Lawmakers want to restrict user data sales to nations like China, Russia - CyberScoop

2022-06-23 19:51 (EST) - Tonya Riley

Written by Tonya Riley

A bipartisan group of senators introduced legislation Thursday that would create export controls for sensitive U.S. user data.

The legislation takes aims at growing concerns about data brokers selling data like health information and military member location data to foreign adversaries.

Specifically, the bill would direct the secretary of Commerce to identify which types of personal data could harm U.S. national security and designate which countries would require licenses to export to or be denied as a default. Risk status would be based on a countrys privacy laws, the foreign governments ability to compel private entities to share data and if the nation has hostile intelligence operations against the U.S.

The bills sponsors include Sens. Ron Wyden, D-Ore., Cynthia Lummis, R-Wyo., Sheldon Whitehouse, D-R.I., Marco Rubio, R-Fla. and Bill Hagerty, R-Tenn.

It is common sense to prevent our adversaries from obtaining the highly sensitive personal information of millions of Americans, co-sponsor Senator Marco Rubio, R-Fla., said in a statement. We cannot trust private companies to protect Americans private data, especially given how many of them do business in China. Our bill would address this massive national security threat and protect Americans privacy.

Rubio, alongside Sens. Bill Cassidy, R-La., and Elizabeth Warren, D-Mass., also introduced legislation in May that would prevent the sale of military personnel data to hostile nations.

Justin Sherman, fellow and research lead at Dukes Sanford School of Policy Data Brokerage Project, said the legislation could push the widely unregulated data broker industry to more widely embrace know-your-customer laws and other compliance standards to make sure theyre not selling to banned actors.

You should have to know if the data youre selling is going to customers tracking COVID or some Chinese front, Sherman told CyberScoop.

The bill only limits direct sales, which means other potential exposure, like a U.S. company using non-sanctioned foreign code or software, would not be covered. The bill also does not address foreign ownership, something already monitored by the interagency Committee on Foreign Investment in the United States.

Congresss scrutiny of the data broker industry isnt limited to foreign sales. Wyden has also co-sponsored bills that would prevent data brokers from selling health and location data and prevent police from using data brokers to get around warrants .

Sherman and other experts acknowledged that the bill is not a stand-in for comprehensive privacy legislation, a version of which advanced to the Houses full Energy and Commerce Committee Thursday. But they say the bill is a step in the right direction.

It is past time that Congress enact a strong, comprehensive privacy law, Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center, wrote in a statement. But in the meantime we must urgently protect Americans personal data from being sold to foreign companies and governments.

The Commerce Department did not immediately return a request for comment.

, Bill Cassidy , Bill Hagerty , China , Commerce Department , Cynthia Lummis , data brokers , , Elizabeth Warren , , marco rubio , Ron Wyden , , Sheldon Whitehouse

Source

Previous
Previous

Which States Have Cybersecurity Task Forces? - GovTech

Next
Next

Pentagon Releases Responsible AI Strategy - meritalk.com