President Joe Biden has signed an executive order (EO) to prevent “countries of concern” from acquiring sensitive personal data about Americans through commercial data brokers, in a significant move to protect American interests. This measure aims to stymie the potential for cyberattacks, espionage, and blackmail against the US.
The executive order pinpoints six countries: Russia, North Korea, Iran, and other nation, placing restrictions on transactions involving personal identifiers, precise geolocation information, biometrics, and other categories of sensitive data. A senior administration official highlighted the urgency of this action, noting, “Buying data through data brokers is currently legal in the United States, and that reflects a gap in our national security toolkit that we’re working to fill with this program.”
Regulatory nuances include specific carve-outs to ensure the continued flow of data for business operations and to align with international agreements and commitments to an open internet. Financial transactions, multinational company operations, and certain agreements, such as cloud computing contracts, will be subject to safeguards rather than outright bans.
Enforcement is a significant challenge for the Justice Department, responsible for supervising the implementation of the EO. A senior DOJ official highlighted a strategy based on guidance, advisory opinions, and voluntary compliance, with the goal of establishing clear expectations for companies and promoting strong assurance mechanisms for data use and resale.
However, questions linger about the effectiveness of the EO. As one official put it, “I would not compare the way our government uses data to the way the ‘countries of concern’ are using data.” Critics, like Senator Ron Wyden, argue that the EO does not go far enough, pointing out that “Authoritarian dictatorships like Saudi Arabia and UAE cannot be trusted with Americans’ personal data.” Cybersecurity experts recognize the necessity of a data security program, despite significant hacks in recent years raising doubts about the government’s ability to protect even its own agencies from foreign cyber threats.
This executive order does not aim to substitute for comprehensive privacy legislation, which Congress has had difficulty passing. It provides a partial solution that helps reduce the threat to national security. The White House’s strategy also ensures that the government retains access to data broker information, safeguarding its intelligence-gathering abilities despite privacy worries.
This executive action advances, public commentary, and the rule-making process will shape its contours and address its potential limitations. It is a step forward in the realm of national security, but it is clear that more comprehensive measures are needed to fully safeguard Americans’ sensitive data from global threats.
Relevant articles:
– Biden Bans Rival Nations From Buying Sensitive US Data
– Exploring the White House’s Executive Order to Limit Data Transfers to Foreign Adversaries, CSIS | Center for Strategic and International Studies, Thu, 29 Feb 2024 08:00:00 GMT
– Biden executive order seeks to cut China off from Americans’ sensitive data, CyberScoop, Wed, 28 Feb 2024 08:00:00 GMT
– Experts react: What Biden’s new executive order about Americans’ sensitive data really does, Atlantic Council, Thu, 29 Feb 2024 08:00:00 GMT