28-2-2024 (WASHINGTON) President Joe Biden’s administration has unveiled a new executive order focused on safeguarding American personal data by restricting its transfer to certain countries, including China and Russia. The move comes as a response to national security concerns and aims to curb bulk transfers of Americans’ geolocation, biometric, health, and financial information.
As reported by Reuters, the order specifically targets data brokers involved in transferring sensitive personal data to “countries of concern.” These nations include China, Russia, Iran, North Korea, Cuba, and Venezuela. The order goes beyond restricting the transfer of personal data and also prohibits the transfer of any volume of data related to U.S. government personnel.
U.S. officials emphasized that China and Russia, in particular, have been acquiring sensitive American personal data through data brokers. This data has been exploited for various activities, including cyber-enabled attacks, espionage, and blackmail. While buying data through data brokers is currently legal in the United States, the officials argue that it presents a gap in the country’s national security toolkit, which the new order aims to address.
This executive order is part of broader efforts by Washington to control the flow of American data to China, given the ongoing trade and technology tensions between the two nations. The U.S. Congress is also contemplating legislation to prohibit federal agencies from contracting with specific Chinese entities, including BGI Group and Wuxi APPTEC, to prevent access to American genetic and health information.
The officials explained that transactions with data brokers knowingly transferring information to “countries of concern” will be banned. The order also prohibits all genomic data transfers. For other classes of data, such as biometric and financial information, transfers will only be banned if they meet certain volume thresholds and are destined for the specified countries.
To mitigate concerns about hampering economic activity, certain types of data, including corporate payroll and compliance, are exempt from the restrictions. Additionally, specific transactions, such as cloud services, employment agreements, and investments, will be permitted with certain security requirements, such as encryption and anonymization.
