Introduction
President Joe Biden issued an Executive Order on Feb. 28, 2024, designed to protect Americans' data security by, among other things, directing the U.S. departments of Health and Human Services, Defense and Veterans Affairs to help ensure federal grants, contracts and awards are not used by "countries of concern" to facilitate access to Americans' health data. It authorizes the U.S. Attorney General to prevent the large-scale transfer of Americans' personal data to countries of concern and provide safeguards around other activities that could give those countries access to Americans' sensitive data.
The Executive Order comes on heels of congressional action designed to prohibit government contracts with specific companies because of congressional unease over whether these companies' have relationships with the People's Republic of China and the Chinese Communist Party.
The Executive Order
The President's Executive Order focuses on information, including genomic data, biometric data, personal health data, geolocation data, financial data and certain kinds of personally identifiable information.
Specifically, the Executive Order:
- requires the U.S. Department of Justice to issue regulations that "establish clear protections for Americans' sensitive personal data from access and exploitation by countries of concern." These protections will extend to genomic data, biometric data, personal health data, geolocation data, financial data and certain kinds of personal identifiers.
- requires the departments of Justice and Homeland Security to work together to set high security standards to prevent access by countries of concern to Americans' data through other commercial means, such as data available via investment, vendor and employment relationships
- requires the departments of Health and Human Services, Defense and Veterans Affairs to help ensure that federal grants, contracts and awards are not used to facilitate access to Americans' sensitive health data by countries of concern, including via companies located in the United States
The BioSecure Act
Recently, a bipartisan group in Congress led by Representatives Mike Gallagher (R-Wis.) and Raja Krishnamoorthi (D-Ill.), introduced the BioSecure Act, (the Act, HR 7085). Gallagher and Krishnamoorthi are the Chair and Ranking Member, respectively, of the House Select Committee on the Chinese Communist Party.
Although the committee has been actively working on issues relating to the threats posed by the People's Republic of China for several months, the Act goes a step farther. Specifically, unlike previous legislative efforts, the Act names certain companies and their subsidiaries, parent affiliates or successors as "biotechnology companies of concern." It also includes in that definition any entity that is subject to the jurisdiction, direction, control or operates on behalf of the government of a foreign adversary.
With a few limited exceptions, the Act prohibits the federal government from contracting with those companies to procure or obtain any biotechnology equipment or service produced or provided by these companies. It also bans contracting with entities that use such equipment or service or that will require direct use of such equipment or service. In addition, federal agencies may not obligate or expend loan or grant funds for such purposes. Under the Act, federal agencies may waive the prohibitions on a case-by-case basis under specified circumstances and the Office of Management and Budget must develop and periodically update a list of the entities that constitute biotechnology companies of concern.
The Act is a congressional response to the concern that some biotech companies that have access to genetic data may have relationships with the People's Republic of China and the Chinese Communist Party that pose a national security risk.