President Biden Issues Executive Order to Protect Sensitive Personal Data

In a landmark move aimed at safeguarding Americans' sensitive personal data, President Joe Biden has issued an Executive Order, marking a significant step in protecting US data security. The order, issued yesterday, authorizes the Attorney General to take measures to prevent the large-scale transfer of Americans' personal data to countries deemed as concerns to national security. The initiative comes amidst growing concerns over the exploitation of personal data by hostile nations and the subsequent risks to privacy and national security.

The Executive Order targets a wide array of sensitive information including genomic data, biometric data, personal health records, geolocation data, financial information, and certain personally identifiable information (PII). The administration highlights the potential dangers posed by the misuse of such data by malicious actors, who could utilize it for intrusive surveillance, scams, blackmail, and other violations of privacy.

One of the key issues raised by the administration is the role commercial data brokers and other companies have in facilitating the transfer of sensitive data to countries of concern. These entities often sell data legally, which can then end up in the hands of foreign intelligence services or companies controlled by foreign governments. This poses significant privacy, counterintelligence, and national security risks, particularly for individuals in the military or national security community.

However, commentary posted on social media highlights how this executive order could actually harm privacy instead of protecting it. Kapil Bareja, a seasoned cybersecurity professional stated "I believe this order will further erode our right to share and access information without government interference, prohibit consumers from picking the online services that best meet their needs for privacy and security, and could actually end up harming privacy, rather than protecting it."

Actions Required by Federal Agencies to Address these Risks

The Executive Order directs various federal agencies to take concrete steps to address these risks. The Department of Justice is tasked with issuing regulations that establish clear protections for Americans' sensitive personal data, with a specific focus on preventing its access and exploitation by countries of concern. Additionally, regulations will be put in place to provide greater protection for sensitive government-related data, including information related to military personnel and geolocation data on sensitive government sites.

Collaboration between different departments is emphasized in the Executive Order, with the Departments of Justice and Homeland Security instructed to work together to set high-security standards to prevent access to Americans' data through commercial means such as investment, vendor, and employment relationships. Furthermore, the Departments of Health and Human Services, Defense, and Veterans Affairs are directed to ensure that federal grants, contracts, and awards do not inadvertently facilitate access to sensitive data by countries of concern.

The order also highlights the need for vigilance in telecommunications services, with the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (commonly known as “Team Telecom”) tasked with considering threats to Americans' sensitive personal data in its reviews of submarine cable licenses.

President Biden has underscored the importance of striking a balance between protecting Americans' data and maintaining essential relationships with other countries. The administration remains committed to supporting the trusted free flow of data while upholding individuals' privacy rights and preserving governments' abilities to enforce laws and advance policies in the public interest.