President Joe Biden on Wednesday is signing an executive order aimed at better protecting Americans’ personal data on everything from biometrics and health records to finances and geolocation from foreign adversaries like China and Russia.
The attorney general and other federal agencies are to prevent the large-scale transfer of Americans’ personal data to what the White House calls “countries of concern,” while erecting safeguards around other activities that can give those countries access to people’s sensitive data.
The goal is to do so without limiting legitimate commerce around data, senior Biden administration officials said on a call with reporters.
Biden’s move targets commercial data brokers, the sometimes shadowy companies that traffic in personal data and that officials say may sell information to foreign adversaries or U.S. entities controlled by those countries.
Most eventual enforcement mechanisms still have to clear complicated and often monthslong rulemaking processes. Still, the administration hopes eventually to limit foreign entities, as well as foreign-controlled companies operating in the U.S., that might otherwise improperly collect sensitive data, the senior officials said.
Data brokers are legal in the U.S. and collect and categorize personal information, usually to build profiles on millions of Americans that the brokers then rent or sell.
The officials said activities like computer hacking are already prohibited in the U.S., but that buying potentially sensitive data through brokers is legal. That can represent a key gap in the nation’s national security protections when data is sold to a broker knowing it could end up in the hands of an adversary — one the administration now aims to close with the president’s executive action.
“Bad actors can use this data to track Americans, including military service members, pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services,” the White House wrote in a fact sheet announcing the move. “This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy.”
The order directs the Department of Justice to issue regulations that establish protections for Americans’ sensitive personal data, as well as sensitive government-related data — including geolocation information on sensitive government sites and members of the military.
The Justice Department also plans to work with Homeland Security officials to build safety standards to prevent foreign adversaries from collecting data. It will further attempt better checks to ensure that federal grants going to various other agencies, including the departments of Defense and Veterans Affairs, aren’t used to facilitate Americans’ sensitive data flowing to foreign adversaries or U.S. companies aligned with them.
The senior administration officials listed potential countries of concern as China, Russia, North Korea, Iran, Cuba and Venezuela. But it is China — and TikTok, which has over 150 million American users and is a wholly owned subsidiary of Chinese technology firm ByteDance Ltd. — that U.S. leaders have been most vocal about.
Rep. Mike Gallagher, a Wisconsin Republican who chairs the House Select Committee on the Chinese Communist Party, recently noted, “There’s no such thing as a private business in China.”
The senior administration officials stressed that the executive action was designed to work in conjunction with legislative action. So far, however, numerous bills seeking to establish federal privacy protections have failed to advance in Congress.
Wednesday’s move follows Biden’s executive order on artificial intelligence last fall that seeks to balance the needs of cutting-edge technology companies with national security and consumer rights.
That sought to steer how AI is developed so that companies can profit without putting public safety in jeopardy, creating early guardrails meant to ensure that AI is trustworthy and helpful, rather than deceptive and destructive.