Redress, the International Protection of Privacy and National Security and Intelligence Agencies: The Role for an Ombudsperson

Abstract

The term Ombudsman (Ombudsperson) is used in various ways in a wide variety of jurisdictions and organizational settings, but there is no consensus on its definition. The institution of the ombudsperson does not make binding decisions, mandate policies or formally adjudicate issues; it supplements other formal investigative or adjudicative institutions. It is the absence of regulatory power that tends to give the institution its identity. The classical (legislative) ombudsperson responsible for remedying maladministration in an entire jurisdiction is far more common in parliamentary systems than in the U.S., where “executive,” “organizational” or “advocacy” ombudspersons are more typical. The “ombuds” function has always played a central role in the governance of privacy. However, in the context of national security and intelligence, neither ombudspersons nor data protection authorities (DPAs) have played significant roles, to date. The institution of the ombudsperson offers several advantages over judicial forms of redress. However, for any such institution, such as the new ombudsperson established under the EU-US Privacy Shield, some difficult questions of institutional design always need to be resolved on: independence and autonomy; the relationship with other oversight offices; the submission and handling of complaints; powers to force compliance; remedies; and the standards for evaluation and assessment. As these institutions have proliferated, national and international ombudsman associations have promulgated guidelines for the establishment and operation of these offices. These standards offer important international lessons for the effective operation of these offices and the building of trust.