Judicial Redress Act of 2015

The Judicial Redress Act of 2015, 5 U.S.C. § 552a note, extends certain rights of judicial redress established under the Privacy Act of 1974, 5 U.S.C. § 552a, to citizens of certain foreign countries or regional economic organizations. Specifically, the Judicial Redress Act enables a “covered person” to bring suit in the same manner, to the same extent, and subject to the same limitations, including exemptions and exceptions, as an “individual” (i.e., a U.S. citizen or permanent resident alien) may bring and obtain with respect to the:  1) intentional or willful unlawful disclosure of a covered record under 5 U.S.C. § 552a(g)(1)(D); and 2) improper refusal to grant access to or amendment of a covered record under 5 U.S.C. § 552a(g)(1)(A) & (B). Under the Judicial Redress Act, the access/amendment action may only be brought against a "designated Federal agency or component." Under the Judicial Redress Act, a "covered person" means a natural person (other than an "individual" as defined under the Privacy Act) who is a citizen of a covered country. Additionally, a "covered country" is a country or regional economic integration organization, or member country of such organization, that has been designated by the Attorney General to have met certain protections outlined in Section 2(d)(1) of the Judicial Redress Act. Before designating a covered country, the Attorney General must receive the concurrences of the Secretary of State, the Secretary of the Treasury, and the Secretary of Homeland Security.

Attorney General Designations Related to The U.S.-EU Data Protection and Privacy Agreement

On December 2, 2016, the European Union (the “EU”) undertook the final steps necessary under EU law to approve an executive agreement between the U.S. and the EU (the “Parties”) relating to privacy protections for personal information transferred between the U.S., the EU, and the EU Member States for the prevention, detection, investigation, or prosecution of criminal offenses. The Agreement, commonly known as the Data Protection and Privacy Agreement (the “DPPA”) or the “Umbrella Agreement,” establishes a set of protections that the Parties are to apply to personal information exchanged for the purpose of preventing, detecting, investigating, or prosecuting criminal offenses.  Article 19 of the DPPA establishes an obligation for the Parties to provide, in their domestic law, specific judicial redress rights to each other’s citizens.  The Judicial Redress Act is implementing legislation for Article 19 of the DPPA.

On January 17, 2017, the Attorney General designated 26 countries and one regional economic integration organization as “covered countr[ies],” and four Federal agencies and nine components of other Federal agencies as “designated Federal agenc[ies] or component[s],” to be effective on February 1, 2017, which is the date of entry into force of the DPPA. The Attorney General designations have been published in the Federal Register

Attorney General Order No. 3824-2017, "Judicial Redress Act of 2015; Attorney General Designations," 82 Fed. Reg. 7860 (Jan. 23, 2017)

Covered Countries

The following regional economic integration organization and countries have each been designated by the Attorney General as a “covered country,” effective on February 1, 2017:

  1. European Union;
  2. Austria;
  3. Belgium;
  4. Bulgaria;
  5. Croatia;
  6. Republic of Cyprus;
  7. Czech Republic;
  8. Estonia;
  9. Finland;
  10. France;
  11. Germany;
  12. Greece;
  13. Hungary;
  14. Ireland;
  15. Italy;
  16. Latvia;
  17. Lithuania;
  18. Luxembourg;
  19. Malta;
  20. Netherlands;
  21. Poland;
  22. Portugal;
  23. Romania;
  24. Slovakia;
  25. Slovenia;
  26. Spain; and
  27. Sweden.

With respect to three countries, Denmark, Ireland, and the United Kingdom, Article 27 of the DPPA excludes them from coverage unless the European Commission notifies the United States that Denmark, Ireland, or the United Kingdom has decided that the DPPA applies to its State. The EU has notified the United States that Ireland has agreed that the DPPA applies to it, and Ireland has been accordingly designated as a “covered country.”  With respect to Denmark and the United Kingdom, the Department of Justice intends to move promptly to designate each of those countries as a “covered country” on receiving notice, in accordance with the provisions of Article 27 of the DPPA, that the country has decided that the DPPA applies to it.

Designated Federal Agencies and Components

The following Federal agencies, and all of their respective components, have each been designated by the Attorney General as a “designated Federal agency or component,” effective on February 1, 2017:

  1. United States Department of Justice;
  2. United States Department of Homeland Security;
  3. United States Securities and Exchange Commission; and
  4. United States Commodity Futures Trading Commission.

The following components of a Federal agency have each been designated by the Attorney General as a “designated Federal agency or component,” effective on February 1, 2017:

  1. Bureau of Diplomatic Security, United States Department of State;
  2. Office of the Inspector General, United States Department of State;
  3. Alcohol and Tobacco Tax and Trade Bureau, United States Department of the Treasury;
  4. Financial Crimes Enforcement Network, United States Department of the Treasury;
  5. Internal Revenue Service, Division of Criminal Investigation, United States Department of the Treasury;
  6. Office of Foreign Assets Control, United States Department of the Treasury;
  7. Office of the Inspector General, United States Department of the Treasury;
  8. Office of the Treasury Inspector General for Tax Administration, United States Department of the Treasury; and
  9. Special Inspector General for the Troubled Asset Relief Program, United States Department of the Treasury.
Updated January 26, 2017