Chinese leaders early on recognized the importance of data for artificial intelligence (AI). In 2015, officials announced incentives to treat data as a key factor of production. More recently, China became the first country to create official markets for data. Chinese policy makers developed standards that enabled private entities to claim data as an asset on balance sheets. But China may have made a data “misstep.” In 2014, Beijing announced that it would allow government agencies to share data about Chinese companies and citizens, create a centralized scoring mechanism to assess the financial creditworthiness of individuals and companies, and use that data to nudge citizens toward state-sanctioned “moral values.” Observers noted that the plan has yielded mixed results, and spillover effects such as corruption and distrust. Nonetheless, on April 1, 2025, the government announced new guidelines on the social credit system, intended to create a “unified national market.”
Although the Trump administration has worked to thwart China’s AI leadership, it is copying some aspects of China’s data policies by creating a unified federal data set. On March 20, 2025, President Trump signed an executive order to “eliminate information silos” across federal agencies by requiring that agencies share unclassified data with each other to fight fraud and waste. The White House has released few details about this “master database.” However, both The New Republic and The New York Times reported that the White House “tapped Palantir,” a large data analytics company, to build it. In the wake of rising public concern about its work, Palantir has claimed these reports are incorrect.
But such a data set risks Americans’ privacy and appears to violate US law. AI can make it easier to extract, re-identify and act on sensitive information about people such as their location or interests. The Privacy Act of 1974 sets limits on how and when US government agencies can collect and utilize data. Specifically, agencies must justify any “system of records,” limit how data can be used and grant individuals’ access to their files so mistakes can be corrected. With these privacy protections in place, Americans felt comfortable expressing their opinions and ideas.
Congress can build on this regulation by setting clear rules on how Americans’ personal data can be collected, stored and analyzed with AI and other sophisticated analytical techniques.
Moreover, a unified federal data set presents other problems for the American people. First, it is much easier to hack a unified data set than multiple agency data sets. Once information is hacked or stolen, malign actors could sell that information and/or use it to manipulate and target US individuals and groups. Second, without clear rules governing the creation and use of such data sets, US policy makers could use the data to create detailed profiles of Americans, as China is trying to do with its citizens under its social credit program. Administration officials could also target individuals or groups that are out of favour with the current administration.
Third, over the long term, if Americans feel their data is being exploited or misused, they may lie about their data or stop sharing it, which could, over time, compromise the accuracy, completeness and representativeness of federal data sets. If companies don’t believe federal data has integrity, they may be less willing to invest in US bonds. Finally, no one company should be granted access to information about US individuals, since it would give such a company a competitive advantage in data and access to data troves they should not collect, use, reuse or sell. The Digital Trade and Data Governance Hub has created a literature guide delineating the Trump administration’s efforts to create a data set, as well as documenting efforts to challenge its creation.
But there is a potential upside to the Trump administration’s attempts to create a unified data set. It could motivate Congress to finally update privacy laws for the information age and forbid the creation of such a data set. In March, Congresswoman Lori Trahan (D-MA) sought to catalyze these efforts when she wrote a letter seeking information from experts and citizens on how to re-evaluate the Privacy Act. Building on her findings, Trahan plans to focus on rules governing governmental use of personal information.
Ironically, the Trump administration recognizes data aggregation poses national security risks. In April, it issued rules governing foreign access to Americans’ data. The Data Security Program establishes a form of export controls that prevent foreign adversaries, and those subject to their control, jurisdiction, ownership and direction, from accessing US government-related data and bulk genomic, geolocation, biometric, health, financial and other sensitive personal data.
Congress can build on this regulation by setting clear rules on how Americans’ personal data can be collected, stored and analyzed with AI and other sophisticated analytical techniques. As the Center for Democracy and Technology has noted, the 1974 act allowed agencies to disclose personal information if the disclosure is “routine,” meaning compatible with the purpose for which it was collected. Future iterations of the act should limit such disclosure. Moreover, Congress must prohibit government use of personal data for tracking or discriminating against individuals. Congress should require the US government to report quarterly on how they use AI to analyze federal data sets containing personal information and delineate who is responsible for data use and reuse. Finally, Congress should learn from China and forbid the creation of a unified data set on Americans.
President Trump has declared that US leadership in AI is essential to America’s economic and national security. But leadership abroad in AI begins at home by protecting Americans’ personal data.
