The US House of Representatives has passed new legislation prohibiting data brokers from selling Americans’ personal information to foreign adversary countries or entities under their control.
The bipartisan bill, H.R. 7520 (PDF), known as the Protecting Americans’ Data from Foreign Adversaries Act of 2024, was introduced on March 5 and passed by a vote of 414 – 0. Previously, the bill passed out of the Energy and Commerce Committee with a vote of 50-0.
The legislation makes it unlawful for data brokers “to sell, license, rent, trade, transfer, release, disclose, provide access to, or otherwise make available personally identifiable sensitive data of a United States individual” to adversaries.
H.R. 7520 empowers the Federal Trade Commission (FTC) to enforce the legislation and clarifies that any foreign person residing, headquartered, or organized under the laws of a foreign adversary country is considered ‘controlled by a foreign adversary’.
Furthermore, if such a person has at least a 20% stake in an entity, that entity is considered ‘controlled by a foreign adversary’. Any person directly controlled by a person or entity described above falls into the same category.
The legislation covers personally identifiable information and sensitive information (such as Social Security numbers, driver’s license numbers, and passport numbers), along with geolocation, protected health, financial, and biometric information, private communications, user login data, calendar information, call and text logs and other information typically stored on a person’s device, and more.
“Today’s overwhelming vote sends a clear message that we will not allow our adversaries to undermine American national security and individual privacy by purchasing people’s personally identifiable sensitive information from data brokers. H.R. 7520 is another key step towards strengthening data protections and safeguarding our nation from foreign adversaries,” House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Ranking Member Frank Pallone, Jr., (D-NJ) said in a joint statement.
The legislation passed roughly three weeks after US President Joe Biden issued an Executive Order preventing the mass transfer of sensitive data to countries of concern, which could use it to collect information on activists, academics, dissidents, journalists, non-governmental organizations, and political figures.
Related: White House Issues Executive Order on International Data Protection
Related: India Passes Data Protection Legislation in Parliament. Critics Fear Privacy Violation
Related: Bill That Could Ban TikTok Passed in the House. Here’s What to Know
