DIVISION I—PROTECTING AMERICANS’ DATA FROM FOREIGN ADVERSARIES ACT OF 2024
SEC. 1. SHORT TITLE. This division may be cited as the “Protecting Americans’ Data from Foreign Adversaries Act of 2024”.
SEC. 2. PROHIBITION ON TRANSFER OF PERSONALLY IDENTIFIABLE SENSITIVE DATA OF UNITED STATES INDIVIDUALS TO FOREIGN ADVERSARIES. (a) Prohibition.—It shall be unlawful for a data broker to sell, license, rent, trade, transfer, release, disclose, provide access to, or otherwise make available personally identifiable sensitive data of a United States individual to—
(1) any foreign adversary country; or
(2) any entity that is controlled by a foreign adversary.
(b) Enforcement By Federal Trade Commission.—
(1) UNFAIR OR DECEPTIVE ACTS OR PRACTICES.—A violation of this section shall be treated as a violation of a rule defining an unfair or a deceptive act or practice under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
(2) POWERS OF COMMISSION.—
(A) IN GENERAL.—The Commission shall enforce this section in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this section.
(B) PRIVILEGES AND IMMUNITIES.—Any person who violates this section shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act.
(3) AUTHORITY PRESERVED.—Nothing in this section may be construed to limit the authority of the Commission under any other provision of law.
© Definitions.—In this section:
(1) COMMISSION.—The term “Commission” means the Federal Trade Commission.
(2) CONTROLLED BY A FOREIGN ADVERSARY.—The term “controlled by a foreign adversary” means, with respect to an individual or entity, that such individual or entity is—
(A) a foreign person that is domiciled in, is headquartered in, has its principal place of business in, or is organized under the laws of a foreign adversary country;
(B) an entity with respect to which a foreign person or combination of foreign persons described in subparagraph (A) directly or indirectly own at least a 20 percent stake; or
© a person subject to the direction or control of a foreign person or entity described in subparagraph (A) or (B).
(3) DATA BROKER.—
(A) IN GENERAL.—The term “data broker” means an entity that, for valuable consideration, sells, licenses, rents, trades, transfers, releases, discloses, provides access to, or otherwise makes available data of United States individuals that the entity did not collect directly from such individuals to another entity that is not acting as a service provider.
(B) EXCLUSION.—The term “data broker” does not include an entity to the extent such entity—
(i) is transmitting data of a United States individual, including communications of such an individual, at the request or direction of such individual;
(ii) is providing, maintaining, or offering a product or service with respect to which personally identifiable sensitive data, or access to such data, is not the product or service;
(iii) is reporting or publishing news or information that concerns local, national, or international events or other matters of public interest;
(iv) is reporting, publishing, or otherwise making available news or information that is available to the general public—
(I) including information from—
(aa) a book, magazine, telephone book, or online directory;
(bb) a motion picture;
(cc) a television, internet, or radio program;
(dd) the news media; or
(ee) an internet site that is available to the general public on an unrestricted basis; and
(II) not including an obscene visual depiction (as such term is used in section 1460 of title 18, United States Code); or
(v) is acting as a service provider.
(4) FOREIGN ADVERSARY COUNTRY.—The term “foreign adversary country” means a country specified in section 4872(d)(2) of title 10, United States Code.
(5) PERSONALLY IDENTIFIABLE SENSITIVE DATA.—The term “personally identifiable sensitive data” means any sensitive data that identifies or is linked or reasonably linkable, alone or in combination with other data, to an individual or a device that identifies or is linked or reasonably linkable to an individual.
(6) PRECISE GEOLOCATION INFORMATION.—The term “precise geolocation information” means information that—
(A) is derived from a device or technology of an individual; and
(B) reveals the past or present physical location of an individual or device that identifies or is linked or reasonably linkable to 1 or more individuals, with sufficient precision to identify street level location information of an individual or device or the location of an individual or device within a range of 1,850 feet or less.
(7) SENSITIVE DATA.—The term “sensitive data” includes the following:
(A) A government-issued identifier, such as a Social Security number, passport number, or driver’s license number.
(B) Any information that describes or reveals the past, present, or future physical health, mental health, disability, diagnosis, or healthcare condition or treatment of an individual.
© A financial account number, debit card number, credit card number, or information that describes or reveals the income level or bank account balances of an individual.
(D) Biometric information.
(E) Genetic information.
(F) Precise geolocation information.
(G) An individual’s private communications such as voicemails, emails, texts, direct messages, mail, voice communications, and video communications, or information identifying the parties to such communications or pertaining to the transmission of such communications, including telephone numbers called, telephone numbers from which calls were placed, the time calls were made, call duration, and location information of the parties to the call.
(H) Account or device log-in credentials, or security or access codes for an account or device.
(I) Information identifying the sexual behavior of an individual.
(J) Calendar information, address book information, phone or text logs, photos, audio recordings, or videos, maintained for private use by an individual, regardless of whether such information is stored on the individual’s device or is accessible from that device and is backed up in a separate location.
(K) A photograph, film, video recording, or other similar medium that shows the naked or undergarment-clad private area of an individual.
(L) Information revealing the video content requested or selected by an individual.
(M) Information about an individual under the age of 17.
(N) An individual’s race, color, ethnicity, or religion.
(O) Information identifying an individual’s online activities over time and across websites or online services.
(P) Information that reveals the status of an individual as a member of the Armed Forces.
(Q) Any other data that a data broker sells, licenses, rents, trades, transfers, releases, discloses, provides access to, or otherwise makes available to a foreign adversary country, or entity that is controlled by a foreign adversary, for the purpose of identifying the types of data listed in subparagraphs (A) through (P).
(8) SERVICE PROVIDER.—The term “service provider” means an entity that—
(A) collects, processes, or transfers data on behalf of, and at the direction of—
(i) an individual or entity that is not a foreign adversary country or controlled by a foreign adversary; or
(ii) a Federal, State, Tribal, territorial, or local government entity; and
(B) receives data from or on behalf of an individual or entity described in subparagraph (A)(i) or a Federal, State, Tribal, territorial, or local government entity.
(9) UNITED STATES INDIVIDUAL.—The term “United States individual” means a natural person residing in the United States.
(d) Effective Date.—This section shall take effect on the date that is 60 days after the date of the enactment of this division.
I, as a European, want a PROTECTING EUROPEANS’ DATA FROM FOREIGN ADVERSARIES ACT OF 2024.
Sell or dissolve X, Facebook, Google, Amazon, Instagram, Microsoft, Apple, etc.
First of all, the EU does have protections for their people’s data
Second of all, are you asking the USA to pass an act protecting Europeans? That seems a little odd, but sure I’ll support it. When it gets introduced I’ll call my reps.
Yes, the EU has such regulations, but does not enforce them, especially not against US companies. So, having an explicit law in the European Union that would force it to finally get the asses moving in Brussels would be a nice thing.
Thanks for the write up!
IMO, in general, the more important policy would be to protect our data from domestic companies and gov’ts, as regular citizens.
Our data being collected from domestic companies and gov’t agencies infringes on our rights, while also being a closer threat than foreign gov’ts, lookingat this from regular citizens view.
Gov’t, contractors, and military personnel already have their own way of protecting themselves from foreign countries. Using secure devices and connections, while following their own policies.
In the end, it seems to be pointing toward Tiktok Ban so not sure how well this will go.
From the perspective of our data that’s true, but there’s also the problem of foreign governments using social media as propaganda tools. That’s actually worse, a lot of people believe actual falsehoods due to what they see on social media
For example, tons of people have been misled to think this bill is a TikTok ban.
The bill literally mentioned tiktok and bytedance on the first page when first introduced. They wrote the bill to ban tiktok.
It’s literally not in the entire text of the Bill hovering directly above this thread. You’re literally wrong.
The version of the bill I saw just earlier today (linked from a CNN article a few days ago) mentioned TikTok and ByteDance by name:
Relevant section
(3) FOREIGN ADVERSARY CONTROLLED APPLI -8 CATION .—The term ‘‘foreign adversary controlled application’’ means a website, desktop application, mobile application, or augmented or immersive technology application that is operated, directly or indirectly (including through a parent company, subsidiary, or affiliate), by—
(A) any of—
(i) ByteDance, Ltd.;
(ii) TikTok;
(iii) a subsidiary of or a successor to an entity identified in clause (i) or (ii) that is controlled by a foreign adversary; or
(iv) an entity owned or controlled, directly or indirectly, by an entity identified in clause (i), (ii), or (iii);
This was under the definition of “adversary company.” So it was there at one point.
But that’s a big change, so I’m going to reread the bill to see if I need to revise my opinion on it. But the bill I read linked from CNN earlier today was bad in several ways.
If the bill identified tiktok and byte dance by name they would just rename the app and company to avoid the regulation.
The fact that this law identifies byte dance in the overly verbose and broad language typical of how laws are written does not change the intent.
It sounds like this is your first time reading the full text of a bill, and you are drawing uninformed conclusions.
lol yeah just change your name and you can’t be persecuted for your crimes. Great advice, armchair lawyer.
If the text of this law said that the app “Tiktok” and company “ByteDance” cannot operate in the US, it would be trivial create a new company called, “BitSamba” which operates the “Tuktuk” app, and this specific law would not apply to them.
That is why the bill uses the term “entity that is controlled by a foreign adversary.” Try reading at least one more bill, or any municipal code, then you might start to understand. This is how laws are written. Lawyers are very good at finding loopholes, which is why laws are specifically written defensively to avoid unintended loopholes.
The language of this bill will apply to tiktok. Tiktok is the most notable app that will be effected by it. Which is why everyone who knows what they’re talking about has been calling this the bill that bans tiktok because that is what it does.
Especially the authors of this bill that but the part about it banning tiktok in the first page summary for all the legislators who don’t actually read the full text.
Ah, thanks for explaining your point of view!
I see the gov’t and domestic companies being a way bigger threat than foriegn gov’ts and companies.
Our gov’t has way more control on our media and what we see and hear.
Propaganda from your own gov’t is a much bigger deal. Once you start criticizing and questioning why the status quo has not changed over the last many decades/half century.
This being: more endless wars, more bailouts required for banks, more policing, and more medical debt, more mental health problems, more student debt, and it continues…
All while people are not experiencing an improvement in their day to day lives, it seems.
All in all, I may be in the minority, when it comes to this topic; when talking about the issues that are caused by all of these systematic problems we will continue to face in the future.
Stay hopeful and keep learning!
Is the propaganda from our government in the room with us right now?
I’m sorry to hear living in China is so hard for you.
I currently live in China and I can’t access TikTok here without a VPN
Skill Issue.
Idk why you need a VPN for 抖音
Ah, humor, thanks for trying to make this bleak topic a bit more enjoyable with some comedy!
I didn’t do much of the writing up, it copied over from a dot gov website with minimal editing needed. If something formatted incorrectly then I hope somebody lets me know.
I place the priority of stopping hostile foreign actors before hostile domestic actors, but yeah both bad.
And here’s US Code 4872(d)(2) for reference:
(2) Covered nation.—The term “covered nation” means—
(A) the Democratic People’s Republic of North Korea;
(B) the People’s Republic of China;
© the Russian Federation; and
(D) the Islamic Republic of Iran.
Edit: OP, could you link the bill? I had trouble finding it and read a version linked from CNN a few days ago, and it seems it’s quite different (doesn’t mention TikTok or ByteDance by name anymore in the definitions).
Edit 2: found it. Reading now.
Ok, I’ve had a chance to read through the bill, so here are some notes:
- (g)(3)(A) - mentions TikTok and ByteDance by name as a “foreign adversary controlled application” - so it’s absolutely a “TikTok ban”
- (g)(2)(B) - exclusion for primarily review sites - not sure who this loophole is for, maybe Yelp?
- (a)(1)(A) - it might be illegal for me to host and distribute a way to get access to a foreign controlled application as a private citizen, depending on the definition of “marketplace,” even if it’s just source code
- (g)(1)(b) - applies to applications with 20% ownership by someone in an adversary company - I think this means Fortnite and EGS could be impacted
- (g)(3)(B)(ii) - presidential powers
- (d)(2) and (f) - Attorney General powers and restrictions
I think the bill is problematic, but it’s not nearly as bad as I thought it would be. Powers granted to the Attorney General are pretty limited, though the President seems to have a little less restrictions.
I’m mostly concerned about collateral damage for things like FOSS, but theoretically popular forums hosted in China or Russia could be caught, though I’m guessing enforcement would be minimal.
The most troubling parts to me are:
- 20% ownership standard - doesn’t just apply to the CCP, but anyone in an adversary country, so I think this includes Fortnite and Epic Games generally, and probably other popular games and services funded by Chinese investors (as long as you can post something, it counts)
- the President can decide that propose pretty much any piece of software as an “adversary controlled application” with only a notice given to Congress
- precedent set by calling out a specific product and org (TikTok and ByteDance are mentioned by name)
