Bills targeting data brokers and TikTok approved in House committee

Avatar

The House Energy and Commerce Committee on Thursday approved two significant data privacy bills — one that would force TikTok to separate from its Chinese ownership or be stripped from app stores in the U.S. and a second that would block data brokers from selling or transferring Americans’ data to foreign adversaries.

The second bill also would give the Federal Trade Commission the authority to levy civil penalties of more than $50,000 each time a company violates the ban.

Civil liberties groups condemned the TikTok bill, saying it threatens freedom of speech. Meanwhile, privacy advocates cheered the advancement of the data broker bill, while lamenting that comprehensive federal data privacy legislation targeting data brokers’ treatment of Americans’ private data remains stalled nearly two years after it first passed out of committee.

The TikTok bill is the latest in a string of attempts by Congress to block the app, whose parent company, ByteDance, is based in China. Congressional and national security leaders have long worried about how the app siphons Americans’ data and spreads disinformation, calling it a tool of the Chinese Communist Party.

As it became clear that congressional support for what would be an effective ban on TikTok was gathering momentum Thursday, the app sent users a push notification warning that “TikTok is at risk of being shut down in the U.S.” and urging them to contact their congressional representatives as soon as possible.

Asked to comment on the bill, a TikTok spokesperson sent a statement saying the legislation has a “predetermined outcome: a total ban of TikTok in the United States.

“The government is attempting to strip 170 million Americans of their Constitutional right to free expression,” the statement added. “This will damage millions of businesses, deny artists an audience, and destroy the livelihoods of countless creators across the country.”

A ‘national security threat’

Committee members voted unanimously to approve both bills after hearing closed-door testimony from intelligence community leaders.

Some members sounded an alarm about TikTok after their briefing with intelligence officials in the minutes before they voted to advance the bill.

TikTok poses a “clear national security threat to the United States and necessitates the decisive action we will take today,” Committee Chair Cathy McMorris Rodgers (R-WA) said moments before the committee vote.

“We have given TikTok a clear choice: divest from your parent company, which is beholden to the Chinese Communist Party (CCP), and remain operational in the United States, or side with the Chinese Communist Party and face a ban,” she added.

Under the bill, TikTok would have 180 days to divest from ByteDance.

McMorris Rodgers called TikTok’s push notification “just a small taste of how the CCP weaponizes applications it controls to manipulate tens of millions of people to further its agenda.”

The legislation would not open the door to government meddling with apps without legitimate cause, McMorris Rodgers said. She said bans will require national security agencies and the Committee on Foreign Investment in the United States — part of the executive branch — to agree that an application controlled by a foreign adversary threatens national security. Such bans can only be issued against apps controlled by China, Russia, Iran and North Korea, she said.

Zeroing in on data brokers giving data to adversaries

The bill targeting data brokers also focuses on the national security threat posed by those four countries.

The committee’s top Democrat, Rep. Frank Pallone of New Jersey, called that legislation an “important and necessary bill given that even if TikTok and other foreign adversary controlled applications cease to operate in the United States, foreign adversary governments will still be able to purchase vast amounts of data about Americans through other means.”

Committee approval of the data broker bill comes a week after the Biden administration issued an executive order limiting data brokers and other companies from transferring bulk data on Americans to adversarial countries, including China.

Privacy experts called the bill an important step forward but warned that it is not enough.

“There is an urgent need to rein in data brokers, who are profiting off the sale of our most sensitive data and putting Americans at risk,” Alan Butler, the executive director of the Electronic Privacy Information Center (EPIC), said in a statement.

However, Butler said Congress must advance the larger comprehensive data privacy bill that has indefinitely lingered in the committee.

“It is long past time for Congress to enact comprehensive privacy protections that include a strong data minimization standard, protect civil rights online, and provide for robust enforcement to stop harmful commercial surveillance practices,” Butler said.

Brandon Pugh, policy director at the R Street Institute, echoed Butler’s concerns.

“There are a variety of ways this data can be used against Americans and cause national security risks, including when it is used to track and identify members of the military and intelligence community,” Pugh said via email.

He added that the “foundational solution is still to pass a comprehensive data privacy and security law, which would protect consumer privacy and strengthen national security. This can help ensure data is protected regardless of country or company.”

TechnologyPrivacyGovernment
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley

is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.

 

Total
0
Shares
Previous Post

Change Healthcare brings some systems back online after cyberattack

Next Post

Play ransomware leaked 65,000 Swiss government documents, investigation finds

Related Posts

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS
Avatar
Read More