Biden's New Approach to US Personal Data Transfers

The Biden Administration issued an executive order authorizing the Department of Justice (DOJ) and other federal agencies to take steps to prevent “the large-scale transfer of Americans’ personal data to countries of concern.” It represents an effort by the administration to put more safeguards on the data broker industry and limit the ability of US adversaries to purchase granular data on American citizens.

The Biden Administration has enacted an executive order empowering the Department of Justice (DOJ) and additional federal bodies to act against the significant movement of personal data of Americans to nations deemed as threats. This move aims to bolster the protections around the data brokerage industry and curb the potential for adversaries of the U.S. to acquire detailed information about American individuals.

Furthermore, the order mandates the following actions:

  • It directs the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (Committee) to continually manage the national security and law enforcement dangers posed by the access of 'countries of concern' to extensive sensitive personal data as outlined in this directive. This applies to any new or existing application or license the Committee reviews concerning submarine cable systems' landing or operation.
  • It calls upon the Secretary of Defense, the Secretary of Health and Human Services, the Secretary of Veterans Affairs, and the Director of the National Science Foundation to explore actions, including the enactment of regulations, guidance, or directives. These actions aim to block assistance that grants 'countries of concern' or specified entities access to the bulk sensitive personal data of U.S. citizens, particularly data related to personal health and human genomic information.
  • It instructs the Director of the Consumer Financial Protection Bureau (CFPB) to assess steps, in line with the CFPB's legal powers, to counter this threat dimension and to strengthen adherence to Federal consumer protection laws.
  • It requires the Attorney General, the Secretary of Homeland Security, and the Director of National Intelligence, in collaboration with leaders of pertinent agencies, to "recommend measures to identify, evaluate, and counteract national security threats stemming from past transfers of bulk sensitive personal data of U.S. individuals to countries of concern.

Read more

Seamus Larroque

CDPO / CPIM / ISO 27005 Certified

Home

Discover our latest articles

View All Blog Posts
October 14, 2024
Clinical Trials
Guideline

Analyzing the Similarities and Differences Between ICH-GCP and GDPR in Clinical Trials

ICH-GCP and GDPR are vital for clinical trials, setting standards for participant protection and data integrity, with distinct focuses and enforcement approaches.

September 9, 2024
Biotech & Healthtech
Data Breach
Health Data Strategy

Comprehensive Cyber Insurance for the Life Sciences Industry

Cyber insurance provides coverage to businesses, including those in the life sciences industry, to protect against losses from cyberattacks, such as data breaches, ransomware, and other threats. For life sciences companies, which handle high-value intellectual property and sensitive data, tailored cyber insurance policies offer essential protection against financial, legal, and reputational damage while complementing existing cybersecurity measures.

August 7, 2024
Data Breach

UK data watchdog to fine NHS vendor Advanced for security failures prior to LockBit ransomware attack

The UK data watchdog is set to fine NHS vendor Advanced for security failures that occurred before the LockBit ransomware attack. These security lapses contributed to the vulnerability exploited during the attack.