Senator Martin Heinrich | Sen. Martin Heinrich Official Website
Senator Martin Heinrich | Sen. Martin Heinrich Official Website
WASHINGTON – U.S. Senators Martin Heinrich (D-N.M.), Ron Wyden (D-Ore.), and Cynthia Lummis (R-Wyo.) introduced legislation to protect Americans’ data from being exploited by unfriendly foreign nations and apply tough criminal and civil penalties to prevent employees of foreign corporations from accessing U.S. data from abroad.
“We don’t export advanced technologies or weapon systems to our adversaries for good reason. We shouldn’t allow data brokers to export Americans’ personal data either,” said Heinrich. “This bill would protect Americans’ health care records, geolocations, web browsing activity, and other information from adversaries who could use it for nefarious purposes. Increasingly, data is the new gold – and we need to treat it accordingly.”
Heinrich also noted concerns about the findings of a recently released report commissioned by the Office of the Director of National Intelligence confirming the widespread purchases by the Intelligence Community of Americans’ commercially available data.
“It is simply too easy for anyone to buy large volumes of information about Americans – a concern I’ve been highlighting for some time. Whether it is our adversaries or our own government purchasing this personal data, we need to put guardrails in place. Director of National Intelligence Avril Haines has stated her commitment to considering and implementing the report’s recommendations, and I will hold her to that. We need to ensure Americans’ privacy and national security is protected, and this legislation is a good start,” continued Heinrich.
“Massive pools of Americans’ sensitive information — everything from where we go, to what we buy and what kind of health care services we receive — are for sale to buyers in China, Russia and nearly anyone with a credit card,” Wyden said. “Our bipartisan bill would turn off the tap of data to unfriendly nations, stop TikTok from sending Americans’ personal information to China, and allow nations with strong privacy protections to strengthen their relationships.”
“The privacy and security of our data is essential to the freedoms we hold dear. If foreign adversaries can access our data, they can control it. We need to ensure the data that people in Wyoming put online is not available to nations that threaten our safety and security. With this bipartisan legislation, we will ensure that companies like TikTok are not funneling your personal data to those adversaries,” said Senator Lummis.
In April 2021, Director of National Intelligence Avril Haines warned of the threat posed by unrestricted commercial data sales: “There’s a concern about foreign adversaries getting commercially-acquired information as well, and am absolutely committed to trying to do everything we can to reduce that possibility.”
The Protecting Americans’ Data From Foreign Surveillance Act of 2023 updates the previously introduced bill to include new protections against foreign-owned companies accessing U.S. data from abroad, or sending data to unfriendly foreign nations. This bill:
- Directs the Secretary of Commerce, in consultation with other key agencies, to identify categories of personal data that, if exported, could harm U.S. national security.
- Directs the Secretary of Commerce to compile a list of low-risk countries, where data can be shared without restrictions, a list of high-risk countries where exports of sensitive data will be blocked, and create a system to issue licenses for data exports to nations not on either list. The risk status of countries will be determined based on
- the adequacy and enforcement of the country’s privacy and export control laws
- the circumstances under which the foreign government can compel, coerce, or pay a person in that country to disclose personal data
- whether that foreign government has conducted hostile foreign intelligence operations against the United States.
- In addition to regulating bulk exports, the bill also regulates all exports of personal data by data brokers and firms directly to restricted foreign governments, to parent companies in restricted foreign countries and to persons designated on the Bureau of Industry and Security’s Entity List.
- Exempts from the new export rules data encrypted with NIST-approved technology.
- Ensures the export rules do not apply to journalism and other First Amendment protected speech.
- Applies export control penalties to senior executives who knew or should have known that employees below them were directed to illegally export Americans’ personal data.
The bill has been endorsed by the Electronic Privacy Information Center, the R Street Institute and Justin Sherman, senior fellow and data brokerage research lead, and David Hoffman, professor of cybersecurity policy, Duke University Sanford School of Public Policy, experts on the sale and exploitation of Americans’ data.
Read the full bill here.
Original source can be found here.