Biden Replaces TikTok and WeChat Bans with Broader Data Framework
17 June 2021
On 9 June, President Biden revoked three separate Trump administration executive orders that had aimed to prohibit transactions with TikTok, WeChat and eight other communications and financial technology software applications. The TikTok and WeChat EOs were issued in August 2020 and were both challenged in court, while the EO on the eight other firms was issued in the waning days of the Trump administration but the necessary implementing regulations were never issued by the Biden administration.
The new EO (EO 14034 – protecting Americans’ sensitive data from foreign adversaries) references EO 13873 of 15 May 2019 on securing the information and communications technology and services supply chain, which had led to regulations that designated mainland China as a foreign adversary in the ICTS supply chain.
EO 14034 asserts that certain connected software applications designed, developed, manufactured or supplied by mainland Chinese entities continue to threaten the national security, foreign policy and economy of the U.S. According to an accompanying fact sheet, it directs the use of a criteria-based decision framework and rigorous, evidence-based analysis to address the risks posed by ICTS transactions involving software applications that are designed, developed, manufactured or supplied by persons that are owned or controlled by, or subject to the jurisdiction of a foreign adversary that may present an undue or unacceptable risk to the national security of the U.S. and the American people. Although the EO could potentially apply to any foreign adversary, it only mentions mainland China.
EO 14034 sets forth criteria for determining the risk of transactions involving connected software applications, including ownership, control or management by persons that (i) support a foreign adversary’s military, intelligence or proliferation activities; (ii) are subject to coercion by a foreign adversary; or (iii) are involved in “malicious cyber activities”. Criteria of concern include use of the connected software application to conduct surveillance that enables espionage, including through a foreign adversary’s access to sensitive or confidential government or business information or sensitive personal data; a lack of thorough and reliable third-party auditing of connected software applications; the scope and sensitivity of the data collected; the number and sensitivity of the users of the connected software application; and the extent to which identified risks have been or can be addressed by independently verifiable measures.
President Biden’s interest in human rights represents a noteworthy departure from the Trump administration’s general approach. To wit, the new EO includes a paragraph specifying that the U.S. seeks to promote accountability for persons who engage in serious human rights abuse, nothing that “if persons who own, control, or manage connected software applications engage in serious human rights abuse or otherwise facilitate such abuse, the United States may impose consequences on those persons in action separate from this order.”
EO 14034 also directs the Director of National Intelligence to provide a threat assessment within 60 days to the U.S. Department of Commerce. The U.S. Commerce Secretary is then directed to provide a report within four months on how to protect against the unrestricted sale of, transfer of, or access to U.S. persons’ sensitive data, including personally identifiable information, personal health information and genetic information, as well as harm from access to large data repositories by persons owned or controlled by, or subject to the jurisdiction or direction of, a foreign adversary. Another DOC report due in six months would recommend executive and legislative action to address the risks posed by connected software applications.
- North America
- Mainland China