Biden Administration Proposes Strict Data Transaction Rules to Safeguard US Data
US Economy

Biden Administration Proposes Strict Data Transaction Rules to Safeguard US Data

137

Understanding EO 14117: Restricting Data Transactions to Protect American Personal Data

This year, the Biden administration announced Executive Order (EO) 14117 to curb specific data transactions. The Department of Justice (DOJ) was tasked with creating a framework to limit transactions that give access to personal data of Americans or certain government data to specific foreign entities. In October, the DOJ released its Notice of Proposed Rulemaking (NPRM), suggesting measures that would have considerable implications on businesses within the data-driven economy.

How EO 14117 Affects the Data-Driven Economy

If enacted as drafted, the NPRM will redefine “data brokerage” and could impact companies that provide data access to “covered persons,” such as advertisers in countries of concern. Additionally, companies using vendors like cloud computing providers who qualify as covered persons and can access data about Americans may need to establish new systems to ensure compliance for those engagements.

The proposed rule could significantly affect all entities within the automotive industry, from AV developers to OEMs and parts suppliers, as they will need to consider how they collect, use, and share data related to drivers and passengers.

Understanding Key Definitions in the NPRM

The NPRM provides specific definitions and examples to help U.S. companies understand which business partners and providers may be considered covered persons. It also outlines thresholds for the amount of data involved in a transaction to determine if it’s restricted based on the “bulk” of sensitive personal data and defines government-related data and sensitive personal data. Furthermore, the NPRM defines specific categories of sensitive data linked to U.S. individuals and outlines the prohibition on transferring personal data to countries of concern through a data brokerage transaction.

Understanding the NPRM Transaction Requirements

The NPRM outlines requirements for prohibited and restricted transactions and introduces certain exemptions. Companies involved in restricted transactions will need to implement cybersecurity policies suggested by the Cybersecurity & Infrastructure Security Agency.

Licensing under the NPRM

The NPRM allows the DOJ to provide general and specific licenses to companies to conduct otherwise-regulated transactions, reducing compliance burdens.

Potential Penalties under the NPRM

The NPRM proposes hefty penalties for violations, including substantial fines and possibly imprisonment for willful violations.

How Can Your Company Prepare for the NPRM?

While the NPRM is still under review, companies can prepare by assessing current data assets and practices, updating or creating new vendor and client intake procedures, and updating security positions for those subject to the rule. Companies can also participate in the 30-day comment period to voice any concerns before the rule becomes final.

Please note, this article is strictly informational. Be sure to consult with a specialist for advice tailored to your specific circumstances.

Read More US Economic News

You might also like More from author