The U.S. Department of Justice released a new proposed rule on Monday aimed at protecting sensitive data of American individuals and the government from foreign adversaries. This move is part of an executive order signed by President Biden earlier this year to strengthen U.S. data security and prevent countries including China, Iran, and Russia from acquiring large quantities of U.S. data through commercial transactions. These rules reflect the U.S. emphasis on national security and cyberattack threats, demonstrating the government's resolve in addressing trade and technology tensions.
Under the newly proposed rules, certain commercial transactions involving U.S. personal information will face strict restrictions, especially those that might transfer large amounts of data to so-called "countries of concern," which include China, Iran, Venezuela, Cuba, and North Korea. Protected data types include genomic data of more than 100 Americans, health or financial data of over 10,000 people, and precise geographic location data from more than 1,000 U.S. devices. Government officials particularly highlighted that the new regulation will prohibit trades with data brokers who intentionally direct sensitive information to these countries.
One of the contexts for the introduction of this rule is the growing global concern over data security, particularly in cases where Chinese companies acquire sensitive data through acquisitions or investments. A notable example is in 2018, when the U.S. government blocked China's Ant Financial's attempt to acquire U.S. company MoneyGram International, citing data security issues.
The new regulations also explicitly state that any data transfer related to U.S. government employees will be closely monitored, especially in areas concerning national security and intelligence. The Justice Department will enforce the regulation through criminal and civil penalties to ensure the protection of U.S. individuals and government information from external threats.
It is noteworthy that this measure is not only targeting traditional commercial transactions but could also have far-reaching impacts on foreign applications like TikTok. Justice Department officials emphasized that if these applications are found to transfer sensitive data of American users to their parent companies and the parent companies transmit this data to other countries, the relevant companies will face legal risks. There will be increased scrutiny on Chinese companies in particular.
Additionally, the introduction of the new regulations signifies a comprehensive upgrade in the U.S. government's data protection efforts. This measure aims not only to guard against cyberattacks and espionage but also serves as an important means to protect U.S. national interests amid the current international situation. In recent years, with the widespread use of global data sharing, protecting personal privacy and national security has become a global issue. The U.S. government's move may also prompt other countries to introduce similar protective measures.
Against the background of international trade and technological tensions, the U.S. has further strengthened its scrutiny over cross-border data flows, particularly those transactions that could affect national security. This measure aligns with previous U.S. government actions to tighten regulations on foreign technology companies operating in the U.S., such as sanctions against Huawei and TikTok, which were based on data security concerns.
Overall, this new regulation demonstrates that the U.S. government will continue to take a firm stance against global cybersecurity threats and data breach risks. As the global digital economy develops, data security has become a core aspect of national security strategy, and future international competition over data control and protection will intensify. The U.S.'s move may become a new direction for global data protection policies, leading other countries to follow suit and enact corresponding regulations.
Through this new regulation, Washington has further clarified its sensitivity toward cross-border data flows and its strict stance on data protection, aiming to secure its national security and economic interests in the future digital economy competition.
