WASHINGTON (Reuters) – The Biden administration has drafted an executive order that would give the Department of Justice vast powers to stop foreign adversaries like China accessing Americans’ personal data, according to a person familiar with the matter and excerpts seen by Reuters.
The proposal, which is being reviewed by government agencies, would also direct the Department of Health and Human Services (HHS) to prevent federal funding from supporting the transfer of U.S. health data to foreign adversaries, according to the excerpts.
The draft order reflects an effort by the administration to respond more aggressively to national security threats allegedly posed by Chinese companies that acquire reams of U.S. personal data, after failed bids by the Trump administration to bar Americans from using popular social media platforms TikTok and Wechat.
Former President Donald Trump tried to ban the apps in 2020 alleging data collected by them could be given to Beijing and used to track users and censor content. China and the apps have denied any improper use of U.S. data.
But the courts halted implementation of the bans and U.S. President Joe Biden eventually revoked them.
Spokespeople for the White House, the Department of Justice and the Commerce Department declined to comment. HHS did not respond to requests for comment.
The document is an initial draft that does not include input from government agencies and may change, according to another person familiar with the matter.
Asked about the proposal at a press briefing on Thursday, Chinese foreign ministry spokesman Zhao Lijian said that while China believed each country had the right to take measures to protect the personal data and privacy of its citizens, relevant initiatives should be “reasonable and scientific”.
They “should not be relegated as a tool for individual countries to over-generalise the concept of national security, abuse national power, and unreasonably suppress specific countries and enterprises”, he said.
Samm Sacks, a senior fellow at Yale Law School’s Paul Tsai China Center who examines information and communications policies, said the U.S. was trying to decide how to deal with the issue.
“What’s clear is the Biden administration is grappling with how to address this new risk frontier in the U.S.-China relationship, which is the Chinese government’s access to Americans’ sensitive data,” Sacks said.
If implemented, the draft order would grant U.S. Attorney General Merrick Garland the authority to review and potentially bar commercial transactions involving the sale of or access to data if they pose an undue risk to national security, one of the people said.
The proposal would also instruct HHS to get started on writing a rule “to ensure that federal assistance, such as grants and awards, is not supporting the transfer of U.S. persons’ health, health-related or biological data…to entities owned by, controlled by, or subject to the jurisdiction or direction of foreign adversaries,” according to an excerpt.
PERSONAL DATA
U.S. intelligence has warned about the risks posed by Chinese companies collecting Americans’ personal data by investing in U.S. firms that handle sensitive healthcare information. China’s BGI purchased U.S. genomic sequencing firm Complete Genomics in 2013 and in 2015, Chinese WuXi Pharma Tech acquired U.S. firm NextCODE Health, the National Counterintelligence and Security Center noted in a 2021 fact sheet.
The draft order comes as administration officials have grown frustrated with the Commerce Department over delays in rolling out rules and investigating threats under similar powers granted to that department by Trump in 2019, according to three people familiar with the process.
Those powers allow the Commerce Department to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from “foreign adversary” nations, including Russia and China.
But so far, the department has failed to publish long-awaited rules fleshing out a safe harbor process for companies or announce the results of investigations into firms including Russia’s Kaspersky and China’s Alibaba, as previously reported by Reuters.
The Commerce Department was also explicitly directed by a June executive order to use the new tools to protect Americans’ sensitive data from foreign adversaries via transactions involving apps, but has not made public any progress related to the measure.
The new draft order gives the Department of Justice the express authority to “monitor compliance with and enforce any prohibitions, licenses, or mitigation agreements” issued under the prior executive orders, “thereby supporting the authority given to the Secretary of Commerce.”
It also tasks the Secretary of Commerce with establishing which classes of transactions are outright prohibited and which are exempt, another excerpt shows.
(Reporting by Alexandra Alper and Karen Freifeld; Additional reporting by Yew Lun Tian in Beijing; Editing by Chris Sanders, Alistair Bell and Ed Osmond)