By Sarah N. Lynch and David Shepardson
WASHINGTON (Reuters) – The U.S. Justice Department on Monday proposed new rules to protect federal government data or Americans’ bulk personal data from getting into the hands of countries like China, Iran and Russia by placing new limits on certain business transactions.
The proposal, which was previewed in March, implements an executive order issued earlier this year by President Joe Biden which aims to keep foreign adversaries from using accessible American financial and genomic data and health data for cyber attacks, espionage and blackmail.
In addition to China, Russia and Iran, the rule would also apply to Venezuela, Cuba and North Korea.
Washington has been trying to stem the flow of American personal data to China, part of a years-long struggle over trade and technology.
In 2018, a U.S. panel that reviews foreign investments for potential national security threats rejected a plan by China’s Ant Financial to acquire U.S. money transfer company MoneyGram International, because of concerns over safety of data that can be used to identify U.S. citizens.
The officials said transactions will be banned with data brokers who know the information will end up in “countries of concern”, as will the transfer of any data on U.S. government personnel.
Monday’s proposal for the first time gave more specific details about the types and amounts of data that cannot be transferred, including human genomic data on over 100 Americans or personal health or financial data on over 10,000 people.
The proposal would also bar the transfer of precise geolocation data on over 1,000 U.S. devices.
The rule would allow the Justice Department to enforce compliance both through criminal and civil penalties.
U.S. officials told reporters on Monday that Chinese apps such as TikTok could run afoul of the proposal if they transferred sensitive data from U.S. users to a Chinese parent company.
(Reporting by Sarah N. Lynch, David Shephardson and Alexandra Alper in Washington)