Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

29.02.2024

U.S. President Joe Biden recently issued an Executive Order aimed at prohibiting the mass transfer of citizens’ personal data to countries identified as potential concerns. The White House emphasized that the Executive Order introduces safeguards around various activities that might grant these countries access to sensitive American data.

The covered sensitive information includes genomic data, biometric data, personal health data, geolocation data, financial data, and specific forms of personally identifiable information (PII). The U.S. government expressed concerns about threat actors potentially weaponizing this data to track their citizens, passing it to data brokers and foreign intelligence services, leading to intrusive surveillance, scams, blackmail, and other privacy violations.

Citing the risk of commercial data brokers selling this information to countries of concern, the government highlighted the possibility of it falling into the hands of foreign intelligence services, militaries, or entities controlled by foreign governments. In November 2023, Duke University researchers revealed the ease with which sensitive data about military personnel, their families, and veterans could be obtained from data brokers for a minimal cost per record.

The government stressed the privacy, counterintelligence, blackmail, and national security risks associated with the sale of such data. It warned that hostile nations might exploit this information to collect data on activists, journalists, dissidents, and marginalized communities to restrict freedom of expression and suppress dissent.

The Executive Order directs federal agencies to establish regulations providing clear protections for sensitive personal and government-related data, limiting data access through commercial agreements by setting high-security standards. Additionally, it mandates the Departments of Health and Human Services, Defense, and Veterans Affairs to ensure that federal grants, contracts, and awards are not misused to facilitate access to sensitive data.

While the decision to restrict personal data flows to countries of concern like China was made, Senator Ron Wyden criticized this approach, stating that authoritarian regimes like Saudi Arabia and the U.A.E. should not be trusted with Americans’ personal data. He argued that these countries might undermine U.S. national security and target U.S.-based dissidents, given their lack of effective privacy laws preventing the onward sale of data to China.