The Chinese Communist Party (CCP) may not need TikTok to harvest troves of sensitive data on US citizens if Beijing can continue to commercially purchase Americans’ data instead — as our laws currently allow. The present risks of our citizens’ data being sold to foreign governments are grossly underappreciated. Although plugging this gaping hole in our data security touches on a range of hot-button issues, banning the sale of sensitive American data to adversarial governments should be an obvious priority for quick, decisive action.

The concern centers on “data brokers” — companies that purchase, aggregate, analyze, and sell data on (usually unwitting) populations around the world. The multibillion-dollar industry’s shady reputation for hoarding information on individuals has led these companies to be described as “the middlemen of surveillance capitalism,” and it has garnered considerable concern over complex issues related to consumer privacy, civil rights, and democracy more generally. These broader issues are undeniably complex and should be dealt with carefully. But the national security dimension of data brokering is pretty straightforward: Selling Americans’ sensitive data to unfriendly foreign governments is a pressing security threat that should not be permitted.

The scope of the problem is considerable. As far back as 2014, the Federal Trade Commission reported that just one of these data brokers already had “3000 data segments for nearly every U.S. consumer”; another had “information on 1.4 billion consumer transactions and over 700 billion aggregated data elements.” These brokers’ insights into Americans’ health, travel, and finances are growing at astonishing rates, and they can be used for a host of nefarious blackmailing purposes — or to gain concerning insights, such as when The New York Timesused purchased data to construct a near real-time feed of the location of then-President Trump’s security detail in 2019. 

Unsurprisingly, China already steals the type of bulk data sets on Americans that data brokers sell. In July of last year, FBI Director Christopher Wray noted, “If you are an American adult, it is more likely than not that China has stolen your personal data.” Indeed, one of the largest Chinese hacks of Americans’ personal data was that of Equifax, a leading data broker, resulting in the PRC gaining information on almost half of all Americans. The CCP theoretically could have legally purchased the same information, probably with greater ease. We also know from the Director of the United States National Counterintelligence and Security Center that China is using both “legal and illegal means” to collect bulk personal data of the sort sold by data brokers.