Interested in training for your team? Click here to learn more

New DOJ Rule Restricting Cross-Border Data Transfers with China and Other Countries of Concern: Compliance Implications

New DOJ Rule effective April 8, 2025!

A live 90-minute CLE video webinar with interactive Q&A

This program is included with the Strafford CLE Pass. Click for more information.
This program is included with the Strafford All-Access Pass. Click for more information.

Wednesday, April 2, 2025

1:00pm-2:30pm EDT, 10:00am-11:30am PDT

Early Registration Discount Deadline, Friday, March 14, 2025

or call 1-800-926-7926
Add to your calendar

This CLE webinar will provide an overview of the final rule recently issued by the National Security Division of the Department of Justice (DOJ) restricting the transfer of bulk sensitive personal and government-related data to certain countries of concern, including the People’s Republic of China. The panel will also revisit the Protecting Americans' Data From Foreign Adversaries Act of 2024 (PADFAA), which took effect in June 2024. The panel will discuss the scope, applicability, and practical implications of these new laws and will provide guidance on actions companies need to take now to ensure compliance.

Description

On Jan. 8, 2025, the DOJ issued its groundbreaking new rule establishing a data security regime based on national security policy with the DOJ as the critical regulator of data transfers. Most provisions of the rule take effect Apr. 8, 2025, with certain due diligence, audit, and reporting obligations taking effect on Oct. 6, 2025.

The rule prohibits certain data brokerage transactions and certain transactions involving human 'omic data and includes significant civil and criminal penalties for violations. The rule also creates a set of restricted transactions involving vendor agreements, employment agreements, or investment agreements in which U.S. persons may engage only if they comply with a set of cybersecurity and compliance-related requirements. There are also specifically defined exempted transactions to which the prohibitions and restrictions do not apply.

PADFAA, effective June 23, 2024, prohibits data brokers from transferring personally identifiable sensitive data to certain named foreign adversary countries, and any entity controlled by certain foreign adversaries. The law includes broad definitions of the terms "data brokers," "personally identifiable sensitive data," and "controlled by a foreign adversary," which means the law applies to a wide range of companies and it also includes steep civil penalties for violations.

Listen as our expert panel from Ropes & Gray reviews these changes in the federal government's approach to cross-border data transfers. The panel will also provide guidance for assessing the applicability of these new rules to a client's business and how to navigate compliance under this new data transfer framework.

READ MORE

Outline

  1. Overview: current federal landscape regarding data use practices
  2. DOJ's new rule restricting cross-border data transfers
    1. Important definitions
    2. Prohibited transactions
    3. Restricted transactions
    4. Exempt transactions
    5. Recordkeeping
    6. Penalties
  3. Protecting Americans' Data From Foreign Adversaries Act of 2024 (PADFAA)
    1. Definitions
    2. Unlawful activities
    3. Exceptions
  4. Comparing the compliance obligations of the DOJ's new rule and PADFAA
  5. Comparing the treatment of data brokers under the DOJ Rule and PADFAA with obligations under certain state laws
  6. Implications for businesses
  7. Actions businesses need to take now to ensure compliance
  8. Practitioner pointers and key takeaways

Benefits

The panel will review these and other key considerations:

  • What are the key definitions and provisions of the DOJ's new rule and PADFAA?
  • What are the practical implications of these new laws for businesses?
  • How will these new laws be enforced and what are the penalties for violations?
  • What steps should organizations take to come into compliance with these new data transfer laws?

Faculty

Peloquin, David
David Peloquin
Partner
Ropes & Gray

Mr. Peloquin advises clients on a wide range of legal and regulatory issues in the area of clinical research and...  |  Read More

Whitkin, Elizabeth
Elizabeth M. Whitkin
Counsel
Ropes & Gray

Ms. Whitkin advises health care industry clients, including hospitals, long-term care providers,...  |  Read More

Attend on April 2

Early Discount (through 03/14/25)

Cannot Attend April 2?

Early Discount (through 03/14/25)

You may pre-order a recording to listen at your convenience. Recordings are available 48 hours after the webinar. Strafford will process CLE credit for one person on each recording. All formats include course handouts.

To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video