Skip to content

Biden cracks down on personal data sales to China, Russia

Order comes as tech advances stoke concerns the government isn't doing enough on privacy

President Joe Biden plans to announce Wednesday an order aimed at protecting certain personal data of Americans from being gathered by China, Russia and other countries.
President Joe Biden plans to announce Wednesday an order aimed at protecting certain personal data of Americans from being gathered by China, Russia and other countries. (Bill Clark/CQ Roll Call file photo)

President Joe Biden on Wednesday will announce an executive order to protect sensitive personal data from falling into the hands of China, Russia and other “countries of concern.”

The order, which will require the Justice Department to draw up rules aimed at cracking down on the transfer of personal and government-related data, arrives as technological advancements stoke anxieties that the federal government isn’t doing enough on privacy.

Although the U.S. prohibits illicit back-channel activity like computer hacking, an administration official said on a call with reporters that current laws do not bar countries from buying data through brokers, allowing them to amass volumes of U.S. personal information.

Officials added that the regulations will go through the regular rulemaking process, which can take months. It’s not clear when the administration will begin proposing regulations mandated by the executive order, setting up a potential race against the clock to finalize them before the end of the year.

An advanced notice of a proposed rulemaking that also arrives Wednesday defines countries of concern as China, Russia, North Korea, Iran, Cuba and Venezuela.

The expected rules as described would prohibit U.S. persons and companies from transferring or selling genomic, biometric identifier, precise geolocation, personal health, financial, specific personal identifier and certain government-related data, whether directly or indirectly.

A senior DOJ official added that it would include some exemptions to mitigate “unintended adverse economic impacts,” including carve outs for activities that are routine to processing financial transactions or ordinary to multinational business operations.

The order also would restrict some activities for three kinds of transactions — vendor agreements, such as cloud service agreements; employment agreements, or transfers of data between companies and its employees; and investment data.

Administration officials said the executive order does not supplant more comprehensive legislative proposals on Capitol Hill aimed at protecting data privacy — or touch on larger questions about how U.S. companies store their data or how they transfer data between themselves.

Comprehensive bills to tackle these issues haven’t passed, even though lawmakers have made progress on some aspects, such as protecting kids online. Proposals have been snagged over disagreements on whether a national privacy law should supersede state laws and worries that heavy-handed regulations could stymie technological advancement.

Recent Stories

Lawmakers postpone decision on Virginia-class submarine money

House Foreign Affairs votes to recommend holding Blinken in contempt

Filibuster’s future, emergency abortions fuel Senate debate

‘Take their factories’: Trump vows to snatch jobs from other countries

Senate Democrats bash Supreme Court’s Trump immunity ruling

‘Hello, I’m Johnny Cash’: Statue of the ‘Man in Black’ unveiled at the Capitol