Protecting Americans' Data From Foreign Surveillance Act of 2023
This bill establishes certain export controls on personal data of U.S. nationals and individuals living in the United States.
Specifically, the bill directs the Department of Commerce (in coordination with specified federal agencies) to identify categories of personal data that could be exploited by foreign governments or foreign adversaries and harm U.S. national security if exported, reexported, or in-country transferred in a quantity that exceeds the threshold established by Commerce.
The bill outlines the requirements for establishing this threshold. Commerce must seek to balance the need to protect personal data from exploitation by foreign governments and foreign adversaries against the likelihood of (1) impacting legitimate business activities, research activities, and other activities that do not harm the national security of the United States; or (2) chilling speech protected by the First Amendment.
The bill also requires Commerce to impose appropriate controls on the export, reexport, or in-country transfer of covered personal data, including through interim controls (e.g., informing a person that a license is required). Commerce may not impose a requirement for a license or other authorization pursuant to specified transactions, such as those in which the personal data is encrypted with technology that is certified by the National Institute of Standards and Technology.
The bill applies certain export control penalties to officers or employees of an organization who knew or should have known that another employee was directed to illegally export covered personal data in violation of this bill.