Biden Administration Unveils Data Privacy Executive Order

  /     /     /  
Publicated : 23/11/2024   Category : security


Biden Administration Unveils Data Privacy Executive Order


The presidential move orders a variety of different departments and organizations to regulate personal data better and provide clear, high standards to prevent foreign access.



On Feb. 28, President Joe Biden issued an
executive order
with the intent of protecting Americans personal data from foreign threats.
The data referred to is primarily sensitive and personal information such as biometric data, personal health, geolocation, financial information, and personally identifiable information (PII). This kind of information, in the hands of malicious actors, could be used in scams and blackmail, for surveillance, and in other disturbances of privacy, potentially causing unwanted national security issues.
Increasingly, companies are collecting personal data, then legally — or sometimes even illegally — selling, or reselling that data. 
Just this past month, the Federal Trade Commission (FTC) claimed that
Avast collected consumer browsing data
and was storing it indefinitely without notice or consent, then selling and licensing the Web browsing data to third parties — all after claiming to protect its consumers from this very act. 
While this instance may have been illegal, legally tracking and selling private data collected from consumers and citizens isnt all that different, and its more common than the average person may realize.
There has been a demand for advertisers and markets to obtain customer lists and that has created this market for data brokers, says Aloke Chakravarty, partner at the Snell & Wilmer law firm. He is the co-chair for the law firms investigations, government enforcement, and white-collar protection practice group, and the firms cybersecurity, data protection, and privacy practice group.
The idea in America of buying and selling customer lists is actually a very old and often legitimate business model, he adds.
Either way, once data is collected by companies or data brokers, they can then go on to sell that data to so-called countries of concern,
as noted in the EO fact sheet
— nations including China, North Korea, Iran, Cuba, and Venezuela, which already have a history of collecting data on Americans.
Once in the hands of foreign operators, this data can be used by other intelligence services, militaries, or entities that function under foreign governments, which raises concerns of national security and counterintelligence. These countries could gather information on activists, academics, journalists, dissidents, political figures, and members of non-governmental organizations and marginalized communities to intimidate their opposition or blackmail them, the fact sheet warned.
There are also specific forces at play, however. 
As noted by FBI Director Christopher Wray at the International Conference on Cyber Security (ICCS) earlier this year, there is an expectation of chaos for this 
upcoming 2024 presidential election
and potential
cyber warfare interference
from foreign countries such as
Russia
,
Iran
, and
China
— the latter of which harbors hackers that have stolen more personal and corporate data belonging to Americans than every other country put together. 
There is an election this year, and to allow US persons information to be mined or used for purposes of influencing that election is of paramount concern to the administration, Chakravarty says. Im not saying its all politics, but election integrity is a factor here.
Regulation for data privacy has never taken such national prevalence in the past, at least in the United States. While other countries have privacy and security laws like the
General Data Protection Regulation (GDPR)
to regulate data privacy and the rights of individuals, the US falls behind in this aspect. There is an imperative to implement safeguards to protect citizens as soon as possible, Chakravarty notes, especially at a time when the risk to private data is reaching a boiling point.
The administration detailed several directions for government agencies and departments to issue regulations and determine rules and licensing decisions, some of which are clearer than others. The Department of Justice (DoJ), for instance, will be expected to establish clear protections for Americans sensitive personal data and will prevent the large-scale transfer of that data to countries of concern. The definition of the scope and volume of a large-scale transfer remains unclear.
In addition, the DoJ will be expected to establish greater protections to sensitive data and, alongside Homeland Security, prevent access to Americans data through commercial means by countries of concern, such as through investment or employment relationships.
The Departments of Health and Human Services, Defense, and Veterans Affairs will also collectively be involved to ensure the safety of sensitive health data. And, the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector has been ordered to consider potential threats when reviewing submarine cable licenses. In one year, the secretaries of these departments, as well as the director of the National Science Foundation, will report to the president to detail their progress in implementing data privacy measures around the information. 
How these presidential orders will influence foreign relations going forward is uncertain, though Chakravarty says this only furthers the cyber cold war at play geopolitically.
Any time you discriminate against a country, it is going to have an offending impact on your bilateral relationship, as well as the multilateral dynamics and signals that youre sending to the world, Chakravarty says, both from a foreign policy perspective as well as a commercial perspective.
He notes, however, that the US government hasnt necessarily shied away from publicly admonishing adversarial countries and their cyber tactics in the past.
The fact that this is an executive order does add some formality to that. … I dont think its going to [prompt] a vigorous response, Chakravarty says, but it might actually formalize some of the anti-American policies that might appear in some of these other jurisdictions.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Biden Administration Unveils Data Privacy Executive Order