US Should Improve CFIUS Authorities, Better Address China Data Risks, Former Official Says
Several former U.S. officials urged lawmakers this week to improve U.S. investment controls, including former National Security Council official Peter Harrell, who said Congress should further bolster the Committee on Foreign Investment in the U.S. to better restrict Chinese investments. Harrell said Congress should address limits on the ability of CFIUS to “review certain high-risk greenfield investments” by Chinese companies. “It's time to look, and for this committee to look, at continuing weaknesses in the CFIUS regime,” Harrell said during a Feb. 7 House Financial Services Committee hearing.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Harrell also said the U.S. needs a more “comprehensive approach to managing the data risks we face from Beijing,” including data collection efforts from Chinese-owned companies, such as ByteDance’s TikTok. President Joe Biden last year signed the first executive order to give specific presidential direction to how the U.S. conducts foreign direct investment reviews, a move officials hope will sharpen the committee's focus on investments involving personal data and other national security concerns (see 2209150053 and 2209260076).
But Harrell said the “simple reality is the U.S. does not currently have an effective legal regime to address and mitigate the data security risks we've received from” China.
Although the U.S. has “taken steps to reduce specific risks, such as targeting the presence of Huawei and 5G telecoms networks,” and by initiating a CFIUS review of TikTok’s U.S. operations (see 2212210007, 2211150009 and 2209260008), Harrell said, more can be done. “We need a strategy and new legislation to more effectively address data security risks across the board,” he said, “as well as a new domestic data privacy law to reduce the volume of data collected in the first place.”