U.S. President Joe Biden has issued an Executive Order to prevent the mass transfer of Americans’ personal data to countries deemed concerning, aiming to protect sensitive information from potential misuse. The order encompasses various types of data, including genomic, biometric, health, financial, and personally identifiable information, acknowledging the risks associated with their exploitation by threat actors and foreign intelligence services. Notably, commercial data brokers could inadvertently sell this data to countries of concern or entities under their control, posing significant privacy and national security threats.
The Executive Order is a response to mounting concerns regarding the unrestricted flow of personal data, as highlighted by researchers at Duke University who revealed how easily sensitive data could be obtained from data brokers. This vulnerability could be exploited by hostile nations to track citizens, target individuals, or restrict freedom of expression. With a focus on countries with a track record of collecting and misusing Americans’ data, such as China, Russia, Iran, and North Korea, the order directs federal agencies to establish clear protections and high-security standards for personal and government-related data.
Additionally, the order mandates federal departments to ensure that grants, contracts, and awards do not inadvertently facilitate access to sensitive data. Senator Ron Wyden criticized the narrow scope of the order, arguing for a broader restriction to include authoritarian regimes like Saudi Arabia and the U.A.E., which lack robust privacy laws and could misuse Americans’ data. The move comes amid heightened scrutiny of companies like Sandvine, added to the Entity List for supplying internet-blocking technologies used in human rights violations by repressive governments worldwide.
