A new executive order seeks to put clamps on the sale of Americans’ personal data by data brokers and other companies to certain countries found to be of national security concern.
On Wednesday, President Joe Biden issued the order, “Preventing Access to Americans’ Bulk Sensitive Personal Data and U.S. Government-Related Data by Countries of Concern.” The order directs the Department of Justice (DOJ) to take the lead on issuing regulations that prohibit or restrict certain categories of data transactions that pose risk to national security.
The order is aimed at thwarting misuse of Americans’ data for the purposes of cyber-enabled activities, espionage, coercion, influence, blackmail, and other malicious means, according to a DOJ fact sheet.
“[N]o existing laws comprehensively and prospectively address the national security risks posed by access by countries of concern or covered persons subject to their jurisdiction or control to sensitive personal data through commercial transactions,” said the DOJ. “This targeted new program will be designed to address this gap in our national security authorities.”
Countries of concern identified by the order are expected to include China, Russia, Iran, North Korea, Cuba, and Venezuela.
The order will cover the sale of “sensitive personal data,” which includes genomic data, biometric data, personal health data, geolocation data, financial data, and other personally identifiable information.
Prohibited data transactions are expected to include data brokerage transactions and certain genomic data transactions, while restricted transactions that will see requirements established by the Cybersecurity and Infrastructure Security Agency are expected to include vendor agreements involving the provision of goods and services, including cloud-service agreements; employment agreements; and investment agreements.
Certain data transactions, including those ordinarily part of financial services, payment processing, and regulatory compliance, will be exempt.
The DOJ said it is considering establishing civil penalties for violations. The adequacy of a company’s compliance program would be considered in any such determination.
Biden’s order is also expected to call on the Consumer Financial Protection Bureau (CFPB) to consider taking steps to protect Americans from certain data broker activities. The agency will respond with a rule proposal this year to limit certain activities of data brokers, including those that sell personal data to those overseas, said CFPB Director Rohit Chopra in a statement.
No comments yet