Cybersecurity Law: TikTok Sale, Data Privacy, and Information Sharing Bills

TikTok Sale and National Security Concerns

• 🔒 The US law requiring TikTok's sale to US investors, aimed at mitigating national security risks from Chinese ownership, has faced legal challenges and enforcement delays.
• 🤝 A proposed deal involves a US-led investor group acquiring a majority stake, but ByteDance retaining control over the algorithm, raising concerns about true divestment.
• 💰 The investor group includes prominent allies of the president, leading to accusations of "crony capitalism" due to the lack of a competitive bidding process.
• ⚖️ While the deal aims to satisfy legal requirements, critics argue it doesn't fully address Congress's original intent to sever ties with the Chinese government.

Women's Health Apps and HIPAA's Limitations

• 📱 Period tracking and other women's health apps are not covered under HIPAA because they are not considered "covered entities" like doctors or hospitals.
• ⚠️ This lack of protection leaves sensitive health data vulnerable to potential use by law enforcement, especially in the post-Roe v. Wade era.
• 🏛️ Recent Biden administration efforts have added a provision to HIPAA prohibiting covered entities from releasing reproductive health information for investigations, but the broader issue of app data privacy remains.
• ⚖️ States are beginning to address this with patchwork legislation, such as bills to ban police access to period tracking app data during searches, but federal action is lacking.

Cybersecurity Information Sharing Act (CISA) Renewal

• 📄 The Cyber Security Information Sharing Act of 2015 (CISA 2015), which facilitates threat information sharing between the private sector and government with liability protections, is nearing expiration.
• 🚫 A single senator, Rand Paul, is blocking its reauthorization due to libertarian concerns about privacy and the First Amendment, despite broad bipartisan support.
• ⏳ Efforts to extend CISA 2015 through continuing resolutions or the National Defense Authorization Act have been unsuccessful, highlighting the power of individual senators in the legislative process.
• 📉 Without renewal, companies may reduce information sharing due to potential liabilities, weakening overall cybersecurity defenses.

Potential Solutions and Future Outlook

• 🔒 Individuals can protect their data by using manual tracking methods, researching apps with strong privacy policies (like those based in the EU under GDPR), or employing device-level security features like app deletion triggers.
• ⚖️ Policy solutions at the state level include banning the sale of personal health information by data brokers and enacting location shields around health clinics.
• 🌐 The primary drivers for enhanced privacy protections are likely to be state governments and potentially federal agencies like the FTC, given the current political climate.
• 🚨 A major cyber breach occurring during CISA's lapse could catalyze political will for its reauthorization.