The following statement can be attributed to Paul Lekas, Senior Vice President, Global Public Policy and Anton van Seventer, Counsel, Privacy and Data Policy, the Software & Information Industry Association.

Protecting Americans’ sensitive personal information is of critical importance, especially amid rising reports of nation states and bad actors exploiting Americans’ data. We applaud House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Ranking Member Frank Pallone (D-NJ) for holding a hearing on this issue and exploring measures to address security vulnerabilities in the absence of comprehensive federal data privacy and security legislation.

We have concerns however, that H.R. 7520, Protecting Americans’ Data from Foreign Adversaries Act of 2024, will not meaningfully advance this goal and would lead to undesirable outcomes.

Indeed, introduction of this bill comes on the heels of Executive Order 14117 and a rulemaking process kicked off by the Department of Justice on exactly this issue. H.R. 7520 would set up a competing process with different definitions of key terms that will create confusion for industry and the U.S. economy.

In addition, H.R. 7520 would have negative implications for the commercial publishing industry. The bill takes aim at “data brokers,” but not all companies that fit this definition are bad actors. Indeed, commercial publishers – many of whom would be subsumed in this definition – have a critical role in driving the information economy in the United States and globally. Far from presenting a uniform risk to national security, commercial publishers provide critical data for preventing fraud, corruption, and money laundering, especially across the financial services industry.

For more on this, see SIIA’s recent white paper, available here.