Protecting Americans' Data From Foreign Surveillance Act of 2023

Protecting Americans' Data From Foreign Surveillance Act of 2023

This bill establishes certain export controls on personal data of U.S. nationals and individuals living in the United States.

Specifically, the bill directs the Department of Commerce (in coordination with specified federal agencies) to identify categories of personal data that could be exploited by foreign governments or foreign adversaries and harm U.S. national security if exported, reexported, or in-country transferred in a quantity that exceeds the threshold established by Commerce.

The bill outlines the requirements for establishing this threshold. Commerce must seek to balance the need to protect personal data from exploitation by foreign governments and foreign adversaries against the likelihood of (1) impacting legitimate business activities, research activities, and other activities that do not harm the national security of the United States; or (2) chilling speech protected by the First Amendment.

The bill also requires Commerce to impose appropriate controls on the export, reexport, or in-country transfer of covered personal data, including through interim controls (e.g., informing a person that a license is required). Commerce may not impose a requirement for a license or other authorization pursuant to specified transactions, such as those in which the personal data is encrypted with technology that is certified by the National Institute of Standards and Technology.

The bill applies certain export control penalties to officers or employees of an organization who knew or should have known that another employee was directed to illegally export covered personal data in violation of this bill.

Bill 118 hr 4108, also known as the Protecting Americans' Data From Foreign Surveillance Act of 2023, aims to enhance the protection of Americans' personal data from foreign surveillance. The bill focuses on safeguarding sensitive information such as financial records, health data, and other personal information that could be targeted by foreign entities for surveillance purposes.

The key provisions of the bill include requiring companies that collect and store Americans' data to implement stronger security measures to prevent unauthorized access by foreign governments or entities. This includes encryption protocols, regular security audits, and notification requirements in the event of a data breach.

Additionally, the bill establishes a framework for cooperation between the US government and private sector companies to share information about potential threats to Americans' data security. This collaboration is intended to enhance the ability to detect and respond to foreign surveillance activities targeting US citizens. Furthermore, the bill includes provisions for increased oversight and accountability for companies that handle Americans' data, including penalties for non-compliance with the new security requirements. This is aimed at ensuring that companies take their responsibility to protect Americans' data seriously and prioritize data security in their operations. Overall, the Protecting Americans' Data From Foreign Surveillance Act of 2023 seeks to strengthen the protection of Americans' personal information from foreign surveillance threats, enhance collaboration between the government and private sector on data security, and hold companies accountable for safeguarding sensitive data.