President Joe Biden recently issued an executive order aimed at safeguarding Americans’ personal data from foreign threats. The order focuses on protecting sensitive information such as biometric data, personal health records, geolocation data, financial information, and personally identifiable information (PII) from falling into the wrong hands. The misuse of such data by malicious actors can lead to scams, blackmail, surveillance, and other privacy breaches, potentially posing national security risks.
The need for data privacy regulation has become more pressing in light of the growing trend of companies collecting personal data and selling it legally or even illegally. A recent case involving Avast came to light, where the Federal Trade Commission (FTC) accused the company of collecting consumer browsing data without consent, storing it indefinitely, and selling it to third parties. This incident underscores the prevalence of data tracking and selling practices that can compromise individuals’ privacy.
Aloke Chakravarty, a partner at the Snell & Wilmer law firm, points out that the demand for consumer data has created a market for data brokers who buy and sell customer lists. While this practice is not new and can be legitimate, there are concerns about where this data ends up. Companies and data brokers can sell this data to countries with concerning track records, such as China, North Korea, Iran, Cuba, and Venezuela, which may use it for intelligence gathering or other malicious purposes.
The Executive Order highlights the risks associated with foreign entities obtaining Americans’ personal data, especially in the context of national security and counterintelligence. Foreign governments could exploit this data to intimidate or blackmail individuals, including activists, academics, journalists, political figures, and members of marginalized communities. The potential misuse of private data underscores the need for stronger data privacy regulations to protect individuals from such threats.
Moreover, concerns over election integrity have also been raised, particularly in the lead-up to the 2024 presidential election. FBI Director Christopher Wray has warned of potential cyber warfare interference from foreign countries like Russia, Iran, and China. Data privacy regulations are crucial to prevent the misuse of individuals’ information for influencing elections or other nefarious purposes.
While countries like the European Union have implemented comprehensive data privacy regulations such as the General Data Protection Regulation (GDPR), the US lags behind in this area. The Biden Administration’s plan to establish clearer protections for sensitive personal data and prevent large-scale transfers to countries of concern reflects a growing recognition of the importance of data privacy in the digital age.
The Executive Order outlines various directives for government agencies to regulate data privacy and mitigate the risks associated with foreign access to sensitive information. Collaboration between agencies like the Department of Justice, Homeland Security, Health and Human Services, Defense, and Veterans Affairs underscores the multi-faceted approach needed to address data privacy concerns effectively. The implementation of these measures will be closely monitored, with progress reports expected within a year.
The impact of these data privacy regulations on foreign relations remains uncertain, as they may complicate diplomatic and commercial relationships with countries targeted by the Executive Order. However, Chakravarty suggests that formalizing these measures could help address cyber threats and send a strong signal about the US government’s commitment to protecting individuals’ privacy. As the digital landscape continues to evolve, robust data privacy regulations are essential to safeguarding personal information and ensuring the integrity of democratic processes.