The Justice Department is proposing new rules that would limit the ability of adversarial nations to purchase Americans’ bulk data.
The six nations that are targeted include China, Cuba, Iran, North Korea, Russia, and Venezuela.
The proposed regulations would, therefore, limit the sale of sensitive personal data—including genomic, biometric, personal health, geolocation, and financial information—of U.S. residents.
As currently written, the rules would prohibit “any U.S. person from knowingly engaging in a covered data transaction involving data brokerage with a country of concern or a covered person.”
Whether that language holds or is watered down remains to be seen, however. International data brokerage is a lucrative field of business, and the rules are likely to be the target of intense lobbying.
To that end, the notice outlines that the United States is “widely perceived to be the largest data-brokerage market in the world.”
Among the largest data brokerages in the world are U.S.-based Oracle America, Equifax, and Experian, which boast combined U.S. revenues of more than $61 billion, according to the notice.
The document highlights the findings of one group of researchers from Notre Dame, who “were offered access to thousands of records of military personnel and military veterans’ data containing names, addresses, emails, phone numbers, military agency or branch, medical ailments, political affiliations, religion, gender, age, income, credit rating, and even details on children in the household.”
“Data brokers often collect data regarding, for example, where the average person goes, where they shop, and what they search for online,” the document adds.
The proposed rules are the latest in a year-long struggle between Washington and Beijing over the unstemmed flow of data from the United States to China.
Whereas Chinese corporations and governments benefit immeasurably from the data gleaned from Americans, Beijing has nationalized data as a strategic resource and implemented rules mandating that the Chinese Communist Party (CCP) have the final say over any and all data that could be exported.
Monday’s proposal for the first time gave more specific details about the types and amounts of data that cannot be transferred, including human genomic data on more than 100 Americans or personal health or financial data on more than 10,000 people.
The proposal would also bar the transfer of precise geolocation data on more than 1,000 U.S. devices at a time.
The rule would allow the Justice Department to enforce compliance both through criminal and civil penalties.
That means that Chinese companies or those owned by Chinese parent companies, such as social media giant TikTok, could run afoul of the proposal if they transfer sensitive data from U.S. users to a Chinese parent company.