“Information rights” sounds like one thing. It is two, and they pull in opposite directions. One is the right to see — to demand the records the state holds about how it governs. The other is the right to be unseen — to control the records others hold about you. A healthy information regime needs both, and the two can collide. Voidly now maps each side, and because they share a real key — country — they can be read together.
Two datasets, one rare shared key
Most cross-dataset joins on this site fail on identity — no shared key, only fuzzy name matching. These two are the exception. Right to Information records, per country, whether a statutory right to access government records exists (57 of 61 tracked do). Data Protection records whether a comprehensive personal-data law exists (60 of 61 do). Both are keyed on the country itself, so the join is exact — a clean two-by-two for every nation in both sets.
import requests
# Unlike most federal pipelines, these two datasets share a REAL key: country (iso2).
rti = requests.get("https://ai-analytics.org/rti-laws/index.json", timeout=30).json()
dp = requests.get("https://ai-analytics.org/data-protection/index.json", timeout=30).json()
access = {c["iso2"]: c["hasLaw"] for c in rti["countries"]} # access side
protect = {c["iso2"]: c["hasLaw"] for c in dp["countries"]} # protection side
# Place each country in the two-by-two: (has access law?, has comprehensive privacy law?)
for iso, a in access.items():
p = protect.get(iso)
if p is None: continue
quadrant = ("both" if a == "yes" and p == "comprehensive"
else "access-only" if a == "yes"
else "protect-only" if p == "comprehensive"
else "neither")
print(iso, quadrant)The four quadrants
- Both. A statutory right to government records and a comprehensive privacy law — the mature posture much of the EU, and countries like Uruguay, occupy. The citizen can both inspect the state and shield themselves from it.
- Access-only. Open records but no comprehensive privacy statute. The United States is the marquee case: strong FOIA tradition, but only sectoral privacy law (HIPAA, GLBA) and a state-by-state patchwork.
- Protection-only. A modern data-protection law but a weak or unenforced access right — the citizen is shielded from companies yet cannot easily see the government.
- Neither. No firm right in either direction.
Where the two collide
The interesting cases are not the corners but the friction between them. Strong privacy law is, in practice, sometimes invoked to deny an access request — “we cannot release those records, they contain personal data” — turning a protection right into an opacity tool. The mirror failure is access without protection: open registries that expose individuals' home addresses or health details in the name of transparency. The well-designed regime resolves the tension deliberately — personal-data redaction inside an otherwise-open record — rather than letting one right quietly cancel the other. Mapping both sides together is how you see which countries have struck that balance and which have only one half of it.
Related writing: The US Organ System, in the Government's Own Records — another accountability map built entirely from public records (the OrganWatch dataset).
Related writing: The Voidly Accountability Stack — how these two information-rights datasets sit alongside the other Voidly accountability records, on one shared method.
See also the underlying references: Right to Information and Data Protection.