Biden EO revokes TikTok ban; launches ‘evidence based’ approach to data concerns
In a 9 June executive order (‘EO’), US President Joe Biden has revoked his predecessor’s executive orders restricting US person’s dealings with the Chinese software apps TikTok and WeChat, whilst instigating a new regime for addressing the threat posed to US persons’ data.
The EO says that the ‘increased use in the United States of certain connected software applications designed, developed, manufactured, or supplied by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary…continues to threaten the national security, foreign policy, and economy of the United States. The Federal Government should evaluate these threats through rigorous, evidence-based analysis and should address any unacceptable or undue risks consistent with overall national security, foreign policy, and economic objectives, including the preservation and demonstration of America’s core values and fundamental freedoms.’
It says that in evaluating the risks of a connected software application, several factors should be considered, including,
‘…ownership, control, or management by persons that support a foreign adversary’s military, intelligence, or proliferation activities; use of the connected software application to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information, or sensitive personal data; ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary; ownership, control, or management of connected software applications by persons involved in malicious cyber activities; a lack of thorough and reliable third-party auditing of connected software applications; the scope and sensitivity of the data collected; the number and sensitivity of the users of the connected software application; and the extent to which identified risks have been or can be addressed by independently verifiable measures.’
In addition to rescinding Executive Order 13942 of 6 August 2020; Executive Order 13943 of 6 August 2020 and Executive Order 13971 of 5 January 2021, the EO orders that within 120 days,
‘the Secretary of Commerce, in consultation with the Secretary of State, the Secretary of Defense, the Attorney General, the Secretary of Health and Human Services, the Secretary of Homeland Security, the Director of National Intelligence, and the heads of other agencies as the Secretary of Commerce deems appropriate, shall provide a report…with recommendations to protect against harm from the unrestricted sale of, transfer of, or access to United States persons’ sensitive data, including personally identifiable information, personal health information, and genetic information, and harm from access to large data repositories by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary.’