USCBC Comment on National Security Division; Provisions Regarding Access to Americans’ Bulk Sensitive Personal Data and Government-Related Data by Countries of Concern

Department of Justice, National Security Division, Docket No. NSD 104

The US-China Business Council (USCBC) welcomes the opportunity to submit comments to the National Security Division of the Department of Justice (DOJ) regarding the Notice of Proposed Rulemaking (NPRM) 89 FR 86116 (October 29, 2024), outlining the proposed implementation of the regulations contemplated by the Executive Order (EO) 14117 of February 28, 2024, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.”

USCBC represents more than 270 American companies that do business in China. Our membership includes some of the largest and most iconic American brands, in addition to small- and medium-sized enterprises. Our members represent a wide range of industries and sectors, including manufacturers, professional services, life-sciences, technology, financial services, and others.

As raised previously in our ANPRM submission to the DOJ, USCBC supports the US government’s efforts to protect Americans’ sensitive personal and government related data. Today’s interconnected and digital world requires a shared determination between the public and private sector to stop malicious actors from harming American citizens and entities.

USCBC commends the DOJ for incorporating certain key proposals from our ANPRM submission. We support the inclusions of exemptions for corporate group transactions to maintain business continuity, particularly between a US parent company and its subsidiary in China. We also endorse the new exemptions for telecommunications, certain health data, and pharmaceutical and medical device authorizations. These measures will help more easily facilitate commercial transactions and advance healthcare for US patients, reflecting the low national security risk posed by data disclosures for these purposes, while also ensuring that US firms are given the flexibility needed to pursue commercial opportunities in crucial growth areas and deliver innovative healthcare products.

However, USCBC is concerned that many elements of the proposed rule are overly broad or lack appropriate definitional refinement needed for business compliance. USCBC strongly supports further refinement of specific definitions, outlined in our letter, as doing so will ensure that the rules do not impact a swathe of business activities beyond their intended purview. Additionally, upward adjustments to the thresholds are urgently needed to reflect the rulemakers’ nuanced intent to regulate “bulk transactions” and to enable regulators to focus on the most impactful data transfers. This is especially critical concerning the NPRM’s definitions of “human genomic data,” “human biospecimens,” “clinical trials,” “sensitive personal data,” and “data brokerage.” USCBC also recommends expanding the exemption for corporate group transactions and clarifying exemptions related to employment and financial services. Without such refinements, the rule risks impeding routine operations and public health initiatives aimed at protecting and improving the health of Americans. We urge DOJ to proactively engage with industry as it further refines the proposed data restrictions.

In our comments below, USCBC strives to act as a resource to the DOJ. Our submission provides specific feedback on key definitions, concepts, and elements posed in the NPRM.

 

Read full comment

YOU'RE INVITED
Forecast 2025

Forecast 2025