Protect personal data and privacy by preventing governmental, corporate, and foreign surveillance

Privacy is the foundation of freedom. Yet in the digital age, corporations and governments track, harvest, and sell our every move. Our personal data, once private, is now a commodity. A society under constant surveillance is not free.

The right to privacy must extend to the digital world. Project 2029 supports the creation of a modern Digital Bill of Rights that protects Americans from surveillance, data extraction, and algorithmic manipulation. It is critical to ensure that the fundamental liberties guaranteed in the Constitution and recognized in global human-rights law are fully preserved in the digital age.

Project 2029 is enacting a strong digital privacy and data rights policy platform that protects the Fourth Amendment’s right to privacy, places users first, and holds tech giants accountable for reckless and intrusive data practices. Our digital privacy and cybersecurity platform includes:

1. Rescinding Executive Order 14243, which collapses data silos between federal agencies, thus promoting unfettered intra- and inter-agency access to unclassified government and state-level data that enables government surveillance.

2. Mandating the destruction of centralized data systems that unlawfully aggregate personal data on immigrants and citizens, consistent with the collection limitation principle (§ 552a(e)(1)) and accuracy/timeliness requirements (§ 552a(e)(5)), which prohibit the indefinite maintenance of irrelevant, unnecessary, or unreliable records.

3. Barring inter-agency data-sharing arrangements involving personal or administrative data, including those held by the IRS, the U.S. Census Bureau, DMVs, educational institutions, utilities, and medical databases, unless explicitly authorized under the Privacy Act of 1974, § 552a(b). This includes suspending “matching programs” (§ 552a(o)–(u)) unless compliant with statutory notice, safeguard, and verification requirements.

4. Severing all federal contracts with Palantir Technologies and comparable firms engaged in large-scale aggregation of personal data, wherever legally permissible, and directing agencies to enforce the prohibition on maintaining undisclosed or “secret” systems of records (§ 552a(e)(4), (i)(2)).

5. Prohibiting renewal or initiation of new federal contracts with Palantir or similar entities, in recognition of the criminal penalties (§ 552a(i)) that attach to contractors or employees who willfully disclose or mishandle personal data.

6. Revoking or suspending security clearances of contractor employees whose work facilitates data aggregation practices inconsistent with the Privacy Act of 1974, ensuring accountability for violations.

7. Guaranteeing individual rights of access and amendment to personal records (§ 552a(d)), including expedited correction processes for erroneous or outdated information.

8. Launching a task force within the Office of Management and Budget to audit all federal data-sharing and surveillance operations, with authority to:

   • Investigate agency compliance with publication requirements for systems of records (§ 552a(e)(4));

   • Enforce disclosure restrictions (§ 552a(b));

   • Monitor civil remedies available to individuals due to violations (§ 552a(g));

   • Recommend criminal referrals where willful violations are identified (§ 552a(i));

   • Design a privacy-centered replacement framework that sets boundaries between individual agency databases, ensuring compliance with the Privacy Act while protecting civil liberties.

9. Declaring a national emergency on foreign cybersecurity and digital infrastructure threats to protect Americans from escalating cyber and digital threats posed by foreign actors. Under the International Emergency Economic Powers Act (IEEPA) (50 U.S.C. §§ 1701–1707), the emergency declaration should specifically designate malicious cyber activities, digital surveillance, and manipulation of digital and communication networks as  "unusual and extraordinary threats.” In response to this threat, the Treasury shall freeze assets, block transactions, and restrict trade involving designated foreign actors while the Commerce Department simultaneously imposes export controls on sensitive U.S. technologies. Additionally, the Cybersecurity and Infrastructure Security Agency and Federal Communications Commission must be ordered to issue emergency directives requiring firms to report cyber breaches, reroute compromised internet traffic, and isolate digital assets vulnerable to foreign surveillance.

10. Restoring Executive Order 14110 to reestablish a comprehensive federal framework to guide the development and deployment of AI technologies. This order will mandate that developers of powerful AI systems disclose information about model training and cybersecurity practices to the Department of Commerce and other designated federal agencies responsible for national security and technology oversight. It will also direct the National Institute of Standards and Technology to develop rigorous safety and security standards for AI tools, implement guidelines to prevent AI-related discrimination in areas such as housing, healthcare, and employment, and require transparency measures like labeling AI-generated content to inform users.