The Biden administration has officially finalized a new rule aimed at preventing the sale of sensitive personal data about Americans to adversarial nations, including Russia, China, Iran, North Korea, Cuba, and Venezuela. The rule, which is set to take effect in early 2025, addresses what the Department of Justice calls an “urgent and extraordinary national security threat.” By restricting the sale of data, the U.S. government seeks to protect Americans from the potential misuse of their personal information by foreign powers for activities such as espionage, blackmail, influence campaigns, and other forms of malicious actions.
The regulations specifically focus on protecting key categories of sensitive data, including genomic, biometric, health, geolocation, and financial data. Additionally, U.S. governmental data is also covered by the new rule. These types of data are often collected by data brokers who sell bulk information to the highest bidder, regardless of national security concerns. The Biden administration’s new rule is designed to put an end to this practice by making it illegal for companies to sell this sensitive information to foreign governments, particularly those identified as “countries of concern.”
One of the main reasons behind this regulation is the increasing sophistication with which foreign adversaries exploit bulk data to enhance their artificial intelligence (AI) capabilities. These enhanced AI algorithms enable adversaries to analyze large datasets more effectively, making them capable of using sensitive information for more damaging purposes. According to the Department of Justice, these countries are increasingly targeting activists, journalists, political opponents, and marginalized communities, using the data to suppress civil liberties and curb freedoms of expression, peaceful assembly, and association.
The rule’s implementation is a significant step in protecting American citizens from the growing threat posed by foreign adversaries’ access to sensitive personal data. It ensures that Americans’ privacy is upheld while preventing foreign governments from using these data sets to undermine national security. The finalization of the rule marks an important milestone in safeguarding Americans’ personal information from exploitation, with the regulations set to take effect within 90 days of their publication in the Federal Register.
