President Biden Signs Executive Order to Protect Americans’ Personal Data from Foreign Adversaries
In a move to safeguard Americans’ personal data from foreign adversaries like China and Russia, President Joe Biden has signed an executive order. The order aims to protect personal data ranging from biometrics and health records to finances and geolocation. The objective is to prevent the large-scale transfer of Americans’ personal data to countries of concern without impeding legitimate commerce around data.
The executive order grants the Department of Justice and other federal agencies the authority to take necessary steps to prevent the improper collection of sensitive data by foreign entities or foreign-controlled companies operating in the United States. The administration is particularly concerned about commercial data brokers, which are legal entities in the U.S. that collect and categorize personal information for various purposes, including building profiles on millions of Americans.
While activities like computer hacking are already prohibited in the U.S., the purchase of potentially sensitive data through brokers remains legal. This poses a significant gap in national security protections, as the data can end up in the hands of adversaries. The White House emphasizes that this data can be used for intrusive surveillance, scams, blackmail, and other privacy violations.
To address these concerns, the executive order directs the Department of Justice to establish regulations that protect Americans’ sensitive personal data and sensitive government-related data. This includes geolocation information on sensitive government sites and members of the military. The Department of Justice will also collaborate with Homeland Security officials to develop safety standards that prevent foreign adversaries from collecting data.
The order also aims to ensure that federal grants provided to various agencies, such as the departments of Defense and Veterans Affairs, do not facilitate the flow of Americans’ sensitive data to foreign adversaries or U.S. companies aligned with them. The administration specifically highlights countries like China, Russia, North Korea, Iran, Cuba, and Venezuela as sources of concern.
While China has been a focal point of discussions regarding trafficking sensitive data, the executive order does not single out any specific company. The White House press secretary, Karine Jean-Pierre, acknowledges concerns about TikTok, a popular social media platform with over 150 million American users, which is owned by Chinese technology firm ByteDance Ltd. However, she clarifies that the executive order applies to all entities and is not limited to a particular company.
The senior administration officials emphasize that the executive action is intended to complement legislative action. However, several bills seeking federal privacy protections have failed to advance in Congress. The White House hopes that Congress will also implement new protections but has not provided details on what those protections might entail or when they could be approved.
Critics argue that the executive order fails to address the core issue of Americans’ exposure to extensive data collection by both industry and government. They highlight the absence of a federal privacy law and argue that the order does little to meet the real privacy needs of most Americans. According to Albert Fox Cahn, executive director of the nonprofit Surveillance Technology Oversight Project, the order conflates surveillance capitalism with foreign surveillance and overlooks the domestic industry’s impact on privacy and civil rights.
Despite these criticisms, privacy researcher Wolfie Christl views the executive order as a positive first step. Christl believes that it may compel data-collection and trafficking companies to reconsider their practices to ensure compliance. However, he also acknowledges that the order leaves many other privacy issues unaddressed.
In conclusion, President Biden’s executive order seeks to protect Americans’ personal data from foreign adversaries by preventing the large-scale transfer of sensitive information. While it targets commercial data brokers and aims to establish regulations for data protection, critics argue that it fails to address broader privacy concerns and the absence of a federal privacy law. The order serves as a starting point for addressing national security issues related to data collection but leaves room for further action and legislation.