The U.S. government bans companies from sending bulk data to certain countries.

The United States Department of Justice has established a final rule related to Executive Order 14117, which was signed by President Joe Biden in February 2024. This regulation prohibits the transfer of data of U.S. citizens to several "nations of concern," including China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. According to the Department of Justice, these nations have exhibited behavior that could pose a threat to the national security of the U.S. or the safety of its citizens.

The aim of this measure is to protect U.S. citizens from being targets of cyber espionage and influence campaigns by hostile governments. Assistant Attorney General Matthew G. Olsen, of the National Security Division of the Department of Justice, mentioned that this new national security program aims to prevent the personal data of Americans from being sold to hostile foreign powers, whether through direct purchase or other forms of commercial access.

The final rule, which will take effect in 90 days, outlines the threshold for data transactions that carry an unacceptable level of risk and specifies the different classes of transactions that are prohibited, restricted, or exempt. Companies that violate this order will face civil and criminal penalties. The types of data that cannot be transferred include:

• Covered personal identifiers (such as names linked to device identifiers, social security numbers, driver's licenses, or other governmental identification numbers).
• Precise geolocation data (for example, GPS coordinates).
• Biometric identifiers (facial images, voice patterns, and retina scans).
• Human genomic data and three other categories of 'omic' data (epigenomic, proteomic, and transcriptomic).
• Personal health data (such as height, weight, vital signs, symptoms, and test results).
• Personal financial data (information related to credit cards, bank accounts, and financial obligations).

The Department of Justice clarifies that this rule does not apply to medical, health, or scientific research, nor does it prohibit the general commercial transactions between U.S. citizens and the nations of concern.