The laws already in California and Vermont do not put any meaningful controls on companies selling, licensing and otherwise sharing Americans’ sensitive data on the open market—and the new bills are no different.
Justin Sherman is a fellow at the Atlantic Council's Cyber Statecraft Initiative, a research fellow at the Tech, Law & Security Program at American University Washington College of Law, and a cyber policy fellow at the Duke Tech Policy Lab. He was previously a cybersecurity policy fellow at New America and a fellow at Duke Law School's Center on Law & Technology.
Subscribe to this Lawfare contributor via RSS.
Rather than focusing on single vectors of data collection and transmission, the U.S. government must respond comprehensively to the many vectors of data collection, aggregation, buying, selling and sharing that pose risks to national security.
The FCC issued an order barring China Telecom from providing telecommunications services in the United States.
The trend underscores the broader threats posed by the unregulated data brokerage ecosystem to civil rights and national security.
Huawei has not dominated recent headlines nearly as much as it did under the Trump White House. Yet that does not mean the U.S. campaign against Huawei has stopped.
CFIUS forced a Chinese firm to sell Grindr in 2019. Yet the application is sharing data widely today, including to a company in China.
Some U.S. laws and documents provide a foundation. But is a distinction between “data brokers” and the practice of “data brokerage” the right approach?