Unpacking the U.S. Data Broker Regulation: Balancing National Security and Global Data Flows

As we wrote in a blog post on 29 February 2024, the recent executive order issued by President Joe Biden marks a watershed moment in US policy on the sale of personal data by data brokers, particularly to countries regarded national security risks. The Lawfare essay "Limiting Data Broker Sales in the Name of U.S. National Security: Questions on Substance and Messaging" by Peter Swire and Samm Sacks dives into the implications of this policy shift, highlighting concerns about its effectiveness and its unexpected consequences.

The order targets bulk sales of sensitive personal data, such as genomic, biometric, and precise geolocation data, to countries of concern, including China, Iran, and North Korea. The purpose is to prevent these countries from gathering information on Americans that could be used for tracking and manipulation, particularly against military people, government officials, and other individuals of interest. This decision is consistent with bipartisan efforts to regulate the booming data broker industry, which has been scrutinized for privacy concerns.

However, the authors believe that, while politically tempting, the new regime may fail to satisfy national security concerns. They emphasize many concerns, including the difficulty of enforcing prohibitions on bulk sales, the ease with which tiny purchases can accrue, and the possibility of data being diverted through intermediaries. Furthermore, the emphasis on specific types of sensitive data may make other types of personally identifiable information open to exploitation.

The broader backdrop of this policy shift represents a divergence from the United States' long-standing support for free and open data flows across borders. Recent moves, such as removing support for digital concerns from international trade agreements and proposing limits on cloud service sales, point to a new approach that prioritizes national security over commercial interests. This trend raises concerns about the impact on the United States' global competitiveness and the possibility of growing digital protectionism.

The authors warn about the unexpected implications of these policy changes, such as eroding collaboration with allies and giving Chinese technology businesses a competitive advantage in emerging markets. They also emphasize the need of preserving the integrity of underwater cables and telecommunications infrastructure, which are critical to global data flows.

Swire and Sacks propose for a balanced approach that addresses national security issues while maintaining the United States' economic interests and technological supremacy. They argue that extensive privacy safeguards and cybersecurity advances are more effective means of mitigating data threats. The paper emphasizes the importance of clear and convincing messaging from the Biden administration in explaining the rationale for these policy changes and ensuring that the United States stays committed to an open and safe digital future.

Credit: Peter Swire and Samm Sacks, Lawfare

FedFeather Frank says:

“This article is important for federal government contractors as it sheds light on the evolving regulatory landscape surrounding data security and cross-border data governance, which could directly impact their operations, compliance requirements, and strategic planning in the context of national security and global data flows.”

In reaction to this piece, federal contractors might:

  • Update their data management and security procedures to comply with new laws on data sales and transactions in nations of concern.

    • Need assistance?  Fed Contract Pros provide 1:1 coaching sessions.

  • Use comprehensive due diligence methods to analyze data sales and purchases, especially when dealing with sensitive information or transactions with foreign firms.

  • Stay up to date on current policy developments and anticipated regulatory changes affecting data security and national security.

    • Subscribe to our Newsletter or check our Blog posts on a regular basis to stay updated.

The content on this site, including articles, images, and logos, is protected by copyright and intellectual property laws and is intended for educational and informational purposes only. It should not be considered legal advice. Laws and regulations may vary by jurisdiction and are subject to change. For legal advice, consult with a qualified attorney or legal professional.

Previous
Previous

The GAO Report about the FDA’s Inspection Workforce: the Implications for Federal Government Contractors in Clinical Research

Next
Next

The U.S. Navy's Long-Range Shipbuilding Plan for Fiscal Year 2025