The Biden administration introduced an executive order aimed at safeguarding American personal data by restricting its transfer to countries like China and Russia due to national security concerns.
This order targets bulk transfers of Americans’ geolocation, biometric, health, and financial information by data brokers to specific “countries of concern,” including Iran, North Korea, Cuba, and Venezuela.
Officials highlighted China and Russia’s exploitation of American sensitive data obtained through data brokers for malicious cyber activities, espionage, and blackmail. They emphasized the legal gap in the U.S. national security toolkit allowing such transactions.
The executive order seeks to address this gap by banning transactions with data brokers knowingly transferring information to these designated countries. It also prohibits the transfer of any volume of data on U.S. government personnel to these nations.
However, exemptions are made for certain types of data, such as corporate payroll and compliance information.
Congress is also considering legislation to prevent federal agencies from engaging with Chinese companies like BGI Group and Wuxi APPTEC to safeguard American genetic and health data. This move reflects ongoing efforts to curb China’s access to sensitive American information.
The order directs the Department of Justice to solicit industry feedback on proposed regulations before implementation. Certain transactions, including cloud services and employment agreements, may still be permitted under stringent security requirements like encryption and anonymization.
The White House emphasizes the increasing collection of Americans’ data by companies, often resold through data brokers and potentially transferred to foreign entities. The aim is to mitigate risks posed by the unrestricted flow of personal data, ensuring greater protection for American citizens and national security interests.