On February 9, the FTC announced that it sent warning letters to 13 data brokers, notifying them of their obligation to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA). The letters urged companies to conduct comprehensive reviews of their business practices and reiterated that PADFAA prohibits data brokers from providing personally identifiable sensitive data — including health, financial, genetic, biometric, geolocation, and government-issued identifiers — to any foreign adversary (currently defined as North Korea, China, Russia, and Iran) or any entity controlled by such countries.
The letters stated that the FTC has identified instances in which the data brokers offered, among other things, information regarding the status of an individual as a member of the armed forces — a category of information subject to PADFAA’s requirements. The warning letters emphasized that the FTC deems violations of PADFAA as unfair or deceptive practices under Section 5 of the FTC Act, warning that such practices may be subject to legal action and court injunctions. The FTC cautioned that noncompliance with PADFAA could result in enforcement actions and civil penalties of up to $53,088 per violation.
[View source.]
