A new executive order issued by the Biden administration aims to prevent “countries of concern” such as China, Russia, Iran, North Korea, Cuba and Venezuela from accessing sensitive U.S. data.
Although personal, financial, location, and biometric data are frequently accessed in breaches, the executive order focuses instead on the collection of this type of data through legitimate commercial markets. Privacy experts have long raised a variety of concerns about how data brokers broadly access, use, and share information, but the executive order focuses specifically on data sold to certain foreign countries. . According to the White House, concerns arise that sensitive U.S. data could end up in the hands of intelligence agencies, the military, or government-owned companies, which could open the door to a variety of privacy and counterintelligence risks, and that countries may That means you may be able to collect information about or dissidents.
According to an executive order issued on Wednesday, “The executive order provides that the information that Americans ‘s most personal and sensitive information.’ “Malicious actors can use this data to track Americans (including military personnel), peer into their private lives, and pass that data on to other data brokers or foreign intelligence agencies. Data could enable intrusive surveillance, fraud, blackmail, and other privacy violations.”
Currently, limited legal regulations exist to prevent Americans’ personal data from being traded to foreign companies and governments, and lawmakers like Sen. Ron Wyden (D-Ore.) , specifically points out how China captures vast amounts of personal data, including from mobile phones. Phone location, credit card purchases, web browsing history – through the open market. Over the years, various government initiatives have targeted different aspects of foreign data acquisition. That includes a 2018 order from the Committee on Foreign Investment in the United States that prevents U.S.-based companies that hold large amounts of sensitive data on Americans from being sold to foreign companies. The “Protecting Americans’ Data from Foreign Surveillance Act,” which Wyden proposed three years ago, would introduce licensing requirements for foreign companies to trade Americans’ personal information. The focus was on the data itself rather than the companies it owned.
Meanwhile, the executive order aims to leverage the powers of various government agencies to help establish “clear protections” for sensitive data, although details of the scope and scale of these protections are still unclear. is not. Under the executive order, the attorney general is ordered to block large-scale transfers of Americans’ personal data to certain countries, and the Justice Department prohibits transactions in certain types of data that “pose an unacceptable risk.” They are required to enact regulations to to national security. ” This includes sensitive government data, such as location data on sensitive sites and information about military personnel.
The Department of Justice and Homeland Security are also mandated to set “high security standards” to prevent certain countries from accessing Americans’ data through commercial means, and the executive order also states that investment , vendors, and commercial means such as data available through employment relationships. Finally, the Departments of Health and Human Services, the Department of Defense, and the Department of Veterans Affairs will “help ensure that federal grants, contracts, and incentives are not used to facilitate access to sensitive health data of Americans by countries of concern.” We are commanded to “strive to do so.” A company located in the United States. ”
Going forward, as part of its role in the executive order, the Department of Justice will issue a Notice of Proposed Rulemaking publicly explaining the categories of transactions involving large amounts of sensitive personal data and soliciting public comment before the rule goes into effect. He said it was planned. effect.
In a statement, Mr. Wyden praised the White House’s executive order as a necessary crackdown on “shady data brokers,” but said the action should be expanded beyond the “countries of concern” listed.
“I appreciate that this executive order, in some ways, reflects my bipartisan protection of American data from foreign surveillance legislation,” Wyden said. “But the administration’s decision to limit the flow of personal data to a small number of countries of concern, such as China, is a mistake. Both are likely to result in Americans using their personal data, not just to undermine U.S. national security and target U.S.-based dissidents. This is also because the country lacks the effective privacy laws needed to prevent data sales to China. ”
Caitlin Fennessy of the International Association of Privacy Professionals (IAPP) said the big problem is that the executive order “does not build on decades of U.S. support for data flows or a series of targeted privacy protections for sensitive personal data domestically.” The question is whether it should be considered a clear departure from the law.” Responding to specific national security threats. ”
“Given the long-standing difficulties in pursuing broad federal privacy laws, the administration may have viewed this executive order as the only viable alternative to address what it perceived to be an immediate risk. “There is,” Fennessy said. “Privacy experts will now focus on the practical implications of which organizations, data, and transfers are currently involved, what the future holds, and what it will take to comply. You will.”
