might rest (as David notes) in part on the International Covenant on Civil and Political Rights. The Covenant's extraterritorial application has always been contested, however, especially by the United States. The Covenant requires state parties respect and ensure the rights of individuals within the state's territory and subject to its jurisdiction. Although arguably (depending on how you read "and") this langauge includes persons outside the United States who are within U.S. “power” or “effective control,” as concluded by the Human Rights Committee in General Comment 31, it would not appear to provide general protection to people from whom data is collected. For more on this extraterritoriality of the ICCPR see Beth van Schaack’s post here. Even if we assume that the ICCPR applies extraterritorially, it is unclear what privacy obligations it imposes in this context, a concern raised by Ben.
However, from the perspective of international law, there could be another relevant obligation of state actors including Congress and the President: to take into “account” the “interests of foreign stakeholders,” and to provide those foreign stakeholders a voice in relevant decision-making processes. Eyal Benvenisti argues in favor of this and other obligations in the current issue of the American Journal of International Law. The article is here. His argument is based in part on the claim that all people are of equal moral worth and also in part on the increasingly globalized nature of many public policy decisions, which generate a growing “lack of fit between the group that has the right to vote and the group that is affected by the decisions made by, or on behalf of, the first group.” Although Eyal does an admirable job of marshaling evidence, it is far from clear that positive international law currently imposes even these obligations on states. As a matter of law the United States can probably safely ignore this process-based constraint, too.
But should we? True, the immediate benefits of giving a voice to foreign stakeholders, and seriously deliberating about their interests, are hard to quantify. Even if invited to testify before Congress or otherwise share their perspectives, foreign countries might be disappointed (perhaps even more disappointed) with the outcome, even if it were to provide some protections for their interests. As well, the U.S. cannot necessarily expect direct reciprocal benefits. But it is also clear that today privacy issues are global as a simple fact. If the United States is today a leader in terms of technological capability, why not also be a leader in terms of exploring even minimal global standards and obligations? One low-cost way to start that process is to listen to, and deliberate about, the privacy interests of foreign actors and what it would mean and cost to protect them. A process-based obligation in some ways narrows the gap between Ben and David, because the process of consideration and deliberation might help us see and understand what a global privacy right – from which we would all benefit – might entail in specific and concrete terms.