The U.S. government has put the final touches on a sweeping rule that bans foreign access to Americans’ bulk sensitive data, carrying out a Feb. 2024 Executive Order from President Joe Biden.
The order creates a new regulatory national security program, overseen by the U.S. Department of Justice, designated with preventing the transfer and exploitation of bulk personal data and certain U.S. government-related data abroad. It targets known “countries of concern,” including China (Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela, and aims to limit their ability to use bulk data for cyber espionage and influence campaigns — or to build U.S citizen profiles used for social engineering and identity theft.
Certain types of data are expressly prohibited from being transferred under the new regulation, such as personal identifiers, biometric data like facial scans and voice prints, and precise geolocation data. The rules also designate classes of prohibited, restricted, and exempt data transactions, whether through direct purchase or other commercial means.
“Countries of concern and covered persons can also exploit this data to collect information on activists, academics, journalists, dissidents, political opponents, or members of nongovernmental organizations or marginalized communities to intimidate them; curb political opposition; limit freedoms of expression, peaceful assembly, or association; or enable other forms of suppression of civil liberties,” the Justice Department writes, warning also of the use of bulk sensitive data to develop more sophisticated artificial intelligence and algorithms at greater national security risk.
The U.S. government has been investing more regulatory might into data privacy, with aims to more intensely monitor and limit the passage of Americans’ sensitive personal data abroad. The Biden administration’s TikTok ban, which forces the popular social media platform to divest from its China-owned parent company on the grounds of national security, is currently being considered by the Supreme Court, which will hear oral arguments on Jan. 10. President-elect Donald Trump has recently reversed his stance on banning the platform.
In December, the Consumer Financial Protection Bureau announced a new set of proposed rules that would limit the ability of data brokers to sell individuals’ personal and financial data, recategorizing data brokerage under the same oversight as credit bureaus and background check companies.
The new Justice Department limits come amid several high-profile espionage attempts by foreign nations and actors, including a recent U.S. Treasury breach by China-backed hackers that overrode internal security systems and accessed unclassified documents. The breach was announced on the heels of a string of cyberattacks infiltrating users’ personal data stored by major telecommunications companies — another China-linked hacking network known as Salt Typhoon.
