President Biden plans to sign an executive order (EO) today that aims to protect Americans’ sensitive data from “countries of concern,” the White House announced in a Feb. 28 fact sheet.
Wednesday’s EO comes amid Congress’ failure in recent years to pass comprehensive privacy legislation and gives marching orders to several Federal agencies – the Department of Justice (DoJ) chief among them – to prevent the large-scale transfer of Americans’ personal data to specific countries.
The DoJ said today it is contemplating identifying China, Russia, Iran, North Korea, Cuba, and Venezuela as the six countries of concern under this new program.
The new EO, which the administration dubbed as the “most significant executive action any President has ever taken to protect Americans’ data security,” focuses on Americans’ most personal and sensitive information. Those include genomic data, biometric data, personal health data, geolocation data, financial data, and certain kinds of personally identifiable information.
“Bad actors can use this data to track Americans (including military service members), pry into their personal lives, and pass that data on to other data brokers and foreign intelligence services. This data can enable intrusive surveillance, scams, blackmail, and other violations of privacy,” the fact sheet says.
The White House noted that companies are collecting more of Americans’ data than ever before, and it is then often legally sold and resold through data brokers – landing in the hands of foreign intelligence services, militaries, or companies controlled by foreign governments.
The fact sheet notes that countries of concern can access Americans’ data to collect information on activists, academics, journalists, political figures, and others to intimidate, curb dissent, and limit Americans’ freedom of expression and other civil liberties.
The “Preventing Access to Americans’ Bulk Sensitive Personal Data and U.S. Government-Related Data by Countries of Concern” order that Biden plans to sign today authorizes the attorney general to prevent the large-scale transfer of Americans’ personal data to countries of concern and provides safeguards around other activities that can give those countries access to Americans’ sensitive data.
“Our adversaries are exploiting Americans’ sensitive personal data to threaten our national security,” said Attorney General Merrick Garland. “They are purchasing this data to use to blackmail and surveil individuals, target those they view as dissidents here in the United States, and engage in other malicious activities.”
“This Executive Order gives the Justice Department the authority to block countries that pose a threat to our national security from harvesting Americans’ most sensitive personal data – including human genomic data, biometric and personal identifiers, and personal health and financial data,” he said.
Specifically, the EO directs DoJ to issue regulations that establish clear protections for Americans’ sensitive personal data from access and exploitation by specific countries. DoJ must also issue regulations that establish greater protection of sensitive government-related data.
DoJ and the Department of Homeland Security must work together to set high security standards to prevent access by countries of concern to Americans’ data “through other commercial means, such as data available via investment, vendor, and employment relationships.”
“Hostile foreign powers are weaponizing bulk data and the power of artificial intelligence to target Americans,” said Assistant Attorney General Matthew Olsen of DoJ’s National Security Division. “Today’s announcement fills a key gap in our national security authorities, affording the Justice Department a new and powerful enforcement tool to protect Americans and their most sensitive information from being exploited by our adversaries.”
The Departments of Health and Human Services, Defense, and Veterans Affairs are being directed to ensure that Federal grants, contracts, and awards are not used to facilitate access to Americans’ sensitive health data.
The EO also notes that its marching orders to Federal agencies must not stop the flow of information necessary for financial services activities or impose measures aimed at a broader decoupling of the substantial consumer, economic, scientific, and trade relationships that the U.S. has with other countries.
“These actions not only align with the U.S.’ longstanding support for the trusted free flow of data, but also are consistent with U.S.’ commitment to an open Internet with strong and effective protections for individuals’ privacy and measures to preserve governments’ abilities to enforce laws and advance policies in the public interest,” the White House said. “Additionally, President Biden continues to urge Congress to do its part and pass comprehensive bipartisan privacy legislation, especially to protect the safety of our children.”
Industry praised Biden’s EO today, with ITI’s Senior VP of Policy and General Counsel John Miller saying, “The tech industry?shares the Biden Administration’s commitment to protecting Americans’ sensitive personal data while maintaining the trusted free flow of data that is essential for U.S. competitiveness.”
“The administration has also been clear that today’s action is no substitute for a federal privacy law, which is the strongest and most comprehensive way to protect Americans’ personal data,” he said. “We look forward to continuing to work with the U.S. Congress on that important unfinished business and providing input to the Department of Justice to help ensure any final rules implementing today’s EO are effective, appropriately tailored to address national security objectives, and consistent with longstanding U.S. policies supporting global data flows, an open internet, and privacy.”
