Senator Ron Wyden (D-OR) proposed draft legislation that would limit the types of information that could be bought and sold by tech companies overseas, as well as the countries in which it could be legally sold. . The legislation is imaginative and not very precise, but it indicates a growing concern at the federal level regarding international data trade.
“Shady data brokers should not get rich by selling Americans’ private data to foreign countries that could use it to threaten our national security,” Senator Wyden said in a statement accompanying the bill. They probably shouldn’t get rich selling Americans’ private data, but national security is a good way to grease the wheels.
The US Foreign Surveillance Data Protection Act would be a first step towards categorizing and protecting consumer data as a product traded in the global market. At present, there are few, if any, controls over what data specific to a person – buying habits, movements, political party – can be sold abroad.
This means that, for example, an American data broker could sell the favorite brands and home addresses of millions of Americans to, for example, a Chinese bank doing investment research. Some of this trade is perfectly harmless, if not desirable, to promote world trade, but when does it become dangerous or exploitative?
There is no official definition of what should and should not be sold to whom, of how we limit the sales of certain intellectual property or weapons. The proposed law would first require the Secretary of Commerce to identify what data we should be protecting and against whom it should be protected.
The general form of protected data would be one that “if exported by third parties, could harm the national security of the United States.” Countries that would not have the right to receive them would be those with inadequate data protection and export controls, recent intelligence operations against the United States, or laws that allow the government to force them to transmit data. these informations. Obviously, this is aimed at countries like China and Russia, although ironically the United States does the job quite well on its own.
There would be exceptions for journalism and speech protected by the First Amendment, and for encrypted data – for example the storage of encrypted messages on servers in one of the targeted countries. The law would also create penalties for executives “who knew or should have known” that their company was illegally exporting data, and would create pathways for those injured or detained in a foreign country due to illegally exported data. This could be the case if, for example, another country used a US facial recognition service to locate, arrest and arrest someone before they left.
If it all sounds a bit woolly, it’s – but it’s more or less on purpose. It is not for Congress to invent the definitions necessary for a law like this; this duty rests with expert agencies, which must carry out studies and produce reports to which the Congress can refer. This law represents the first handful of steps in that direction: straightening out the general shape of things and giving a fair warning that certain classes of unwanted data trading will soon be illegal – with an emphasis on executive responsibility, which should raise awareness. technology companies. .
The legislation should be sensitive to existing provisions whereby companies divide the storage and processing of data for various economic and legal reasons. The free flow of data is to some extent necessary for businesses around the world that have to constantly interact with each other, and hampering these established processes with red tape or fees could be disastrous for some regions or businesses. Presumably all of this will happen over the course of the studies, but it serves to demonstrate that this is a very complex, if not delicate, digital ecosystem that the law would attempt to change.
We are in the early stages of this type of regulation, and this bill is only just beginning in the legislative process, so expect at least a few months before hearing anything more on this one.