Starting in 2025, new regulations will take effect in the United States, prohibiting the sale of Americans’ sensitive data to hostile nations. These measures, developed as part of an executive order signed in February, are aimed at addressing a “grave threat to national security” posed by the exploitation of Americans’ personal information by foreign states for espionage, blackmail, and other malicious activities.
The ban encompasses data related to biometrics, genetics, geolocation, financial transactions, healthcare, and information pertaining to U.S. government agencies. Additionally, thresholds for the volume of such data are specified, and licensing processes are outlined to allow limited transactions.
The final rule provides exceptions for personal communications, financial transactions, corporate agreements, and research conducted in threatening nations, provided such activities are not linked to commercial data transfers. It emphasizes that the rule does not mandate the localization of data within the U.S. or prohibit scientific and medical collaboration. The primary focus is on companies that collect and sell data, often facilitating third-party access with little oversight.
The issue is further exacerbated by other nations actively utilizing vast amounts of personal data to advance artificial intelligence and develop sophisticated algorithms. According to the department, such technologies enable the deployment of data in complex campaigns. For instance, AI can be used to identify individuals connected to government structures who might otherwise remain unnoticed.
The list of targeted nations includes North Korea, Cuba, Venezuela, Russia, China, and Iran. The new rules will come into force 90 days after their publication in the Federal Register.
