Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

House Passes Bill Barring Sale of Personal Information to Foreign Adversaries

H.R. 7520 prohibits data brokers from selling Americans’ data to foreign adversary countries or entities controlled by them.

SBOM Mandates

The US House of Representatives has passed new legislation prohibiting data brokers from selling Americans’ personal information to foreign adversary countries or entities under their control.

The bipartisan bill, H.R. 7520 (PDF), known as the Protecting Americans’ Data from Foreign Adversaries Act of 2024, was introduced on March 5 and passed by a vote of 414 – 0. Previously, the bill passed out of the Energy and Commerce Committee with a vote of 50-0.

The legislation makes it unlawful for data brokers “to sell, license, rent, trade, transfer, release, disclose, provide access to, or otherwise make available personally identifiable sensitive data of a United States individual” to adversaries.

H.R. 7520 empowers the Federal Trade Commission (FTC) to enforce the legislation and clarifies that any foreign person residing, headquartered, or organized under the laws of a foreign adversary country is considered ‘controlled by a foreign adversary’.

Furthermore, if such a person has at least a 20% stake in an entity, that entity is considered ‘controlled by a foreign adversary’. Any person directly controlled by a person or entity described above falls into the same category.

The legislation covers personally identifiable information and sensitive information (such as Social Security numbers, driver’s license numbers, and passport numbers), along with geolocation, protected health, financial, and biometric information, private communications, user login data, calendar information, call and text logs and other information typically stored on a person’s device, and more.

“Today’s overwhelming vote sends a clear message that we will not allow our adversaries to undermine American national security and individual privacy by purchasing people’s personally identifiable sensitive information from data brokers. H.R. 7520 is another key step towards strengthening data protections and safeguarding our nation from foreign adversaries,” House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Ranking Member Frank Pallone, Jr., (D-NJ) said in a joint statement.

The legislation passed roughly three weeks after US President Joe Biden issued an Executive Order preventing the mass transfer of sensitive data to countries of concern, which could use it to collect information on activists, academics, dissidents, journalists, non-governmental organizations, and political figures.

Advertisement. Scroll to continue reading.

Related: White House Issues Executive Order on International Data Protection

Related: India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation

Related: Bill That Could Ban TikTok Passed in the House. Here’s What to Know

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...