In a landmark vote Wednesday, the U.S. House of Representatives unanimously approved a measure that would restrict the sale of Americans’ data to adversarial nations, but privacy groups that for years have pushed Congress to take action against the data brokers industry remain largely unimpressed by the measure.

If it becomes law, the Protecting Americans’ Data from Foreign Adversaries Act of 2024 would arguably represent the most significant step Congress has ever taken to curtail the activity of companies that harvest personal information and offer it up for sale. It follows an executive order that bars the sale of sensitive data to a half-dozen countries and comes amid an intense debate on Capitol Hill over legislation to force China-based ByteDance to sell TikTok or be banned in the United States.

Both the executive order and the effort to force a divestiture of TikTok have garnered more attention than Wednesday’s bill that passed the House by a vote of 414-0.

Privacy advocates welcomed the measure but said it is inadequate to address the harms of an out-of-control data broker industry. Eric Null, co-director of the Center for Democracy and Technology’s Privacy & Data Project, described the bill as “undoubtedly a step forward for Americans’ privacy” but said “the fight is far from over.”

“Congress still has not passed a comprehensive privacy bill, which is vastly overdue, and which could better protect Americans’ data against a variety of harms by reducing the overall amount of data in the online ecosystem, instead of placing limits on one particular type of data sale between specific entities,” Null said.

Fight for the Future, a digital rights group, has criticized the TikTok bill as a ham-fisted attempt to address a small slice of a privacy issue while failing to ameliorate broader harms.

“It seems to follow the same logic that government surveillance and data privacy issues are something that happens over there in ‘those’ countries,” said Evan Greer, director of the group.

Meanwhile, she said, domestic data brokers have done things like sell the information of people in the United States seeking reproductive health care to anti-abortion groups. She said it’s not constructive “whenever we’re trying to make tech policy by ramming it through whatever the most politically expedient messaging is at the time and end up with half-baked solutions, or solutions that do more harm than good.”

The bill’s chief sponsors indirectly acknowledged the criticism about whether it goes far enough in a statement Wednesday.

“Today’s overwhelming vote sends a clear message that we will not allow our adversaries to undermine American national security and individual privacy by purchasing people’s personally identifiable sensitive information from data brokers,” said Reps. Frank Pallone,D-N.J., and Cathy McMorris Rodgers, R-Wash., in a joint statement. “We’re encouraged by today’s strong vote, which should help build momentum to get this important bipartisan legislation, as well as more comprehensive privacy legislation, signed into law this Congress.”

If it became law, the legislation would represent the most sweeping federal data broker rules passed by Congress that industry would have to contend with, said Cobun Zweifel-Keegan, the Washington D.C. managing director for the International Association of Privacy Professionals.

Unlike the Biden administration’s executive order, the bill doesn’t have guardrails in place for “onward transfers” that would restrict the ability of data brokers to sell a dataset to one entity only for that entity to sell it onward to adversaries like Russia or China, said Zweifel-Keegan, whose organization is policy-neutral.

Wednesday’s resolution is one of several Congress has considered in recent years to impose limits on the use of commercially available data. During debate late last year over controversial spying authorities that were due to imminently expire, the House contemplated a bill that included language that would prohibit U.S. law enforcement and intelligence agencies from purchasing sensitive data from brokers without a court order. Congress passed a straight short-term extension of the spying authorities law through April 19 that didn’t include that language, however.

The bill now moves to the Senate, where its fate is uncertain. The Senate Commerce Committee has long investigated data brokers, Zweifel-Keegan noted, and “restrictions on data brokers could be more palatable in the Senate than [TikTok] divestiture legislation,” he said. But Senate floor time is harder to obtain than in the House.

Still, the legislation is part of a positive trend that includes things like the executive order, said Null.“We’re sort of seeing an increasing movement toward protecting people against these sort of misuse of data brokers,” Null said, adding that “they’re particularly unsympathetic parties.”

“Short of passing comprehensive privacy legislation, we’re at least going to plug some holes,” he said.

The post House-passed data privacy bill doesn’t thrill privacy groups appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Expert Warns of Growing Android Malware Activity

February 26, 2024 0 Comments 0 tags

Kaspersky said that in 2023, the number of mobile attacks soared to nearly 33.8 million

CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

March 14, 2024 0 Comments 0 tags

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of

Using LLMs to Unredact Text

March 11, 2024 0 Comments 0 tags

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.