Current News

/

ArcaMax

Biden cracks down on personal data sales to China, Russia

Valerie Yurk, CQ-Roll Call on

Published in News & Features

President Joe Biden on Wednesday will announce an executive order to protect sensitive personal data from falling into the hands of China, Russia and other “countries of concern.”

The order, which will require the Justice Department to draw up rules aimed at cracking down on the transfer of personal and government-related data, arrives as technological advancements stoke anxieties that the federal government isn’t doing enough on privacy.

Although the U.S. prohibits illicit back-channel activity like computer hacking, an administration official said on a call with reporters that current laws do not bar countries from buying data through brokers, allowing them to amass volumes of U.S. personal information.

Officials added that the regulations will go through the regular rulemaking process, which can take months. It’s not clear when the administration will begin proposing regulations mandated by the executive order, setting up a potential race against the clock to finalize them before the end of the year.

An advanced notice of a proposed rulemaking that also arrives Wednesday defines countries of concern as China, Russia, North Korea, Iran, Cuba and Venezuela.

The expected rules as described would prohibit U.S. persons and companies from transferring or selling genomic, biometric identifier, precise geolocation, personal health, financial, specific personal identifier and certain government-related data, whether directly or indirectly.

 

A senior DOJ official added that it would include some exemptions to mitigate “unintended adverse economic impacts,” including carve outs for activities that are routine to processing financial transactions or ordinary to multinational business operations.

The order also would restrict some activities for three kinds of transactions — vendor agreements, such as cloud service agreements; employment agreements, or transfers of data between companies and its employees; and investment data.

Administration officials said the executive order does not supplant more comprehensive legislative proposals on Capitol Hill aimed at protecting data privacy — or touch on larger questions about how U.S. companies store their data or how they transfer data between themselves.

Comprehensive bills to tackle these issues haven’t passed, even though lawmakers have made progress on some aspects, such as protecting kids online. Proposals have been snagged over disagreements on whether a national privacy law should supersede state laws and worries that heavy-handed regulations could stymie technological advancement.


©2024 CQ-Roll Call, Inc., All Rights Reserved. Visit cqrollcall.com. Distributed by Tribune Content Agency, LLC.

Comments

blog comments powered by Disqus