The U.S. launches new rules to prevent China, Russia and six other countries from obtaining people’s data to prevent cyberattacks and blackmail. TikTok is the first to bear the brunt._1

The Department of Justice has introduced new regulations aimed at preventing countries such as China, Russia, Iran, Venezuela, Cuba, and North Korea from accessing sensitive American data, including financial information and genomic databases. This initiative was announced on October 21 and seeks to protect a vast amount of personal data belonging to American citizens by restricting specific commercial transactions.

According to a Reuters report, this proposal, first hinted at in March, is designed to implement an executive order signed by President Biden in February, which aims to thwart foreign adversaries from exploiting accessible American financial, genomic, and health data for cyberattacks, espionage, and extortion.

U.S. officials are particularly concerned about these six nations acquiring large datasets regarding American citizens. The data of concern includes biometric information, health records, DNA, geographical location data, Social Security numbers, and bank account details. Access to such information would allow foreign governments to gain significant insights into individual consumption habits, personal preferences, and visits to sensitive locations such as religious sites and government facilities.

The Justice Department stated, “This data can subsequently be used for cyberattacks, extortion, espionage, and the intimidation of activists, scholars, political figures, and journalists, along with engaging in other malicious activities. These countries employ advanced technologies like big data analytics, artificial intelligence, and high-performance computing to more effectively control and utilize this data.”

The U.S. government has consistently sought to prevent the flow of citizens’ personal information to China, a move rooted in ongoing trade and technology tensions. In 2018, the Committee on Foreign Investment in the United States (CFIUS) blocked China’s Ant Financial from acquiring MoneyGram International due to security concerns about how related data could identify American citizens.

Officials have indicated that data brokers aware that their information will ultimately reach “hostile nations” will be prohibited from engaging in such transactions. Additionally, any data transfers involving U.S. government personnel will also be banned.

On October 21, details were released concerning the types and quantities of data that cannot be transmitted, which include genomic data of over 100 Americans, personal health or financial data of more than 10,000 individuals, and precise location data transmitted through more than a thousand American devices.

The newly proposed regulations will grant the Justice Department the authority to enforce these rules through criminal and civil penalties. Officials warned that if applications like TikTok, the international version of the Chinese app Douyin, were to transmit sensitive data of American users back to their parent company in China, that could also lead to violations of the new rules.