Legislation introduced this week would make it illegal for companies to export data generated by people living in the U.S. to certain countries where that data could pose a national security risk.
Federal agencies already regulate the kinds of technologies and industrial data that can be sold abroad, but a new bill introduced by Sen. Ron Wyden, D-Ore., would be the first to prohibit the sale of individuals’ data by a third party.
“Shady data brokers shouldn’t get rich selling Americans’ private data to foreign countries that could use it to threaten our national security,” Wyden said in a statement after introducing the legislation. “My bill would set up common sense rules for how and where sensitive data can be shared overseas, to make sure that foreign criminals and spies don’t get their hands on it.”
But in order to protect the data, regulators first must know exactly what they’re regulating.
The Protecting Americans’ Data from Foreign Surveillance Act would first categorize the types of personal data people generate each day, and identify which data types could be used by foreign adversaries to the detriment of the U.S. In establishing the categories, regulators would be instructed to look at data collected by commercial entities; data that has already been shared with foreign adversaries; and both identifiable and anonymized data, if the latter can be reverse engineered using other data sources.
The categorization work—spread across multiple agencies, working together—would be completed one year after the bill was enacted.
“In compiling the list of categories, the interagency process shall consider publicly av ..