The Commerce Department has stalled out on regulation of how Americans' data flows across digital borders. A draft order suggests a new approach.
Photo: Olivier Douliery/AFP (Getty Images) |
Digital privacy legislation in the U.S. is a bafflingly fractured mess, and it’s about to get even more so. On Thursday, Reuters reported that Joe Biden’s administration had whipped up an executive order meant to give the Department of Justice “vast powers” to stop foreign “adversaries”—like Russia or China—from tapping into Americans’ personal data.
Citing a person familiar with the order and excerpts of the document, Reuters reports that the order would grant U.S. Attorney General Merrick Garland permission “to review and potentially bar commercial transactions involving the sale of or access to data if they pose an undue risk to national security.” It would ask the Department of Health and Human Services to create new rules meant to prevent federal healthcare funding from “supporting the transfer of U.S. persons’ health, health-related or biological data” to those same foreign actors.
The choice to divvy up these responsibilities to multiple departments amounts to a tacit admission that the current approach for handling digital data as it crosses our borders just isn’t cutting the mustard.
As part of the US-China trade war waged by the Trump administration, the Commerce Department was granted powers to review and even reverse deals between U.S. firms and tech or telecommunications companies from those same “foreign adversary” nations. In November 2019, the Department debuted its first draft of what those reviews might look like. In the three years since the Commerce Department was granted this authority, all we’ve seen are a mounting number of draft amendments and a request for $36 million. If comments from industry groups on the draft are to be believed, the reviews could be broad, vague, and unnecessarily cumbersome, the way much of American privacy policy is broad, vague, and unnecessarily cumbersome.
It makes sense to divvy up responsibilities for different kinds of data under different departments. The majority of the time, data collected by your average healthcare practice is subjected to different laws than data collected by a company like Target when you shop on its site. The Reuters report suggests that the Department would now be principally tasked with “establishing which classes of transactions are outright prohibited.”
Apps are presumably at the top of that list, since not long after reversing Trump’s order banning apps like TikTok and Wechat last summer, Biden also ordered a security review of those popular apps from the Commerce Department. That review was sent in last October, and outsiders have been getting radio silence on new developments in the months since.
The Justice and Commerce Departments do, however, have a lot to chew on if they are going to get app privacy under control. It means that lawmakers are going to need to acknowledge that fears about some foreign apps are completely ungrounded while at the same time acknowledging shady data-gathering practices by U.S. apps. As we’ve said before, if TikTok’s an issue, that means Snapchat and Twitter are issues, too. That’s not necessarily because these apps are at the heart of some new world war the way Trump argued TikTok was but rather because Silicon Valley consistently makes bank off foreign advertisers and tech firms who funnel money into American platforms, which give them American data so they can reach an American audience with ads for an off-brand t-shirt or coffee mug or whatever tchotchke they want to hawk to the masses.
That data free-for-all might get quashed by whatever plans Biden has coming for Commerce and the DOJ, sure. But considering the administrations’ glacial approach to handling the mounting privacy issues with those domestic dealers, we’re betting on being stuck in limbo for as long as possible.
Tags:
Privacy and Security