U.S. President Joe Biden issued an executive order Wednesday intended to safeguard the personal data of American citizens from countries deemed hostile.
The executive order centers on the business of selling people’s personal information, in which companies and so-called data brokers collect and trade data. The Biden Administration is worried that data brokers and other commercial entities will sell this information to so-called “countries of concern,” which lawmakers say have a history of collecting and misusing data on Americans.
These “countries of concern” include China (along with Hong Kong and Macau), Russia, Iran, North Korea, Cuba and Venezuela, according to a fact sheet on the E.O. Lawmakers and intelligence agencies have previously expressed concerns that the Chinese Communist Party is amassing a wealth of U.S. data, posing national security concerns.
The order focusses on specific, sensitive information like genomic data, biometric data, personal health data, geolocation data, financial data and other kinds of personally identifiable information. The White House is worried that “countries of concern” can use this sensitive data to spy on Americans and military service members.
“Our adversaries are exploiting Americans’ sensitive personal data to threaten our national security,” Attorney General Merrick B. Garland said in a statement. “They are purchasing this data to use to blackmail and surveil individuals, target those they view as dissidents here in the United States, and engage in other malicious activities.”
The executive order directs the Department of Justice to issue several regulations intended to protect sensitive data. It also instructs the Department of Homeland Security and the DOJ to enact security standards intended to prevent hostile countries from commercially obtaining sensitive data on Americans though means like investments, vendor contracts and employment relationships.
“This Executive Order gives the Justice Department the authority to block countries that pose a threat to our national security from harvesting Americans’ most sensitive personal data—including human genomic data, biometric and personal identifiers, and personal health and financial data,” Garland said in a statement.
Additionally, the order directs the Assessment of Foreign Participation in the United States Telecommunications Services Sector “to consider the threats to Americans’ sensitive personal data” when they conduct reviews of submarine cable licenses, the White House added.
Additionally, the E.O. lets various government agencies like the State, Commerce and Treasury Departments determine rules, licensing decisions and designate “covered persons,” the fact sheet said. The actions and program enacted by the E.O. essentially regulates any U.S. persons’ data transactions with these “covered persons,” who are considered to be people with direct links or ties to “countries of concern,” among other characteristics.
The public will be able to provide feedback on the new data regulation proposals “before any final rule is issued,” the fact sheet said. “Companies and individuals will be required to comply with the regulations only after the final rule becomes effective,” the document added.
The Department of Justice will investigate any violations of the new data regulations once they come in effect, and the agency will seek “civil and criminal remedies,” the fact sheet read. Additionally, the document stated that any “civil penalties for violations” would “depend on the facts and circumstances of the violation, including the adequacy of any compliance program.”
Last week, the Biden administration announced an executive order intended to improve the cybersecurity of U.S. ports. For instance, government officials said that 80% of port equipment known as ship-to-shore cranes ports are made in China, and they are concerned that the gear could be compromised and used for surveillance.
Congress has also zeroed in on potential privacy risks posed by the data-broker industry. Last May, a bipartisan group of lawmakers sent letters to over 20 companies like Equifax and Oracle, asking for information about their data-collection-and-distribution methods.
“American privacy concerns in the data broker industry are not new, and existing laws do not sufficiently protect Americans’ data from misuse,” the letter said.
Watch: Trump vs. Biden economy: What messaging are voters looking for?