In April 2024, the PADFAA was signed into law as part of a broader national security package that makes it unlawful for data brokers to sell or transfer “personally identifiable sensitive data” of U.S. persons to entities that are controlled by foreign adversaries, primarily China, Russia, Iran, and North Korea. On February 28, 2024, Former President Biden issued Executive Order 14117 directing the DOJ to establish the DSP with regulations that both implement and expand upon the PADFAA. In early 2025, the DSP regulations were finalized with the Final Rule published on January 8, 2025, effective on April 11, 2025.
This advisory addresses several issues which entities and individuals should immediately consider, including who is affected, the types of data and transactions that are covered, the countries identified as foreign adversaries, prohibited vs. restricted transactions, compliance requirements, and enforcement and penalties.
Authors:
Jodutt M. Basrawi
Email: basrawi@clm.com
Jenny Frank
Email: frank@clm.com
Jack Griem
Email: griem@clm.com
Matthew D. Dunn
Email: mdunn@clm.com