Congressional Record, Volume 170 Issue 48 (Tuesday, March 19, 2024)

[Congressional Record Volume 170, Number 48 (Tuesday, March 19, 2024)]
[House]
[Pages H1216-H1219]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

PROTECTING AMERICANS' DATA FROM FOREIGN ADVERSARIES ACT OF 2024

Mrs. RODGERS of Washington. Madam Speaker, I move to suspend the
rules and pass the bill (H.R. 7520) to prohibit data brokers from
transferring sensitive data of United States individuals to foreign
adversaries, and for other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:

H.R. 7520

Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Protecting Americans' Data
from Foreign Adversaries Act of 2024''.

SEC. 2. PROHIBITION ON TRANSFER OF PERSONALLY IDENTIFIABLE
SENSITIVE DATA OF UNITED STATES INDIVIDUALS TO
FOREIGN ADVERSARIES.

(a) Prohibition.--It shall be unlawful for a data broker to
sell, license, rent, trade, transfer, release, disclose,
provide access to, or otherwise make available personally
identifiable sensitive data of a United States individual
to--
(1) any foreign adversary country; or
(2) any entity that is controlled by a foreign adversary.
(b) Enforcement by Federal Trade Commission.--
(1) Unfair or deceptive acts or practices.--A violation of
this section shall be treated as a violation of a rule
defining an unfair or a deceptive act or practice under
section 18(a)(1)(B) of the Federal Trade Commission Act (15
U.S.C. 57a(a)(1)(B)).
(2) Powers of commission.--
(A) In general.--The Commission shall enforce this section
in the same manner, by the same means, and with the same
jurisdiction, powers, and duties as though all applicable
terms and provisions of the Federal Trade Commission Act (15
U.S.C. 41 et seq.) were incorporated into and made a part of
this section.
(B) Privileges and immunities.--Any person who violates
this section shall be subject to the penalties and entitled
to the privileges and immunities provided in the Federal
Trade Commission Act.
(3) Authority preserved.--Nothing in this section may be
construed to limit the authority of the Commission under any
other provision of law.
(c) Definitions.--In this section:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Controlled by a foreign adversary.--The term
``controlled by a foreign adversary'' means, with respect to
an individual or entity, that such individual or entity is--
(A) a foreign person that is domiciled in, is headquartered
in, has its principal place of business in, or is organized
under the laws of a foreign adversary country;
(B) an entity with respect to which a foreign person or
combination of foreign persons described in subparagraph (A)
directly or indirectly own at least a 20 percent stake; or
(C) a person subject to the direction or control of a
foreign person or entity described in subparagraph (A) or
(B).
(3) Data broker.--
(A) In general.--The term ``data broker'' means an entity
that, for valuable consideration, sells, licenses, rents,
trades, transfers, releases, discloses, provides access to,
or otherwise makes available data of United States
individuals that the entity did not collect directly from
such individuals to another entity that is not acting as a
service provider.
(B) Exclusion.--The term ``data broker'' does not include
an entity to the extent such entity--
(i) is transmitting data of a United States individual,
including communications of such an individual, at the
request or direction of such individual;
(ii) is providing, maintaining, or offering a product or
service with respect to which personally identifiable
sensitive data, or access to such data, is not the product or
service;
(iii) is reporting or publishing news or information that
concerns local, national, or international events or other
matters of public interest;
(iv) is reporting, publishing, or otherwise making
available news or information that is available to the
general public--

(I) including information from--

(aa) a book, magazine, telephone book, or online directory;
(bb) a motion picture;
(cc) a television, internet, or radio program;
(dd) the news media; or
(ee) an internet site that is available to the general
public on an unrestricted basis; and

(II) not including an obscene visual depiction (as such
term is used in section 1460 of title 18, United States
Code); or

(v) is acting as a service provider.
(4) Foreign adversary country.--The term ``foreign
adversary country'' means a country specified in section
4872(d)(2) of title 10, United States Code.
(5) Personally identifiable sensitive data.--The term
``personally identifiable sensitive data'' means any
sensitive data that identifies or is linked or reasonably
linkable, alone or in combination with other data, to an
individual or a device that identifies or is linked or
reasonably linkable to an individual.
(6) Precise geolocation information.--The term ``precise
geolocation information'' means information that--
(A) is derived from a device or technology of an
individual; and
(B) reveals the past or present physical location of an
individual or device that identifies or is linked or
reasonably linkable to 1 or more individuals, with sufficient
precision to identify street level location information of an
individual or device or the location of an individual or
device within a range of 1,850 feet or less.
(7) Sensitive data.--The term ``sensitive data'' includes
the following:
(A) A government-issued identifier, such as a Social
Security number, passport number, or driver's license number.
(B) Any information that describes or reveals the past,
present, or future physical health, mental health,
disability, diagnosis, or healthcare condition or treatment
of an individual.
(C) A financial account number, debit card number, credit
card number, or information that describes or reveals the
income level or bank account balances of an individual.
(D) Biometric information.
(E) Genetic information.
(F) Precise geolocation information.
(G) An individual's private communications such as
voicemails, emails, texts, direct messages, mail, voice
communications, and video communications, or information
identifying the parties to such communications or pertaining
to the transmission of such communications, including
telephone numbers called, telephone numbers from which calls
were placed, the time calls were made, call duration, and
location information of the parties to the call.
(H) Account or device log-in credentials, or security or
access codes for an account or device.
(I) Information identifying the sexual behavior of an
individual.
(J) Calendar information, address book information, phone
or text logs, photos, audio recordings, or videos, maintained
for private use by an individual, regardless of whether such
information is stored on the individual's device or is
accessible from that device and is backed up in a separate
location.
(K) A photograph, film, video recording, or other similar
medium that shows the naked or undergarment-clad private area
of an individual.
(L) Information revealing the video content requested or
selected by an individual.
(M) Information about an individual under the age of 17.
(N) An individual's race, color, ethnicity, or religion.

[[Page H1217]]

(O) Information identifying an individual's online
activities over time and across websites or online services.
(P) Information that reveals the status of an individual as
a member of the Armed Forces.
(Q) Any other data that a data broker sells, licenses,
rents, trades, transfers, releases, discloses, provides
access to, or otherwise makes available to a foreign
adversary country, or entity that is controlled by a foreign
adversary, for the purpose of identifying the types of data
listed in subparagraphs (A) through (P).
(8) Service provider.--The term ``service provider'' means
an entity that--
(A) collects, processes, or transfers data on behalf of,
and at the direction of--
(i) an individual or entity that is not a foreign adversary
country or controlled by a foreign adversary; or
(ii) a Federal, State, Tribal, territorial, or local
government entity; and
(B) receives data from or on behalf of an individual or
entity described in subparagraph (A)(i) or a Federal, State,
Tribal, territorial, or local government entity.
(9) United states individual.--The term ``United States
individual'' means a natural person residing in the United
States.
(d) Effective Date.--This section shall take effect on the
date that is 60 days after the date of the enactment of this
Act.

The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from
Washington (Mrs. Rodgers) and the gentleman from New Jersey (Mr.
Pallone) each will control 20 minutes.
The Chair recognizes the gentlewoman from Washington.

General Leave

Mrs. RODGERS of Washington. Madam Speaker, I ask unanimous consent
that all Members may have 5 legislative days in which to revise and
extend their remarks and include extraneous material in the Record on
the bill.
The SPEAKER pro tempore. Is there objection to the request of the
gentlewoman from Washington?
There was no objection.
Mrs. RODGERS of Washington. Madam Speaker, I yield myself such time
as I may consume.
I rise today in support of H.R. 7520, the Protecting Americans' Data
from Foreign Adversaries Act of 2024.
Data brokers are harvesting people's sensitive data and selling or
sharing it without people's knowledge or consent. To make matters
worse, they often do this without any safeguards against this sensitive
information going to foreign adversaries who could easily exploit it
for nefarious purposes.
This sensitive information includes everything from a person's
physical and mental health to their geolocation data. Oftentimes, it is
sold to the highest bidder, including to foreign adversaries like China
and the companies they control.
H.R. 7520 will limit how data brokers are able to share Americans'
personally identifiable and sensitive information abroad.
I commend my Energy and Commerce Committee colleague Ranking Member
Pallone for his leadership on this legislation. It is an important
complement to our ongoing efforts to establish a comprehensive data
privacy standard, one that cracks down on abuses of Americans' personal
information by narrowing the information that is collected in the first
place and putting people back in control of their personal information.
Today is an opportunity to send a very clear message that the U.S.
will not tolerate the continued targeting, surveilling, and
exploitation of Americans' data.
This bill advanced out of our committee with a unanimous, bipartisan
50-0 vote. I look forward to it passing the House this week, and I
reserve the balance of my time.
Mr. PALLONE. Madam Speaker, I yield myself such time as I may
consume.
Madam Speaker, I rise in strong support of H.R. 7520, the Protecting
Americans' Data from Foreign Adversaries Act. I thank Chair Rodgers for
all her help in bringing this bill to the floor today.
National security experts are sounding the alarm, warning that the
government of Beijing in China and other foreign adversaries are
amassing troves of sensitive data about individual Americans. That
information can be used to launch sophisticated influence campaigns,
conduct espionage, undermine Americans' privacy expectations, and
otherwise impair American interests.
Just last week, this Chamber took decisive, bipartisan action to
mitigate the national security and privacy threat that was posed by
foreign-owned or -controlled social media applications collecting
Americans' information by passing H.R. 7521, the Protecting Americans
from Foreign Adversary Controlled Applications Act.
Today, we take further action to close the pipeline of Americans'
sensitive information flowing to our foreign adversaries. This bill
prohibits the data brokers from selling Americans' sensitive personal
information to China, Russia, North Korea, Iran, and to entities
controlled by those countries.
Data brokers collect and sell billions of data elements on nearly
every consumer in the United States, including information about
children and active members of the U.S. military.
With this sensitive information, data brokers and their customers can
make invasive inferences about an individual, including inferences
about a person's travel patterns, health, political beliefs, personal
interests, and financial well-being. Right now, there are no
restrictions on who they can sell this information to.
Most Americans are unaware that data brokers complete detailed
dossiers about their interests, beliefs, actions, and movements. Even
when they are aware that these dossiers of sensitive information are
being compiled, Americans are powerless to stop this invasion of
privacy. While the best response to the privacy risk posed by data
brokers is a comprehensive national data privacy law, I firmly believe
we must do what we can now to prevent data brokers from selling
Americans' personal data to our foreign adversaries.
The breadth and scope of sensitive personal information aggregated by
data brokers makes the sale of that data to our foreign adversaries a
unique threat to national security and individual privacy. The Office
of the Director of National Intelligence has concluded that
commercially available data provides foreign adversaries with a
valuable stream of intelligence, rivaling the effectiveness of
sophisticated surveillance techniques. Researchers from Duke University
successfully purchased sensitive information about Active-Duty members
of the military, their families, and veterans from data brokers.

{time} 1730

Their research has concluded that foreign and malicious actors could
use data from data brokers to undermine America's national security.
This legislation complements the work done by this body last week to
curb the threat posed by apps owned or controlled by foreign
adversaries by closing a loophole that would allow those entities to
simply buy sensitive information on Americans from data brokers. Unless
we pass H.R. 7520, data brokers will still be permitted to aggregate
information with vast amounts of Americans' sensitive data and sell it
to the highest bidder, including foreign adversaries.
Again, I thank our chair, Cathy McMorris Rodgers, for her partnership
on the Protecting Americans' Data from Foreign Adversaries Act, which
unanimously passed the House Energy and Commerce Committee by a 50-0
vote.
Madam Speaker, I urge my colleagues to support this bill, and I
reserve the balance of my time.
Mrs. RODGERS of Washington. Madam Speaker, I yield 3 minutes to the
gentleman from Florida (Mr. Bilirakis), who is the chairman of the
subcommittee.
Mr. BILIRAKIS. Madam Speaker, I rise in strong support of H.R. 7520,
the Protecting Americans' Data from Foreign Adversaries Act.
Last week, the House took historic action to protect Americans' data
from foreign-owned subsidiaries such as ByteDance. Today, we have
legislation that will protect Americans' data privacy from data brokers
seeking to sell our personally identifiable sensitive information to
these foreign entities.
The subcommittee that I chair has done significant work to get this
done to lay the foundation for why we need a strong Federal data
privacy and security law and why a Federal standard is needed to
protect Americans here at home while balancing the needs of business,
government, and civil society.

[[Page H1218]]

As there is no Federal comprehensive data privacy and security law,
data brokers are often unfettered when it comes to selling personally
identifiable information. Our adversaries can all too easily purchase
this sensitive data of American citizens, including information that
identifies our servicemen and -women, and can target individuals based
on their connection to the military and the Federal Government more
broadly.
H.R. 7520 will prohibit data brokers from selling our personally
identifiable sensitive information and ensure proper enforcement
authorities are in place to go after these bad actors.
This small and targeted change to an otherwise free market will help
ensure citizens' personal data is kept safe from entities seeking to
manipulate Americans, while still respecting broader business decisions
in the marketplace.
I thank Chair Rodgers and Ranking Member Pallone for their great work
here on this particular issue. It takes leadership, Madam Speaker, and
we have it here in the Energy and Commerce Committee. Our wonderful
staff is the best. They are second to none, and they got this done.
To me, this only underscores the need to complete our subcommittee's
top priority this Congress. We must enact a comprehensive Federal data
privacy and security law as soon as possible.
Madam Speaker, I urge my colleagues to support H.R. 7520. This is
vital for our national security. As many alluded to last week, I urge
my colleagues to support our efforts on moving forward toward enacting
stronger data privacy and security protections broadly for Americans
nationwide. So great work has been done by the leadership and the
committee in the full Congress. Let's get this across the finish line
and over to the United States Senate and the President's desk.
Mr. PALLONE. Madam Speaker, I yield 2 minutes to the gentlewoman from
Illinois (Ms. Schakowsky), who is the ranking member of our
Subcommittee on Innovation, Data, and Commerce.
Ms. SCHAKOWSKY. Madam Speaker, I am thankful for the opportunity to
talk about this because Americans are very worried about how their data
is being used. They want to know who is collecting it, where it is
going, and how it is being used.
For far too long, people's privacy has been invaded. They don't know
exactly how, and they don't know exactly who. In fact, one of the big
players, of course, are the data brokers.
Now, Madam Speaker, ask anyone on the street: Who are data brokers?
What do they do?
These are the people who buy, sell, and trade your information. Most
people don't have a clue about that.
So this legislation makes a good step forward when it says that none
of this information that is collected by data brokers can go to China
or any other adversary information that we have listed in this
legislation.
It is time, though, I want to add, that while this bill is important
for national security and for the security of our people, right now
people's data is at risk and children's data is at risk.
We need comprehensive reform on privacy, and we did that in the
Energy and Commerce Committee last Congress where we passed the
American Data and Privacy Protection Act, and we need to go forward.
People are tired of not only wondering how are so many people
collecting our data but how are they buying and selling it. It is a
national security interest. This bill is important, but we have to go a
step further.
Mrs. RODGERS of Washington. Madam Speaker, I yield 1 minute to the
gentleman from Michigan (Mr. Walberg).
Mr. WALBERG. Madam Speaker, I thank the chairwoman for the time.
Madam Speaker, I rise today in support of H.R. 7520, the Protecting
Americans' Data from Foreign Adversaries Act.
H.R. 7520 is the next step in securing Americans' sensitive data from
China and other adversaries. The bipartisan legislation would prohibit
data brokers from selling our constituents' health history, precise
geolocation, biometric data, and other extremely personal information
to North Korea, Iran, China, and Russia, or any entity controlled by
those countries.
It also specifically includes protections for servicemembers and for
any data from those under the age of 17.
This is a commonsense measure that piggybacks off our efforts to
decouple TikTok from the Chinese Communist Party and protect our
national security.
Our foreign adversaries should not have access to our most sensitive
data. Allowing so risks manipulation and espionage.
The bill is also another step in our efforts to protect Americans'
privacy online. We will continue to work toward comprehensive data
privacy protections, and especially protections for kids and teens
online.
Madam Speaker, this legislation is the right move for our
constituents' privacy and security, and I encourage my colleagues to
support it.
Mr. PALLONE. Madam Speaker, I yield 2 minutes to the gentleman from
Illinois (Mr. Krishnamoorthi), who is the ranking member of the Select
Committee on the Chinese Communist Party and was the Democratic sponsor
of the other bill that we passed last week.
Mr. KRISHNAMOORTHI. Madam Speaker, I thank Chair McMorris Rodgers and
Ranking Member Pallone for their extraordinary leadership in protecting
our privacy and our data privacy. I thank them for their excellent
leadership in helping to pass legislation last week that is going to
force ByteDance to sell TikTok precisely because the CCP can access
Americans' sensitive data under its current ownership.
This bill is extremely, extremely important.
Why?
It is important because it prevents our foreign adversaries from
buying American data through other sources.
Right now, so-called data brokers can sell Americans' sensitive data
in bulk, including internet browsing history and geolocation data, and
they can resell it to foreign adversaries who can then target military
personnel, public officials, and others.
This bill addresses this national security threat head-on by
prohibiting data brokers from selling our data to foreign adversaries.
It is an excellent complement to the bill that we passed just last week
with regard to ByteDance, TikTok, and foreign adversary-owned social
media applications.
This bill needs to pass, and it needs to pass now.
Madam Speaker, I am so proud to strongly support H.R. 7520, and I ask
all of my colleagues to unanimously pass this bill today.
Mrs. RODGERS of Washington. Madam Speaker, I yield 1\1/2\ minutes to
the gentleman from Pennsylvania (Mr. Joyce).
Mr. JOYCE of Pennsylvania. Madam Speaker, I thank the gentlewoman for
yielding.
Madam Speaker, at a time when the Chinese Communist Party is
continuing to expand its reach, we in Congress must act quickly to
protect American user data.
Preventing data brokers from selling this information to those who
wish to harm Americans is a vital step toward protecting our interests
and securing sensitive and vulnerable information from falling into the
hands of our adversaries.
This legislation would ensure that nations like China, North Korea,
Iran, and Russia would no longer be able to purchase geolocation or
biomedical data on our servicemembers. Personal information of our
Active-Duty military must be safeguarded.
Above all, we must ensure that all Americans have confidence that
their data is being protected and that their information is secure.
This legislation is a commonsense step to help keep all Americans safe.
Madam Speaker, I urge all of my colleagues to vote in favor of H.R.
7520.
Mr. PALLONE. Madam Speaker, I yield myself the balance of my time to
close.
Madam Speaker, this bill, in my opinion, is an excellent example of
how our committee, the Energy and Commerce Committee, works together on
a bipartisan basis.
We, frankly, heard from the various Federal agencies, whether it was
the Justice Department, national security, or FBI, that it was
necessary to address the issue of data that was being

[[Page H1219]]

basically passed on to our adversaries, particularly Beijing, and we
crafted two bills. One has been referred to as the TikTok bill which we
passed last week, and the other is the data brokers bill that will pass
today.
It is no surprise that in our committee in a roll call vote we had 50
members, Democrats and Republicans, vote for this. None voted against
it.
I am certainly suggesting that this is something that is very
important. Both bills need to pass. One already did. I also think it is
an excellent example of how this Congress, this House, and our
committee, in particular, can work together on something that relates
to national security and privacy.
As Ms. Schakowsky has said, and I know Chair Rodgers has said, we
need a national data privacy bill. This is the beginning, I believe, of
that process. It is also one of the most important aspects of it
because it does affect our national security.
Madam Speaker, I am proud I can say that we worked together on this.
I will certainly urge that the House do the same: vote this bill
unanimously and send it over to the Senate for further action.
Madam Speaker, I yield back the balance of my time.
Mrs. RODGERS of Washington. Madam Speaker, I yield myself the balance
of my time to close.
Madam Speaker, I urge a ``yes'' vote on this bill that would prohibit
data brokers from profiting off the sale or the transfer of sensitive
data of U.S. individuals and specifically that of U.S. military
servicemembers to a foreign adversary country or any entity that is
controlled by such country.
The term ``controlled by a foreign adversary'' parallels the
definition of H.R. 7521, the Protecting Americans from Foreign
Adversary Controlled Applications Act, that we passed last week out of
the House 352-65.
I believe that this is very important legislation also to complement
that effort and our continued work to enact legislation that would
bring a national privacy and data security law into place.
Madam Speaker, I urge my colleagues to vote ``yes,'' and I yield back
the balance of my time.

{time} 1745

The SPEAKER pro tempore. The question is on the motion offered by the
gentlewoman from Washington (Mrs. Rodgers) that the House suspend the
rules and pass the bill, H.R. 7520, as amended.
The question was taken.
The SPEAKER pro tempore. In the opinion of the Chair, two-thirds
being in the affirmative, the ayes have it.
Mr. PALLONE. Madam Speaker, on that I demand the yeas and nays.
The yeas and nays were ordered.
The SPEAKER pro tempore. Pursuant to clause 8 of rule XX, further
proceedings on this motion will be postponed.

____________________