The recent executive order by the Biden administration targeting data brokers has sparked debate about privacy, national security, and the future of data commerce in the US. On February 28th 2024, the US government issued an executive order targeting data brokers to restrict the sale of sensitive data overseas. While not an outright ban, the order seeks to restrict the sale of sensitive information to specific countries of concern. The countries of concern primarily include China, Russia, and North Korea. 

The move stems from concern about the potential misuse of personal information and the need to balance individual privacy with the economic benefits and security. 

Key points:

The core of EO revolves around two categories of data deemed critical: "bulk sensitive personal data" and "United States Government-related data."

Bulk sensitive personal data is information about financial records, health data, and internet browsing history, collected and aggregated about larger populations. US government-related data, on the other hand, refers to any information connected to governmental operations, military personnel, politicians, or sensitive facilities of the government.

  • Six data categories are restricted: Precise location, biometric data, genetic information, health data, financial data, and linked personal identifiers.
  • Restrictions on data transfers: US companies cannot sell or transfer large datasets of above-mentioned sensitive information in "countries of concern."
  • Third-party countries: Transactions to individuals affiliated with these countries in other nations are restricted based on their connections.
  • Exemptions: The EO doesn't change how US companies handle data domestically, regardless of the individuals' origin. This means US companies can still potentially sell the same data to US buyers. Data and financial transactions of multinational companies for payroll or business license purposes are also exempted under the order. The order also exempts public records, data transfers required under international laws, personal communications, and data needed for federally-funded health and research projects.

Concern of the US:

The US considers selling large volume of private information overseas as a matter of national security. Such dataset can be used for targeted attacks, spreading misinformation, influencing public opinion, disrupt democratic processes, plan cyber-attacks, and harm important public figures such as politicians and actors. 

The EO also emphasizes on the right to privacy for Americans. The unfettered sensitive information raises concerns about unauthorized access and potential misuse.

The US also fears that this data can be used to train China’s large-scale AI models, which has openly stated to surpass United States’ AI developments by the end of decade.  IF America’s data is used to train AI models in other countries, the US will lose control over how that data is used and what technologies are developed using it. The data can be used to identify the extent of technological advancement in the US and develop competing technologies. 

On top of this, there is a significant risk of global AI gap, where the US will struggle to compete among its fraternities. This means that the US might end up with AI that's great for Americans, but not as useful for the rest of the world, while its competitors, like China will have technology which works for both China and the US, making the latter more accessible and acceptable.

Data Brokering:

Data brokering is the process of collecting, aggregating and selling other users’ information online. The information can come from publically available records and surveys, but can also be harvested through unethical sources such as data breaches, dark web marketplaces, spyware, and phishing scams. 

Globally, there are an estimated 4,000 data broker companies with data broker industry worth more than $200 Billion Dollars. The data broker market is expected to grow at a compound annual growth rate (CAGR) of 4.5%, reaching nearly $382 billion by 2030,

Ethical Concerns Around Data Collection and Selling:

In many nations, including the US, data brokers collecting and selling information from public records are generally legal. Such information is obtained through vote card information, telephone directory, social media, and court records. 

Despite the lack of nationwide law, four US states have individually applied data broker laws- California, Vermont, Colorado, and Oregon. These laws require data brokers to register and provide full access to consumer data, along with offering them chance to opt-out and delete their records. 

Similar law under the name of General Data Protection Regulation (GDPR) governs the people of European Union. It requires explicit consent before data collection and gives individuals the right to access, rectify, or erase their data held by data brokers.

Conclusion: The Future of Data Privacy

The US government’s effort to limit the sale and purchase of user’s personal information aligns with the global trend of stricter data privacy laws. Although the recent executive order is not the game changer for the domestic privacy laws, but still a right step towards the user-privacy-driven future of the US and the world. 

While further steps are needed for comprehensive data privacy, as noted in the European Union, the executive order shows that America is moving in the right direction. 

*READ MORE: AI In Healthcare Is The Blend Of Innovation And Ethics

Copyright © 2024