President Joe Biden has issued an executive order to protect Americans’ personal data from hostile countries [2] [4] [5] [6] [7] [9] [10], particularly China [4] [11], Russia [2] [3] [5] [7] [10] [11], North Korea [2] [3] [5] [7] [10], Iran [2] [3] [5] [7] [10], Cuba [3] [5] [7] [10], and Venezuela [3] [5] [10].


The order targets data brokers selling sensitive information to foreign entities and aims to prevent the large-scale transfer of Americans’ personal data, including genomic data [1], biometric data [1] [4] [8], personal health data [1] [2] [4] [8], geolocation data [1] [4] [8] [11], and financial data [1] [4] [8] [11]. The Department of Justice is authorized to issue regulations to establish protections for Americans’ sensitive personal data [1] [5], including geolocation information on sensitive government sites and members of the military [5] [10]. Measures are also taken to protect Americans’ data in telecommunications services sectors [9]. Deputy Attorney General Lisa Monaco emphasized the importance of preventing threat actors from accessing Americans’ sensitive personal data [8]. Additionally, the Department of Justice and Homeland Security will collaborate to establish high security standards to prevent access to Americans’ data through commercial means like investments [1], vendors [1] [2], and employment relationships [1] [2]. Federal agencies will also work to ensure that grants [1], contracts [1] [7], and awards do not facilitate access to Americans’ sensitive health data by countries of concern [1], without disrupting necessary information flow for financial services activities or broader international relationships [1]. The White House emphasizes the importance of protecting individuals’ privacy and preserving governments’ abilities to enforce laws [9]. Biden’s move follows a previous executive order on artificial intelligence that seeks to balance technology development with national security and consumer rights [5] [10]. The order also requires new security standards for data gathered through investment [2], vendor [1] [2], and employment relationships [1] [2], and departments like Health and Human Services [2], Defense [2], and Veterans Affairs must ensure Americans’ health data is not transferred through federal grants [2]. The order does not address the broader issue of the personal data market in the US [2], leaving regulatory action to agencies like the FTC [2]. Concerns about foreign actors accessing personal data have been raised [2], with Senator Ron Wyden calling on the NSA to stop buying location information from data brokers [2]. The US director of national intelligence has acknowledged the detailed information US intelligence agencies obtain from these brokers [2]. The executive order is aimed at curbing foreign governments’ ability to buy Americans’ sensitive personal information [11], such as health and geolocation data [11], to address national security concerns [11]. The order gives the Justice Department authority to regulate transactions that pose a risk to national security [11], particularly those giving foreign powers access to personal data [11]. Data brokers are a key concern [11], as countries like China and Russia are buying Americans’ sensitive data from them [11]. The order covers other sensitive information like genomic and financial data [11], with a focus on protecting government information and preventing federal grants from facilitating foreign access to health data [11]. The surge in online trade of personal information has raised alarms among lawmakers and officials [11], as adversaries can use this data for intelligence gathering and privacy risks [11]. The lack of federal regulation around the sale of consumer data is a concern [6], with thousands of data brokers selling data on Americans with virtually no oversight [6]. Some states have created their own laws to protect consumer data [6], but federal regulation is needed to provide transparency and protection for Americans’ personal information [6]. The White House [2] [6] [7] [8] [9], under President Joe Biden [2] [3] [4] [5] [6] [7] [9] [11], will issue an executive order to protect Americans’ personal data and prevent data brokers from selling it to “countries of concern.” The order aims to prevent large-scale transfers of personal data to these countries and safeguard sensitive information such as genetic [6] [7], financial [1] [2] [4] [7] [8] [9] [11], health [1] [2] [4] [7] [8] [9] [11], and personally identifiable data [7] [8] [9]. The Department of Justice will regulate the use of personal data and protect military and government-related data [6] [7]. The order also addresses concerns about telecommunications firms and federal contracts potentially putting American data at risk [7]. While the announcement does not specify which nations are considered “countries of concern,” it is likely to include sanctioned countries like Iran [7], Russia [2] [3] [5] [7] [10] [11], Cuba [3] [5] [7] [10], Syria [7], and North Korea [2] [7].


The executive order issued by President Biden to protect Americans’ personal data from hostile countries is a crucial step in safeguarding sensitive information and preventing unauthorized access. By targeting data brokers and establishing regulations to protect Americans’ personal data, the order aims to mitigate risks associated with the large-scale transfer of personal information to foreign entities. Moving forward, it is essential for federal agencies to work together to ensure the security and privacy of individuals’ data, while also maintaining necessary information flow for financial services activities and international relationships [1]. The order underscores the importance of balancing national security concerns with the protection of individuals’ privacy, and sets the stage for future actions to address the broader issue of personal data protection in the US.