As Chinese companies like TikTok gain access to U.S. markets and ever more data on American citizens, many observers have argued that federal privacy legislation has become a national-security imperative. Yet concerns about China and national security are only two of several reasons for the United States to enact such legislation. When it comes to strengthening privacy, digital trade, and U.S. national security, it’s important to recognize what privacy legislation would and would not accomplish on its own—and why additional steps are needed.

A federal privacy law would provide consumers with overdue protections and establish a more consistent framework for the U.S. government to answer difficult questions about the American relationship with China. But such a law is only a first step toward advancing U.S. security and addressing differences between the United States and other countries—particularly America’s European allies—in their approaches to data governance. To improve U.S. data security while retaining the openness required for innovation and competitive strength, the Biden administration will also need to prioritize cybersecurity liability reform, bolstering U.S. responses to malicious cyber activity, and reforming certain surveillance procedures to address the concerns of American allies and trading partners.