Person pointing at tablet screen with padlock icon showing data transfer of sensitive data

Unpacking the Executive Order on Data Privacy: A Deeper Dive for Industry Professionals

“Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern.” 

That’s the title of a new executive order which has sent ripples through the data privacy community.

Aimed at restricting the flow of sensitive American data to “countries of concern” like China and Russia, this decree, signed by President Biden in February, has been framed by some as a step toward safeguarding the personal data of U.S. citizens from foreign threats. However, for us veterans in the data privacy space, the implications of this order require a closer examination—not just for what it accomplishes, but for the significant gaps it leaves unaddressed.

Strengthening borders around data

At its core, the executive order is a protective measure, a fortification of America’s digital borders against specific external threats. It recognizes the value and vulnerability of personal data. Data is both currency and a weapon in the global digital economy.

For privacy professionals, the order underscores the ongoing challenge of protecting sensitive information against increasingly sophisticated threats. That’s important, and shouldn’t be overlooked.

Yet the White House has admitted that this order isn’t a silver bullet for all the nation’s data privacy challenges. That candor is striking. It echoes a sentiment familiar to many of us in the industry: the complexities of protecting personal information in the digital age cannot be fully addressed through singular measures against external threats. Instead, this task requires a long-term, thoughtful, multi-faceted approach – one that also confronts the internal challenges to data privacy posed by Big Tech, domestic data brokers, and foreign governments that exist outside of the designated “countries of concern” category.

The missed opportunities

While the executive order tackles the issue of data transfer to a number of political adversaries, it stops short of addressing challenges facing data privacy today.

What about the domestic exploitation of personal data?

The extensive collection, usage, and sale of personal data by domestic entities—including but not limited to Big Tech companies, data brokers, and third-party vendors—poses significant risks. These practices often lack transparency and accountability, fueling privacy breaches, identity theft, and eroding public trust and individual autonomy.

In the past year alone, Americans’ mental health data and sensitive location data was sold without consent, biometric data was collected without adequate safeguarding procedures in place, and consumers’ private videos were unlawfully accessed and surveilled.

This is a critical gap in the broader fight for data privacy and protection. Privacy professionals are left grappling with the complexities of a marketplace that prioritizes profit over privacy.

So, given the executive order’s limitations, the responsibility falls on us, as data privacy professionals, to set the tone. The decree serves as a reminder of the need for vigilance and innovation in protecting personal information. We must advocate for broader changes that encompass the realities of data privacy, extending beyond the threat of foreign interference to the domestic brands and businesses that routinely trade and manipulate consumer data to drive the marketing and advertising machine.

Cultivating a privacy-first culture

The executive order is a step, albeit limited, towards recognizing and acting upon the vulnerabilities inherent in our digital ecosystem. However, it also serves as a call to action for data privacy professionals. It is up to us to push the envelope, advocating for more robust protections that consider the full spectrum of data privacy challenges.

In this context, the responsibility to protect personal information becomes a shared endeavor. It involves developing internal policies and practices that not only adhere to existing laws but also embody a proactive stance on privacy. This entails building privacy considerations into the design and operation of our digital services and products, ensuring that privacy and respect are integral and essential features, rather than an afterthought.

We should also advocate for industry-wide commitments to ethical standards that respect and protect the privacy of individuals. This protection is a fundamental component of a trust-based relationship between businesses and consumers. It often feels that brands need to be reminded of this.

Moving forward with a unified vision for privacy

For now, the executive order reminds us that while laws and regulations play a critical role in shaping the landscape of data privacy, the heart of privacy protection lies in the collective commitment of individuals and businesses to prioritize and respect privacy in every aspect of our digital lives.

It’s time to change the narrative around data privacy. By championing privacy as a fundamental value that guides our business actions and decisions, we can contribute to creating a digital ecosystem that respects individual rights, fosters trust, and promotes a culture of privacy that benefits everyone.

Our role here is crucial, and we must challenge ourselves to be more than mere implementers of policy. Instead, it’s up to us to advocate for a more inclusive and comprehensive approach to data privacy that respects individual rights, from the ground up, for every American.