- US Department of Justice Issues Final Rule on Executive Order Executive Order 14117
- Large data transactions from US citizens to hostile nations will be banned
- The ban will protect US national security by preventing US citizens from being mass targets of cyber espionage and foreign influence.
The US Department of Justice has issued a final rule on Executive Order 14117, which President Joe Biden signed in February 2024, which prevents the movement of US citizens’ data to several “countries of concern.”
The list of countries consists of China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia and Venezuela, all of which, according to the Justice Department, have “engaged in a long-term pattern or in cases serious acts of conduct significantly adverse to the national security of the United States or the safety of American persons.”
He added that these nations could “access and exploit the vast amount of sensitive personal data of Americans and certain data related to the US government.”
No US data on hostile nations
The final rule will take effect in 90 days, and Deputy Attorney General Matthew G. Olsen of the Department of Justice’s National Security Division stated: “This powerful new national security program is designed to ensure that the personal data of Americans are no longer allowed. be sold to hostile foreign powers, whether through direct purchase or other means of commercial access.”
The Executive Order aims to prevent countries generally hostile to the US from using the data of US citizens in influence and cyber espionage campaigns, as well as from creating profiles of US citizens to be used in social engineering, phishing, blackmail campaigns. and identity theft. .
The final rule establishes the threshold for data transactions that carry an unacceptable level of risk, along with the different classes of transactions that are prohibited, restricted, or exempt. Companies that violate the order will face civil and criminal penalties. The types of prohibited data are:
- Certain covered personal identifiers (e.g., names linked to device identifiers, social security numbers, driver’s license or other government identification numbers)
- Precise geolocation data (e.g. GPS coordinates)
- Biometric identifiers (e.g., facial images, fingerprints and voice patterns, and retina scans)
- Human genomic data and three other types of human omics data (epigenomics, proteomics, or transcriptomics)
- Personal health data (e.g., height, weight, vital signs, symptoms, test results, diagnosis, digital dental records, and psychological diagnoses)
- Personal financial data (e.g. information relating to an individual’s credit cards, debit cards, bank accounts and financial liabilities, including payment history)
The Justice Department also noted that the final rule does not apply to “medical, health, or scientific research or the development and marketing of new drugs” and “nor does it generally prohibit U.S. persons from engaging in commercial transactions, including the exchange of financial and other data as such. part of the sale of commercial goods and services with countries of interest or covered persons, or impose measures aimed at broader decoupling of the substantial consumer, economic, scientific and commercial relationships that the United States has with other countries.
Through Hacker News
