This panel hosted by the Cross-Border Data Forum (CBDF) on 5 November 2025 brought together four experts to discuss a new law review article, “Personal Data as a Dual-Use Technology: Critically Assessing the New Alliance of Privacy and National Security,” by Peter Swire (J.Z. Liang Chair at the Georgia Tech School of Cybersecurity and Privacy, Alston & Bird Senior Counsel and Research Director at CBDF) and Samm Sacks (Professor at the Yale Law School Paul Tsai China Center and Senior Fellow at CBDF).
The article introduces the concept of personal data as a dual-use technology and explores the potential for a new alliance between privacy and national security. Swire and Sacks welcome Alex Joel (Senior Project Director and Resident Adjunct and Professor at the American University of Washington College of Law) and Anupam Chander (Scott K. Ginsburg Professor of Law and Technology at the Georgetown University Law Center), who share their observations and comments on the analysis and foster a discussion on the interplay between privacy and national security.
Episode Highlights:
[00:00] – Introduction and presentation of the experts
[01:17] – Introduction on the analysis published by Peter Swire and Samm Sacks
[10:23] – Analysis and commentary by Samm Sacks on China
[15:43] – Alex Joel’s perspective on theories presented by Peter Swire and Samm Sacks
[27:14] – Anupam Chander’s perspective on theories presented by Peter Swire and Samm Sacks
[40:27] – Peter Swire’s remarks on guests’ comments
[41:45] – Questions from the audience
Quotes:
Samm Sacks: “When the U.S. Department of Justice’s Data Security Program was unveiled, along with the Protecting Americans’ Data from Foreign Adversaries Act (PADFAA), the response from many Chinese experts, watching this from afar, was, is this the end of the U.S.’s longstanding position on data free flows.”
Samm Sacks: “At the same time, the U.S. is moving more towards a national security perspective on regulating data. The Chinese government for their part, has been overhauling their approach to cross border data transfers, in ways that reveal a surprising convergence.”
Samm Sacks: “The U.S., a default of free transfers, and China, a default of all data being stored locally with less permission granted.”
Samm Sacks: “We need to situate the discussion of data transfers to countries of concerns or adversaries within a broader debate in Washington related to China’s access to U.S. technology. That debate is live and ongoing. Not just in terms of where to draw the line, as far as what kinds of technology China can have access to, but what are the ripple effects of U.S. national security on competitiveness, and in maintaining a broader objective of having an open, global, and secure internet, in the data intensive technologies that come along with it.”
Alex Joel: “I think there are concerns raised about the compliance burden on U.S. companies. This is going to be a lift for them, to figure out how these rules apply, of course many companies do business in China, so how these companies figure out what they can and can’t do, and what the requirements are, for example for restricted transaction [is a challenge].”
Alex Joel: “Step no.1 to compliance with all the myriads of privacy laws regulations is knowing your data.”
Alex Joel: “If we are going to restrict foreign investment, then we should also restrict foreign purchases, if both of those create risk to national security.”
Alex Joel: “It’s this idea that, yes, we want data to flow freely, among trusted democracies that operate under the rule of law, or other strategic partners who have in place certain protection, and we feel we are generally aligned with our security posture. I support that idea, that we need to figure out how we can establish a trusted framework for cross border data flows, so that there is the ability to find ways to trust a partner, with the access to data, which means that some countries are going to be outside of that circle of trust.”
Alex Joel: “Is identifying only [the six counties listed on Protecting Americans’ Data from Foreign Adversaries Act (PADFAA)] the way to go? Is expanding the list to the whole world the way to go? I think we need to fit this into a broader strategic vision of where we are going. One of those issues is, what is the path that a country on the list has to get off the list. Are these countries going to be forever on the list, or are we going to create an incentive for that country to adopt different rules, and change their practices so that they can get off the list, and what are we going to do with everybody else?”
Anupam Chander: “National security can swallow up nearly all modern trade, from goods (every good with a chip inside) to services (every app on your phone).”
Anupam Chander: “There are descriptions [in Peter Swire and Samm Sacks’ paper] that are super alarming. I was alarmed before, I am now more alarmed after reading the paper.”
Anupam Chander: “[The TikTok case is an incredible reminder] of the incredible things that we are doing in the name of national security. (…) What we’ve done with the TikTok case, is that we’ve created a new model.”
Peter Swire: “Maybe Samm Sacks and I positioned ourselves exquisitely in the middle in the following sense: Alex Joel read the paper and liked it because it shows the need to greatly expand the national security regulatory regime, and Anupam Chander read the paper and showed how it’s an enormous overreach to have this national security, and both Alex Joel and Anupam Chander said they liked [the paper].”
Peter Swire: “We find ourselves poised between recognizing national security risks and worrying about overregulation, which is a normal place to be, but I think that the facts will change from time to time. It will be time for when the national security arguments on the facts and the adversaries will be more compelling, and you’re more likely to say ‘yes, let’s regulate’, and there is going to be times when we say ‘we can let the toasters [that constantly process all citizens’ personal data] go’”.
Peter Swire: “If we have an intellectual framework to work it through it, maybe that’s a contribution professors can do”.
Summary:
In this webinar, Peter Swire and Samm Sacks outline the key points of their analysis on personal data as a dual-use technology and examine how privacy protection intersects with national security. Peter Swire presents the issues identified in their study, the relevant legal theories and interpretations, and potential solutions, before handing over to Samm Sacks, who examines how these considerations are perceived in China and compares the U.S. and Chinese regimes on privacy and data protection, cross-border data transfers, and the protection of national security.
In the second part of the webinar, guests Alex Joel and Anupam Chander share their observations on Peter Swire and Samm Sacks’s analysis, addressing possible schools of thought – such as realist and liberal approaches – the impact of regulatory issues on U.S. companies’ daily operations, the U.S.’s international relations with allies and other countries, and the implications for Americans who rely on tools that collect personal data at scale.
Peter Swire closes the webinar by summarizing the guests’ observations and noting that, at this stage of the debate, it may fall to academics to collaborate on a framework suited to today’s challenges. He then opens the floor for audience questions before concluding the session.
* * *
These statements are attributable only to the authors, and their publication here does not necessarily reflect the view of the Cross-Border Data Forum or any participating individuals or organizations.
