On June 9, 2021, President Biden signed Executive Order (“E.O.”) 14034, which revokes three Trump-era E.O.s restricting TikTok, WeChat and eight other Chinese communication and financial applications. Specifically, the new E.O. revokes previous E.O.s 13942, 13943, and 13971, which blacklisted certain Chinese apps. President Biden’s new E.O. provides a different approach, establishing a review process that may result in other types of restrictions on data transfer to Chinese parents.
1. Lifting of E.O.s Targeting TikTok, WeChat and Chinese Pay Apps
E.O.s 13942 and 13943 authorized the Secretary of Commerce to take steps to restrict U.S. persons from certain identified transactions with TikTok and its parent company ByteDance and WeChat and its parent company Tencent, respectively. More information regarding these Orders is available in our prior client alert. The restrictions against U.S. persons set forth in the TikTok- and WeChat-related E.O.s were not previously implemented, as they were challenged in federal court in the District of Columbia and Northern California, respectively, and subsequently subject to an injunction preventing their implementation.
E.O. 13971, described in another prior client alert, authorized the Secretary of Commerce to issue restrictions on any transaction subject to the jurisdiction of the United States with persons that develop or control the following Chinese apps, or with their subsidiaries: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office. The Biden administration, however, never announced the particular transactions to be prohibited and the specific persons to which the restrictions would apply.
2. A New Approach to Addressing Data Flow to China
President Biden’s new E.O. puts a hold on the sanctions authorized by the prior Orders for now and replaces them with a review process to evaluate foreign adversary connected software applications pursuant to certain identified criteria. The E.O. directs the Department of Commerce to review “foreign adversary connected software applications” under the rules published to implement President Trump’s May 2019 order, E.O. 13873, directing the Department of Commerce to review transactions that risk sabotage of U.S. telecommunications, critical infrastructure, digital economy, national security, or the security and safety of U.S. persons.
The new E.O. expands the criteria the Biden administration will consider in determining whether to impose future restrictions. Under the prior E.O., the administration was to impose restrictions if it identified a risk of sabotage to information or communication technology, the potential for catastrophic effects on U.S. critical infrastructure or the digital economy, or an otherwise unacceptable risk to U.S. national security or the security of U.S. persons. The new E.O. instructs the administration to also consider ownership, control, or management of connected software applications by persons subject to coercion or cooption by a foreign adversary; ownership, control, or management of connected software applications by persons involved in malicious cyber activities; a lack of thorough and reliable third-party auditing of connected software applications; the scope and sensitivity of the data collected; the number and sensitivity of the users of the connected software application; and the extent to which identified risks have been or can be addressed by independently verifiable measures. The E.O. also instructs the administration to consider whether an application is owned, controlled or managed by persons who engage in human rights abuses.
3. Potential Future Restrictions
Following this review, the Commerce Department may take new actions against targeted connected software applications, potentially restricting U.S. persons from engaging in certain transactions with any identified foreign parties. Beyond establishing this review process, the E.O. requires various Cabinet officials to provide a report to the National Security Advisor within 60 days to advise on how to protect U.S. persons from harm related to foreign adversaries’ access to large amounts of personal data and recommend executive and legislative action to resolve these harms within 180 days. As a result, it is possible we will see new restrictions on the maintenance and use of apps owned by Chinese companies, potentially including restrictions on data transfer and access to user information.
Click here to download this article.