The US Government is proposing new rules that would stop companies selling data about its citizens to “countries of concern”.
The proposal specifically targets what the Justice Department terms “sensitive personal data” and, when enacted, will prevent companies sharing this data to ventures in six countries.
Both Russia and China are on the list reflecting a wider crackdown on companies from those countries who have been deemed as poising a national security risk – Kaspersky and TikTok among them.
Blacklisted Countries by US
As well as China and Russia, Iran, The DPRK (North Korea), Cuba, and Venezuela have all been blacklisted.
In a press statement, the justice Department says that these countries “…can use their access to these types of data to engage in malicious cyber-enabled activities and malign foreign influence activities, bolster their military capabilities, and track and build profiles on U.S. individuals (including members of the military and other Federal employees and contractors) for illicit purposes such as blackmail and espionage.”
This just in! View
the top business tech deals for 2024 👨💻
It adds that data could be gathered on “activists, academics, journalists, dissidents, political opponents, or members of nongovernmental organizations or marginalized communities” and then weaponized “to intimidate them, curb political opposition, limit freedoms of expression, peaceful assembly, or association, or enable other forms of suppression of civil liberties.”
The Notice of Proposed Rulemaking specifically talks about personal data and the need to protect it. The information covered in the proposed legislation includes sensitive information such as Social Security numbers driver’s licenses, location data, biometric information and more.
Exceptions to New Proposal
The statement from the Justice Department is clear, though, that there are exceptions to this rule. Telecoms services are not impacted nor is clinical trial data, which organizations in the US need for FDA applications or research approval.
This ban is also not a trade embargo, the statement clarifies. It explains that it “…does not broadly prohibit US persons from engaging in commercial transactions, including exchanging financial and other data as part of the sale of commercial goods and services with countries of concern or covered persons.”
The proposed rule is also hoped to serve as a bit of a wakeup call to companies dealing with businesses in the six countries listed.
As an official from the Justice Department told Techradar: “Under the proposed rule, US persons transacting in these kinds of data…will need to understand the kinds and volumes of data they transact, who they are doing business with and how that data is being used, and the safeguards they use to control access to that data.”
In other words, be careful because it is more than your business that’s at risk if this data falls into the wrong hands.
