Metronet customers restored after Twin Cities weekend internet outage

Privacy and data protection have been an issue as long as data has been aggregated. However, this problem has increased exponentially in recent decades as technologies such as personal computers, the Internet, and smartphones have become ubiquitous.

Initially, the nature of this data was uncertain, making it difficult to draft regulations, but over the past 10 years there have been more calls for action to protect the data collected about individuals, both for their own safety and that of governments and organizations. A huge step towards more comprehensive data privacy regulations was the implementation of the European Union’s General Data Protection Regulation in May 2018, which contains hundreds of regulations on what data can and cannot be collected about individuals, such as such data can be archived and for as long.

In the United States, data privacy has mostly been viewed through very specific lenses, targeting issues such as medical privacy and government-held data. Increasingly, concern that foreign governments might gain access to data generated on social media and other web-based platforms by Americans has come to the fore in policy discussions, causing the introduction of a slew of data-related laws and to social media.

More recently, the social media platform TikTok, owned by parent company ByteDance, has come under national legislation. TikTok CEO Shou Chew testified before Congress on March 23, 2023 and asked many questions about the Chinese government’s ability to access data about users in the United States. and, since the social media platform is a wholly owned subsidiary, he appoints its executive board, thus placing the platform under Chinese oversight.

In February and March 2023, two pieces of data protection legislation were introduced in Congress: the DATA Act and the RESTRICT Act. Since their introduction, the RESTRICT Act has been labeled a “tikTok ban,” as it would allow the federal government to potentially remove TikTok from access by US users. Stacker investigated how the so-called “TikTok ban” and other proposed social media and data regulations could limit Internet use by speaking with an expert at the Electronic Frontier Foundation and consulting various news and legislative sources.

What are RESTRICT and DATA deeds?

The RESTRICT Act and the DATA Act are additional regulations proposed with the intention of protecting data privacy and national security.

The DATA Act requires the executive branch to prohibit or heavily regulate various business transactions and access to software if they are related to or originate from China. The president is responsible for deciding what actions should be taken to prevent individuals and companies from communicating or doing business with Chinese entities that could jeopardize national security.

The RESTRICT Act is a little more restricted. It allows the secretary of commerce to identify and investigate information technology companies held by foreign adversaries, which the bill defines as China, Cuba, Iran, North Korea, Russia and Venezuela. It also says the Commerce Department would be empowered to “identify, deter, disrupt, prevent, prohibit, investigate and mitigate” any uncovered national security risk. Permitted mitigation measures are not defined in the bill.

How would these rules be enforced?

Due to the vagueness of these bills, it is not entirely clear how the regulations will be enforced; however, both would be managed somewhere in the executive branch. The DATA Act proposes no mechanism to enforce restrictions on data and digital products from China, but it does give that authority directly to the president without requiring an investigation, making it “likely unconstitutional on the surface,” according to David Greene, a civil liberties lawyer director of the Electronic Frontier Foundation. The RESTRICT Act details numerous criminal penalties for attempting to conduct business or access software restricted by the bill.

“At least for his tongue, [the RESTRICT Act] says it is a crime to circumvent any mitigation measures. And we don’t know what those mitigation measures are,” Greene said. “I think the language leaves open the possibility of including things like if an app is banned for import into the US, if you use a VPN to download a app … conceivably, that would violate the technical language of the law and be a federal crime.”

Current penalties for such violations, as outlined in the RESTRICT Act, include up to 20 years in prison, $250,000 in fines and forfeiture of property.

What would be the immediate impact on users if one of the invoices were approved?

“I think the most immediate impact a user would feel is that some apps would just disappear from app stores and some devices would be unavailable,” said Greene, who said that if users already owned a device that was banned, They would likely not be able to receive service for that technology if they owned a Huawei phone that was banned for being made by a Chinese company, for example. In turn, users who have already downloaded the TikTok app on their phones may still be able to use the app to some extent, but would no longer receive software updates and would likely not be available in app stores if the user would like to re-download it.

From a trade point of view, the DATA Act is concerning because it specifically prevents trade transactions with China. This could mean widespread bans on activities such as manufacturing and shipping to and from China, and even prevent companies from hiring anyone who is a Chinese resident or citizen. It’s also important to note that apps and products aren’t the only things the US government may restrict under these regulations. Both bills mention “information”, which could be defined very broadly to prevent access to certain websites or even specific content on social media platforms that are not prohibited entirely, such as Facebook, Twitter and YouTube.

What are the alternatives to this type of legislation that would still protect national security?

Greene suggested that a more direct solution to the fear of data being obtained by foreign adversaries would be to pass comprehensive data privacy regulations in the U.S.

“The goal is really to limit how much information companies are able to collect, store and use in the first place, rather than focus on what they do with it after they collect, store and use it,” Greene said.

Furthermore, Greene pointed out that even if the United States passes the DATA Act, the RESTRICT Act or similar legislation, much of the data collected on social media and other Internet platforms is available for purchase through data brokers: “So When we say this is best addressed by comprehensive data privacy legislation, what we’re really saying is: if you’re concerned about companies passing information on to a foreign adversary, then what you would be doing is targeting your regulation at companies in first, not what happens in the backend.”