personal data

Subscribe to personal data via RSS

On July 9, 2025, the Department of Justice (“DOJ”) commenced enforcement of its new Data Security Program (“DSP”) to prevent foreign adversaries from accessing sensitive U.S. data. Created earlier this year, the program seeks to prevent China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela (collectively, the “Countries of Concern”), as well as foreign entities or individuals with significant ties to these nations, from gaining access to U.S. government-related data and certain categories of U.S. sensitive personal data. Importantly, the rules apply “regardless of whether the data is anonymized, pseudonymized, de-identified or encrypted.” According to the DOJ, the threat of foreign adversaries collecting and weaponizing U.S. data had become “increasingly urgent, and ensuring prompt compliance with the DSP’s requirements is critical to addressing the administration’s priorities and stopping the flow of U.S. sensitive personal data and government-related data to countries of concern.” The seriousness of any infraction is reflected in the program’s steep civil and criminal penalties. Violators of the DSP could be subject to fines up to $368,136 per violation, or twice the value of each transaction in violation, whichever is greater. Willful violators could face imprisonment of up to 20 years and a $1 million fine.

Last month, TikTok sued Montana’s attorney general—alleging the state’s recent TikTok ban is unconstitutional and is preempted by federal law.

On May 17, Montana Governor Greg Gianforte signed a first-of-its-kind law banning TikTok from operating in the state, in order “[t]o protect Montanans’ personal, private, and sensitive data and information from intelligence gathering by the Chinese Communist Party.”

On May 19, 2021, the United Kingdom’s Competition and Markets Authority (“CMA”) and the Information Commissioner’s Office (“ICO”) published a joint statement setting out their shared views on the relationship between competition and data protection in the digital economy.

Both authorities recognize that the digital economy has the potential to have a hugely positive impact on people’s lives, from improvements to public services to companies driving innovations that can make. However, they have made clear that their collective position is that this can best be achieved where digital markets are competitive, consumer and data protection rights are respected, and citizens are empowered to exercise meaningful control over their own data. In their view, there are strong synergies between the interests of data protection and competition, as demonstrated by the close working relationship which has developed between the CMA and ICO in recent years.