The U.S. government's efforts to secure sensitive personal data against foreign adversaries, primarily with an eye toward China, continue.1 On June 9, 2021, President Joe Biden signed the Executive Order on Protecting Americans' Sensitive Data from Foreign Adversaries (E.O.), revoking a set of highly controversial Trump-era executive orders targeting Chinese-owned apps including TikTok and WeChat. The E.O. also directs the U.S. Department of Commerce to launch a national security review of apps with links to foreign adversaries and issue recommendations for regulatory and legislative action to "address the risks associated with connected software applications "designed, developed, manufactured, or supplied" by persons "owned or controlled, or subject to the jurisdiction or direction of" a "foreign adversary."
The following executive orders were revoked and replaced by the E.O.:
- E.O. 13942 of Aug. 6, 2020: Citing the national security threat posed by TikTok, such as affording the Chinese Community Party access to sensitive U.S. personal and proprietary information, President Donald Trump prohibited any transaction by any person, or with respect to any property, subject to the jurisdiction of the U.S., with ByteDance Ltd., the Chinese parent company of TikTok, or its subsidiaries.
- E.O. 13943 of Aug. 6, 2020: Citing the national security threat posed by the data collection practice of WeChat, a widely used messaging, social media, and electronic payment application, President Trump prohibited any transaction related to WeChat, by any person, or with respect to any property, subject to the jurisdiction of the U.S., with Tencent Holdings Ltd., the Chinese parent company of WeChat, or its subsidiaries.
- E.O. 13971 of Jan. 5, 2021: Citing the national security risks posed by certain Chinese connected software applications, President Trump barred any transactions with "persons that develop or control" the following apps of Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, WPS Office and their subsidiaries. (See Holland & Knight's previous alert, "Trump Administration Bans Transactions with Chinese Applications," Jan. 8, 2021.)
The June 9 E.O. highlights Biden's approach to assessing the national security risks posed by U.S. nationals' use of foreign-controlled communication software. In particular, the E.O. calls for a "rigorous, evidence-based analysis" in evaluating the national security threats associated with these apps and outlines a broad set of potential risk indicators. Such indicators include ownership, control or management by persons that support a foreign adversary's military, intelligence or proliferation activities; use of the connected software applications to conduct surveillance that enables espionage, including through a foreign adversary's access to sensitive or confidential government or business information, or sensitive personal data; ownership, control or management of connected software applications by persons subject to coercion or cooption by a foreign adversary; control or management of connected software applications by persons involved in malicious cyber activities; a lack of thorough and reliable third-party auditing of connected software applications; the scope and sensitivity of the data collected; the number and sensitivity of the users of the connected software application; and the extent to which identified risks have been or can be addressed by independently verifiable measures.
Compared to the revoked executive orders, some of which are facing messy legal fights in court, this E.O. likely is better positioned to withstand legal scrutiny.2 As an aside, administration officials have stated that the E.O. would not affect Committee on Foreign Investment in the U.S. (CFIUS) review of the divestment of TikTok by ByteDance. "The CFIUS action remains under active discussion by the U.S. government."3
Notably, the E.O. also ties in human rights abuses and suggests that the U.S. government seeks to promote accountability for persons who own, control or manage connected software applications when such applications are used to violate human rights. This is in line with the Biden Administration's focus on human rights.
The E.O. sets in motion a 120-day period at the end of which the Secretary of Commerce will provide a report of recommendations to protect U.S. data acquired or accessible by companies owned or controlled by foreign adversaries. Within 180 days of the issuance of the E.O., the Secretary of Commerce also will offer recommendations concerning additional executive and legislative actions to address the risks posed by such applications. Although it is unclear what specific recommendations Commerce would provide at the end of the review period, senior administration officials have emphasized the Biden Administration's commitment to ensuring the protection of Americans' data and suggested a wide range of actions can be negotiated or imposed.
Given bipartisan support for decreasing U.S. reliance on China in the information and communications technology and services (ICTS) supply chain as well as the fact that China was specially called out in the statement issued by the White House in conjunction with the E.O., we anticipate a heightened scrutiny of communication applications having a China nexus.
1 The U.S. Department of Commerce designated the People's Republic of China, including the Hong Kong Special Administrative Region (China); the Russian Federation; Iran; North Korea; Cuba and the Venezuelan politician Nicolás Maduro as foreign adversaries. See "Securing the Information and Communications Technology and Services Supply Chain," Interim Final Rule, 86 Fed. Reg. 4909, 4911 (Jan. 19, 2021).
2 The WeChat case is U.S. WeChat Users Alliance et al. v. Donald J. Trump et al., case number 3:20-cv-05910, in the U.S. District Court for the Northern District of California. The appeal is case number 20-16908 in the U.S. Court of Appeals for the Ninth Circuit. The TikTok case is TikTok Inc. et al. v. Donald J. Trump et al., case number 20-5302, in the U.S. Court of Appeals for the D.C. Circuit.
3 See "Biden Revokes Trump's TikTok and WeChat Bans, but Sets Up a Security Review of Foreign-owned Apps," The Washington Post, June 9, 2021