U.S. Federal Gov't Proposes Oversight of Foreign Investments in Companies Handling Sensitive Data

The U.S. Department of the Treasury issued proposed regulations that would comprehensively implement the Foreign Investment Risk Review Modernization Act (FIRRMA) which was signed into law last year. 

FIRRMA empowers the interagency Committee on Foreign Investment in the United States (CFIUS) to examine and permit or ban foreign investment transactions that give the foreign investor certain powers at the target company. The powers that trigger prior review and approval of the investment by CFIUS include, among others, a seat given to the foreign investor at the company’s board of directors, or the exertion of substantial influence of the U.S. business’s activities relating to sensitive personal data of U.S. citizens.

The proposed regulations define “Sensitive personal data” to include ten categories of data such as financial, genetic, biometric, geolocation, and health data, among others. CFIUS’s jurisdiction arises where such sensitive personal data is maintained or collected by a U.S. business that (i) target or tailor products or services to sensitive populations, such as U.S. military members and employees of federal agencies involved in national security, (ii) collect or maintain such data on at least one million individuals, or (iii) have a demonstrated business objective to maintain or collect such data on greater than one million individuals and such data is an integrated part of the U.S. business’s primary products or services. 

The proposed regulations are open to public comments through October 17, 2019.

CLICK HERE to read the proposed regulations.