European Data Brokerage Practices Pose National Security Risk to U.S.
Brussels - A recent data-selling scandal involving irish data broker DataBrokerage has spotlighted a growing concern: the potential for sensitive U.S. personal and government-related data to fall into the hands of countries of concern via European intermediaries. The incident, where DataBrokerage offered location data from hundreds of millions of people, including U.S. military personnel and government employees, for sale, underscores a “third-country security risk problem” that U.S. officials are increasingly focused on.
The vulnerability stems from the proliferation of data brokers operating within Europe, coupled with reported increases in Russian front companies and illicit relationships, especially in countries like Turkey, facilitating sanctions evasion. While the U.S. has implemented regulations-stemming from legislation enacted in 2024-to restrict the direct sale of sensitive data to nations like China, these rules are circumvented when data is first sold to European brokers.
U.S. officials believe a collaborative approach with European allies is crucial to mitigating the risk. The ideal solution involves Europe enacting its own robust data protection laws and enforcement mechanisms. The U.S. aims to communicate the specific threat landscape to Europe, tailoring concerns to resonate with European priorities, such as threats originating from Russia and the protection of EU citizen data. many European capitals have historically expressed skepticism towards U.S. assessments of risks posed by China, but share concerns regarding Russia.
The United Kingdom is taking a proactive step, establishing a regulatory program focused on data brokers and national security, with the Department of Science, Innovation and Technology currently soliciting evidence. This program may draw from the U.S. model implemented by the Department of Justice, which regulates bulk data transfers and data brokerage. Though, current “fractured partnerships” between the U.S.and the U.K. raise questions about the extent of future collaboration.
IrelandS examination into DataBrokerage is hoped to spur wider discussion and action across Europe, as U.S. government personnel remain possibly vulnerable while awaiting European regulatory responses.
