The internet landscape—and subsequently, the relationship between the U.S. government and private sector—has evolved substantially since Edward Snowden’s surveillance disclosures in 2013. In particular, the volume and technical complexity of the data ecosystem have exploded over the past decade, spurred by the rising ubiquity of algorithmic profiling in the U.S. private sector. As a result, U.S. government agencies have increasingly turned to “voluntary” mechanisms to access data from private companies, such as purchasing smartphone geolocation history from third-party data brokers and deriving insights from publicly available social media posts, without the formal use of a warrant, subpoena, or court order.

Technological advancements warrant a reexamination of the traditional privacy-security trade-off—one that prioritises forward-looking guardrails around the rising ubiquity of commercially available information. This report attempts to bridge these gaps by analysing the relationship between the U.S. data brokerage industry and domestic and foreign government agencies. It first explains how private companies have built up massive troves of personal information, which data brokers aggregate and sell to both public and private sector entities without proper safeguards to protect privacy and civil liberties. Then it analyses U.S. privacy developments alongside those in the European Union, Canada and China, illustrating how even governments that have recently modernised their data protection frameworks still have not fully addressed voluntary access to private sector data. Ultimately, it illustrates how stricter U.S. data privacy regulations in the private and public sectors will strengthen the national security, human rights, and economic interests of the United States rather than hobble its geopolitical competitive position.