House panel to weigh bill barring data brokers from making transfers to foreign rivals
The measure, backed by the House Energy and Commerce Committee’s leaders, considers similar data types listed in a recently signed data security executive order.
A House panel on Thursday will consider legislation that would penalize data brokers who enable the transfer of Americans’ sensitive data to foreign rivals like China.
The Protecting Americans’ Data from Foreign Adversaries Act was introduced this week by House Energy and Commerce Committee leaders Cathy McMorris Rodgers, R-Wash. and Frank Pallone, Jr., D-N.J. on the heels of a recent executive order signed by President Joe Biden that gives multiple agencies enhanced legal power to prevent Americans’ sensitive data from falling into the hands of foreign adversaries.
The bill would give the Federal Trade Commission the authority to seek civil penalties of at least $50,000 when a data broker sells information to foreign adversaries or entities controlled by those foreign adversaries, which include China, Iran, Russia and North Korea, as defined by acquisition restrictions in U.S. code. That list notably excludes Cuba and Venezuela, which were mentioned in the Biden directive.
The legislation will be marked up in the House committee alongside a related measure — the Protecting Americans from Foreign Adversary Controlled Applications Act — which would put TikTok and related applications in regulators’ crosshairs by potentially forcing a divestiture of the app from its Chinese owners to U.S. entities.
“Data brokers collect a stunning amount of sensitive information and data on Americans — from their physical and mental health, to when and where they’re traveling. Once collected, this sensitive information can be sold to anyone, including foreign adversaries like China. The days of data brokers surveilling Americans for our enemies should be numbered, and this important legislation will ensure that they are,” Rodgers said in a written statement.
The measure aims to update the FTC’s language concerning investigations into “unfair or deceptive” acts or practices that harm consumers, lodging foreign rival data transfers into the agency’s code.
Sensitive data transfers would include data types like genetic info, biometrics, financial accounts and health records. Those data types are akin to those listed in the White House order, which experts say will require regulators like the Justice Department to craft new definitions and legal mechanisms that consider data categories and numerous overseas data transfer scenarios.
The bill also lists Americans’ communications — including phone or text logs, photos, audio recordings, or videos — as data types that should not be transferred. Data brokers already legally obtain, process and sell Americans’ data for commercial purposes, and at times have sold that information to the intelligence community.
The Federal Trade Commission has taken multiple actions against data brokers that have allegedly defied consumer privacy and sold harvested data to other entities without consent. The agency last month barred X-Mode from selling sensitive location data and directed it to destroy all location data previously collected until it adheres to certain restrictions.
The Biden administration’s data security order notably does not list the FTC as an enforcement agency, instead putting the onus on the departments of Justice, Homeland Security, Health and Human Services and others to craft the measures necessary to enforce it.