The Justice Department is proposing new rules that would limit the ability of adversarial nations to purchase Americans’ bulk data.
The Justice Department is proposing new rules that would limit the ability of adversarial nations to purchase Americans’ bulk data.
The notice of proposed rulemaking, announced on Oct. 21, would attempt to throttle the amount of information sent by data brokers to six covered nations by placing new limits on certain business transactions regarding Americans’ data.
The six nations that are targeted include China, Cuba, Iran, North Korea, Russia, and Venezuela.
The proposal was precipitated in February when President Joe Biden signed an executive order directing the department to create new regulations that would prevent hostile countries from purchasing the sensitive data of U.S. residents through legal means.
The proposed regulations would, therefore, limit the sale of sensitive personal data—including genomic, biometric, personal health, geolocation, and financial information—of U.S. residents.
As currently written, the rules would prohibit “any U.S. person from knowingly engaging in a covered data transaction involving data brokerage with a country of concern or a covered person.”
Whether that language holds or is watered down remains to be seen, however. International data brokerage is a lucrative field of business, and the rules are likely to be the target of intense lobbying.
To that end, the notice outlines that the United States is “widely perceived to be the largest data-brokerage market in the world.”
Among the largest data brokerages in the world are U.S.-based Oracle America, Equifax, and Experian, which boast combined U.S. revenues of more than $61 billion, according to the notice.
Such corporations often have access to deep stores of sensitive personal information that could easily be used by a foreign adversary to target individual Americans for influence operations or worse.
The document highlights the findings of one group of researchers from Notre Dame, who “were offered access to thousands of records of military personnel and military veterans’ data containing names, addresses, emails, phone numbers, military agency or branch, medical ailments, political affiliations, religion, gender, age, income, credit rating, and even details on children in the household.”
“Data brokers often collect data regarding, for example, where the average person goes, where they shop, and what they search for online,” the document adds.
The proposed rules are the latest in a year-long struggle between Washington and Beijing over the unstemmed flow of data from the United States to China.
Whereas Chinese corporations and governments benefit immeasurably from the data gleaned from Americans, Beijing has nationalized data as a strategic resource and implemented rules mandating that the Chinese Communist Party (CCP) have the final say over any and all data that could be exported.
Monday’s proposal for the first time gave more specific details about the types and amounts of data that cannot be transferred, including human genomic data on more than 100 Americans or personal health or financial data on more than 10,000 people.
The proposal would also bar the transfer of precise geolocation data on more than 1,000 U.S. devices at a time.
The rule would allow the Justice Department to enforce compliance both through criminal and civil penalties.
That means that Chinese companies or those owned by Chinese parent companies, such as social media giant TikTok, could run afoul of the proposal if they transfer sensitive data from U.S. users to a Chinese parent company.
Reuters contributed to this report.