Biden cracks down on US data flows to China, Russia (updated)

BGI AD

28/02/2024 19:34

(Adds quotes, recasts)
    By Alexandra Alper and Kanishka Singh
       WASHINGTON, Feb 28 (Reuters) - President Joe Biden's
administration on Wednesday unveiled an executive order barring
genomic data transfers to China, as it seeks to protect American
personal data over national security concerns.
    The order, first reported by Reuters, will also curb bulk
transfers of Americans' geolocation, biometric, health and 
financial information to specific "countries of concern,"
including Russia Iran, North Korea, Cuba and Venezuela.
        The directive appeared to zero in on Chinese gene
companies like BGI, barring transfer of any volume of genomic
data to countries of concern.
        "This is the White House's way of tackling a set of very
specific China and Russia focused security threats, including
the threat posed by genomics companies like BGI," said Peter
Harrell, a former National Security Council official, describing
genomic information as "extremely high risk data" and adding
there was "little need for that to be processed in China."
  
        BGI did not immediately respond to a request for
comment.
  
        Washington has been trying to stem the flow of American
personal data to China, part of a years-long struggle over trade
and technology.
        The U.S. Congress is considering legislation to ban
federal agencies from contracting with China's BGI Group and
Wuxi APPTEC, part of an effort to keep China from accessing
American genetic data and personal health information..
    This month, BGI Group said it supports protecting personal
data, but the legislation "which will effectively drive BGI from
the U.S. market, will not accomplish this goal." The company
said that in the U.S., it does not collect patient samples or
have access to personal or genetic data.
    Reuters reported in 2021 that BGI has made sales worldwide
of prenatal tests developed in collaboration with China's
military and has used them to collect genetic data from millions
of women for sweeping research on traits of populations.
    Other types of data transfers to China have also come into
Washington's crosshairs. In 2018, a U.S. panel that reviews
foreign investments for potential national security threats
rejected a plan by China's Ant Financial to acquire U.S. money
transfer company MoneyGram International, because of concerns
over safety of data that can be used to identify U.S. citizens.
    "China and Russia are buying American sensitive personal
data from data brokers" and leveraging it "to engage in a
variety of nefarious activities including malicious
cyber-enabled activities, espionage and blackmail," senior
administration officials told reporters on Tuesday evening.
    "Buying data through data brokers is currently legal in the
United States. That reflects a gap in our national security
toolkit," they added, saying Wednesday's order aimed to fill
that gap.
    The officials said transactions will be banned with data
brokers who know the information will end up in "countries of
concern", as will the transfer of any data on U.S. government
personnel.    
    Transfers of other classes of data - from biometric to
financial - would only be banned if they met certain volume
thresholds and were being sent to those countries.
    The White House said companies are collecting more of
Americans' data than ever before. It is often legally sold and
resold through data brokers who can then transfer it to foreign
intelligence services, militaries, or companies controlled by
foreign governments. 
     To allay concerns that the new rules would unnecessarily
hamper economic activity, certain types of data including
corporate payroll and compliance are exempted, they added. 
    Certain transactions such as cloud service, employment and
investment agreements would also be permitted, subject to some
security requirements such as encryption and anonymization.
    The order also directs the Department of Justice to give
industry ample opportunity to comment before proposals take
effect.
        Responding to Biden’s order, the U.S. Consumer Financial
Protection Bureau also said Wednesday it would develop rules in
2024 to limit data brokers’ international sale of Americans’
personal data.  
  
        The agency, which under credit reporting laws can
regulate consumer data collection, cited research from Duke
University showing the personal data of U.S. military personnel
and veterans was available online for as little as 12 cents per
record and was vulnerable to exploitation by hostile actors.
  

 (Reporting by Alexandra Alper and Kanishka Singh; Additional
reporting by Douglas Gillison; editing by Chris Sanders, Richard
Chang and David Gregorio)
 ((Alexandra.Alper@thomsonreuters.com; +1(202)354-5865; Reuters
Messaging: alexandra.alper.thomsonreuters.com@reuters.net - https://twitter.com/alexalper?lang=en))