Concord Privacy News: 11/04/24
US Government Advances Restrictions on International Data Broker Sales
The White House is moving forward with implementing a February 2024 Executive Order designed to restrict data brokers from selling sensitive American data to six countries deemed concerning: China (including Hong Kong and Macau), Russia, Iran, North Korea, and potentially Cuba and Venezuela.
The Department of Justice has opened a 30-day public consultation period to finalize implementation rules. Under the proposed framework, US entities would be prohibited from selling data to or processing data within organizations that are 50% or more owned by these "countries of concern" or their residents.
The restrictions will apply when specific data thresholds are met, including:
- Financial or health data on over 10,000 US persons
- Geolocation data on over 1,000 US devices
- Genomic data on over 100 US persons
- Biometric data on over 1,000 US persons
- Personal identifiers on over 100,000 US persons
Notable exemptions include official government activities, basic telecommunications services, personal communications without value transfer, and certain regulatory disclosures for medical trials. Organizations can request specific exemptions through a DOJ licensing process.
While the measure represents progress in protecting Americans' data privacy, the US still lacks comprehensive national data privacy legislation, which is still being actively discussed in Congress.
Other Privacy News of Note
'Open Banking' Rules for Consumer Data Unveiled by US Watchdog
The top U.S. consumer finance watchdog on October 22 unveiled long-awaited rules that would make it easier for consumers to switch between financial services providers, a move the agency said was aimed at boosting competition. The Consumer Financial Protection Bureau's "open banking" rule governs data sharing between fintech firms and traditional banks, allowing consumers to easily transfer their personal data between providers free of charge. Read more.
FCC Expands Cooperation with States on Data Security, Privacy Enforcement
The Federal Communications Commission on October 21 said it will nearly double the number of state attorneys general enforcing privacy, data protection and cybersecurity, marking an expansion of a program it launched in 2023. The FCC will now work with attorneys general in Maine, Vermont, Massachusetts, Delaware and Indiana to coordinate investigations on protecting consumer privacy and data. The states will join those already working with the agency, which includes Connecticut, New York, Pennsylvania, Illinois, Oregon and the District of Columbia. Read more.