The Department of Justice has issued a final rule that blocks companies from sharing bulk sensitive data on Americans with certain “countries of concern.”
The rule, which is part of a February executive order from President Biden, takes effect in 90 days and prohibits data transactions with countries like China (Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. That includes personal identifiers, biometric identifiers, precise geolocation data, personal health data, personal finance data, and human genomic data.
“This final rule is a crucial step forward in addressing the extraordinary national security threat posed [by] our adversaries exploiting Americans’ most sensitive personal data,” Matthew G. Olsen, Assistant Attorney General with the DOJ’s National Security division, said in a statement.
Once the rule is implemented, Americans’ personal data will no longer be “permitted to be sold to hostile foreign powers, whether through outright purchase or other means of commercial access,” Olsen added.
There are a few exemptions. It doesn’t prohibit Americans “from conducting medical, scientific, or other research in countries of concern, or from partnering or collaborating with covered persons to share data to conduct researching, if that activity does not involve the exchange of payment or other consideration as part of a covered data transaction.”
It also doesn’t broadly prohibit US citizens from “engaging in commercial transactions, including exchanging financial and other data as part of the sale of commercial goods and services with countries of concern or covered persons, or impose measures aimed at a broader decoupling of the substantial consumer, economic, scientific, and trade relationships that the United States has with other countries.”
Recommended by Our Editors
In the US, the Consumer Financial Protection Bureau (CFPB) recently moved to block data collection companies from selling your personal information, including to hackers or foreign spies. Data brokers could only sell people’s personal information for certain “permissible purposes,” such as employment, insurance, or credit monitoring. All other transactions, such as for marketing or advertising, would be banned.
This all comes as the feds and major telecom companies have been working to rid their networks of hackers associated with the China-backed “Salt Typhoon” group, which targeted individuals involved in government or political activity. Earlier this week, the Treasury Department also sanctioned Iranian and Russian entities for alleged election meddling.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Jibin Joseph
Contributor
