In August 2020, President Trump announced a ban on the popular app TikTok, citing the risk that TikTok could be sharing Americans’ personal data with the Chinese government. In doing so, President Trump used his powers under the International Emergency Economic Powers Act (IEEPA), which authorizes Presidents to impose economic sanctions in the face of a national emergency. Associating TikTok’s data mining practices with a national emergency raises interesting questions about the governance of our personal data: is there a national security risk and if so, how should data be protected? This Note argues that ineffective personal data privacy regulation poses a grave national security risk—namely, that our data could be misused by hostile actors. However, protection of personal data cannot be successfully implemented through ad hoc maneuvering under IEEPA. Instead, effective protection requires comprehensive legislation that addresses what data may be collected and what companies can do with it.