America’s first data security executive order ... underwhelms

President Joe Biden issued an executive order last week targeting entities that affect every web user, whether they realize it or not. The order empowers the Justice Department to stop companies called data brokers from collecting and selling Americans’ personal data to “countries of concern” like China, Russia, Iran, North Korea, and Cuba.

What data brokers do: Compile massive amounts of sensitive user data (browsing history, biometric scans, geolocation) and sell it to advertisers. One study showed that Facebook took in personal data on a single user from 48,000 companies, a reflection of how the social media giant attempts to track down every detail of a potential consumer’s lifestyle and habits.

Why that’s dangerous: As AI improves, bad actors’ ability to sift through vast amounts of this data to track and pry into the personal lives of Americans — including service members and government officials — will also improve. The Biden administration is hoping to prevent “intrusive surveillance, scams, blackmail, and other violations of privacy.”

What’s missing: Concrete regulations, like Europe’s GDPR framework that requires explicit documentation on how all EU citizens' data is used and stored. Instead, the executive order empowers bureaucrats to start a complex and months long rule making process. We'll only know details about how the executive order will be enforced afterward.

When it comes to data, Americans are still living in the Wild Wild West. While this order aims to prevent privacy violations from some of America’s adversaries, there’s nothing stopping other countries, companies, and the federal government itself from doing the exact same thing.