metamorworks -

Biden aims to protect data, calls for U.S. data privacy law

President Joe Biden is aiming to stop the sale of Americans' sensitive data to countries of concern, while also pushing for a U.S. data privacy law.

The Biden administration is set on preventing Americans' sensitive personal data from falling into the hands of concerning countries, while also urging Congress to pass a comprehensive U.S. data privacy law.

President Joe Biden plans to sign an executive order authorizing the U.S. attorney general to stop the sale and large-scale transfer of U.S. citizens' personal data -- including geolocation, financial, biometric, personal health and genomic data, and certain types of personally identifiable information -- to countries of concern. The move targets commercial data brokers and companies that sell data to countries such as China, Iran and Russia, or entities controlled by nations officially designated as countries of concern by the federal government.

The sale of Americans' personal data "raises significant privacy, counterintelligence, blackmail risks and other national security risks," according to a White House news release.

Biden's order aims to protect Americans from the sale of their personal data, but it lacks the teeth to provide the same foundational data privacy protections that something like a U.S. data privacy law could enable, said Susan Aaronson, research professor of international affairs at George Washington University. Aaronson said she also worries that the executive order sets a negative precedent for controls on data.

The problem stems from the failure in the U.S. to have personal data protection plus regulation of the data brokers.
Susan AaronsonResearch professor of international affairs, George Washington University

"The problem stems from the failure in the U.S. to have personal data protection plus regulation of the data brokers," she said.

Biden wants data privacy protections, U.S. data privacy law

The Biden administration will task the Department of Justice (DOJ) with issuing regulations that establish protections for Americans' sensitive personal data from access by countries of concern.

The DOJ will also work with the Department of Homeland Security to set security standards that prevent countries of concern from accessing Americans' sensitive data through commercial means, such as investments, vendors and employment relationships, the White House said.

Biden is also continuing to urge Congress to "do its part" and pass comprehensive bipartisan privacy legislation -- something Congress has struggled to achieve.

The U.S. lacks a strategy for data protection, which Aaronson described as "multidimensional" and underpinning emerging technologies such as generative AI. She said the downside is not only the lack of cohesive data privacy protection, but negative effects on the free flow of data that isn't sensitive.

"We don't have a data strategy for how we should govern the various types and uses of data, but other governments do," Aaronson said.

Indeed, privacy professionals are assessing whether the executive order marks a "stark deviation from decades of U.S. support for data flows" or targeted privacy protections for sensitive data in response to national security threats, said Caitlin Fennessy, vice president and chief knowledge officer at the International Association of Privacy Professionals.

"Given longstanding difficulties advancing broad-based federal privacy legislation, the administration may have seen executive action as the only viable option to advance privacy protections to address what it perceives as an imminent risk," she said.

Fennessy said privacy professionals will also be considering which organizations, data and transfers might be implicated and what businesses must do to comply with the DOJ's guardrails.

Makenzie Holland is a senior news writer covering big tech and federal regulation. Prior to joining TechTarget Editorial, she was a general reporter for the Wilmington StarNews and a crime and education reporter at the Wabash Plain Dealer.

Dig Deeper on Risk management and governance

Cloud Computing
Mobile Computing
Data Center
and ESG