House Passes the Protecting Americans’ Data from Foreign Adversaries Act
Time 3 Minute Read

On March 20, 2024, the U.S. House of Representatives passed legislation that will prohibit data brokers from transferring U.S. residents’ sensitive personal data to foreign adversaries, including China and Russia. The House bill HR 7520 (the “Bill”), also known as the Protecting Americans’ Data from Foreign Adversaries Act of 2024, marks a significant development in executive and legislative action related to foreign access to U.S. data. The Bill follows a similarly groundbreaking Executive Order and Department of Justice Notice of Proposed Rulemaking issued at the end of February that will establish strict protective measures against data exploitation by countries considered national security threats for U.S. sensitive personal data and U.S. government-related data. The Bill also comes after the House overwhelmingly passed HR 7521, (the Protecting Americans from Foreign Adversary Controlled Applications Act) resulting from concerns that the Chinese government would compel TikTok (or other foreign adversary-controlled apps) to turn over U.S. data. HR 7521 would effectively require TikTok to divest from parent company ByteDance in order to avoid a ban in the U.S.

HR 7520 would:

  • Prohibit data brokers from selling certain sensitive U.S. personal data to foreign adversaries or organizations/entities under their control. The list of foreign adversaries currently includes Russia, China, Iran, and North Korea, pursuant to 10 U.S.C. § 4872;
  • Protect sensitive data including health data, precise geolocation information, biometric and genetic data, Social Security numbers, passport numbers and other government identifiers, certain financial data (including income level), certain protected class-related data, and information about minors, among others; and
  • Authorize the Federal Trade Commission to enforce the law under Section 18 of the FTC Act and penalize data brokers for violating the law.

“Data brokers” are entities that exchange with another entity, for valuable consideration, U.S. individuals’ data that the entity did not collect directly from the individual (that is, “for valuable consideration, sells, licenses, rents, trades, transfers, releases, discloses, provides access to, or otherwise makes available”). This does not include entities acting as “service providers,” entities transmitting data at the request of the individual, or in the context of reporting or publishing news to the general public. The Bill will require data brokers to stop transferring an extensive list of sensitive personal data elements to several known foreign adversaries and at least one major trading partner - China. HR 7520 is significant not only for its national security implications and impact on data brokers, but for the unanimous vote it garnered in an otherwise divided Congress. The Bill moves to the Senate for approval.

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page