The US government has announced a proposed rule that would prohibit sending citizens' data to China, Russia, and other countries.
On October 21, 2024, the U.S. Department of Justice announced proposed rules that would restrict the transfer of sensitive citizen data, such as biometric and genomic information, to foreign countries with national security concerns, such as Russia, Iran, and China.
Office of Public Affairs | Justice Department Issues Comprehensive Proposed Rule Addressing National Security Risks Posed to US Sensitive Data | United States Department of Justice
Biden administration proposes new rules governing data transfers to adversarial nations
https://therecord.media/biden-administration-rules-data-transfer-adversaries
US to crackdown on databrokers doing deals with 6 nations • The Register
https://www.theregister.com/2024/10/21/us_crackdown_data_brokers/
In February 2024, U.S. President Joe Biden issued the Executive Order Protecting Large Scale Sensitive Personal and Government-Related Data of Americans from Foreign Countries of Concern (Executive Order No. 14117), instructing authorities to prevent foreign adversaries from exploiting citizens' biometric, health information, genome, precise location information, financial data, and other data to conduct cyber attacks and espionage activities.
In response to this, the US Department of Justice issued an Advance Notice of Proposed Rulemaking (ANPRM) in March and solicited public comments and opinions from a wide range of stakeholders. Based on the results of the ANPRM, the Department has now published a Notice of Proposed Rulemaking (NPRM) to implement the Executive Order.
by
(PDF file) According to the fact sheet and comments from government officials, the proposed rules name six countries: China, Russia, Iran, North Korea, Venezuela and Cuba.
When the rule goes into effect, it will be subject to restrictions on the transfer of 'genomic data of more than 100 Americans,' 'precise location data and biometric identifiers of more than 1,000 people,' 'health and financial data of more than 10,000 people,' and 'personal identifiers of more than 100,000 people' to a target country or a company in a target country within a 12-month period. Personal identifiers refer to names, social security numbers, driver's license numbers, etc. that are linked to devices.
All companies, regardless of size or type, that conduct business involving the flow of data from the United States to covered countries will be required to meet record-keeping and reporting compliance requirements, and will be subject to civil penalties and criminal prosecution if they violate the rules.
The proposed rules also include exceptions to the rules, including basic communications services such as international telephone calls, personal communications that do not contain valuable information, data related to clinical trials of medicines or medical devices, routine business transactions such as payroll and tax payments, and official U.S. government activities.
'This issue is a pressing risk that is exacerbated by continuing advances in big data analytics, AI and other technologies, which could allow countries of concern to improve their ability to analyse, manipulate and exploit sensitive personal data,' the official told media.
The Department of Justice also explained that 'this comprehensive proposed rule implements the directive of the Executive Order by clarifying the rules regarding transactions that pose an unacceptable risk of providing government-related data or sensitive personal data of Americans on a large scale to countries or targets of concern.'
Related Posts:
in Note, Posted by log1l_ks