Privacy Decisionmaking in Administrative Agencies

33 Pages Posted: 13 Mar 2008

See all articles by Kenneth A. Bamberger

Kenneth A. Bamberger

University of California, Berkeley - School of Law

Deirdre K. Mulligan

University of California, Berkeley - School of Information


Administrative agencies increasingly rely on technology to achieve substantive goals. Often this technology is employed to collect, exchange, manipulate and store personally identifiable information, raising serious concerns about the erosion of personal privacy. Congress has recognized this problem. In the E-Government Act of 2002, it required administrative agencies to conduct privacy impact assessments (PIAs) when developing or procuring technology systems that handle personal information. Despite this new requirement, however, agency adherence to privacy mandates is highly inconsistent.

In this paper, we ask why. We first explore why both process requirements and traditional means of political oversight are often weak tools for ensuring that policy reflects privacy commitments. We then consider what factors might, by contrast, promote agency consideration of privacy concerns.

Specifically, we compare decisions by two federal agencies - the Department of State and the Department of Homeland Security - to use RFID technology, which allows a wireless-access data chip to be attached to or inserted into a product, animal, or person. These two cases suggest the importance of internal agency structure, culture, and personnel, as well as alternative forms of external oversight, interest group engagement, and professional expertise, as important mechanisms for ensuring bureaucratic accountability to the secondary privacy mandate imposed by Congress.

The analysis speaks to debates in both public administration and privacy protection. It implicates disputes over the efficacy of external controls on bureaucracy, and the less-developed literature on opening the black box of administrative decisionmaking. It further offers insight into pre-conditions necessary to advance privacy commitments in the face of social and bureaucratic pressure to manage risk by collecting information about individuals. Finally, it offers specific proposals for policy reform intended to promote agency accountability to privacy goals.

Keywords: Privacy, Administrative Law, Regulation, Decisionmaking, Accountability, Department of Homeland Security, Department of State, Administrative Agencies, Technology, RFID, Privacy Impact Assessment, PIA, E-Government Act, e-Passport, US-VISIT

JEL Classification: K2, K20, K23, D7, D73, D78, H5

Suggested Citation

Bamberger, Kenneth A. and Mulligan, Deirdre K., Privacy Decisionmaking in Administrative Agencies. University of Chicago Law Review, Vol. 75, No. 1, p. 75, 2008, UC Berkeley Public Law Research Paper No. 1104728, Available at SSRN:

Kenneth A. Bamberger (Contact Author)

University of California, Berkeley - School of Law ( email )

Boalt Hall NA446
Berkeley, CA 94720-7200
United States
(510) 643-6218 (Phone)


Deirdre K. Mulligan

University of California, Berkeley - School of Information ( email )

102 South Hall
Berkeley, CA 94720-4600
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Abstract Views
PlumX Metrics