The Proverbial Other Foot: Proposed U.S. Legislation Could Ban Personal Data Transfers to Ireland and Other U.S. Allies
Privacy, Cyber & AI Decoded Alert | 2 min read
Apr 29, 2021
Digital giants and other data-driven businesses that have moved their companies from the United Kingdom to Ireland in the wake of Brexit could soon be bracing for a new shake-up in light of legislation recently proposed in the United States by Oregon Senator Ron Wyden. The draft bill, Protecting Americans' Data From Foreign Surveillance Act (the Act), would ban the sale of Americans' personal data not only to "unfriendly" foreign countries who pose a threat to national security, but also to countries without adequate data protections in place. While primarily aimed at China and Russia, the Act's reach could extend to countries like Ireland, which so far has failed to impose serious fines for General Data Protection Regulation (GDPR) violations. Having strong regulations in place under the Act is not enough if those regulations are not being enforced.
On this side of the pond, the Act would create penalties for senior executives who knew or should have known that junior employees were directed to export Americans' personal data illegally. It would also create a private right of action for Americans who have been physically harmed, arrested, or detained in a foreign country due to the illegally exported data. Theoretically, under the Act, an American arrested in Ireland because of illegally sold facial recognition data could return to the U.S. and file a lawsuit against the seller of that data. Given the potential exposure and the emphasis on executive responsibility, companies in the U.S. should take notice. Indeed, there is no question that the U.S. is looking to make its mark on the international data regulatory environment and that part of its efforts will be self-facing.
Of course, the Act is still in its infancy and there is no guarantee that it will become law. Any final draft of the Act would need to be sensitive to pre-existing agreements to avoid disrupting the transatlantic digital ecosystem and the United States' relationship with "friendly" countries and allies. If the Act eventually becomes law, data aggregators in the United States may need to adjust their business models and countries like Ireland will need to re-assess their obligations to stay competitive in the international data market. Either way, given the European Union's longstanding concern over personal data transfers to the U.S., it is more than a bit ironic that a U.S. Senator is proposing legislation that could put the shoe on the proverbial other foot.
Related People
Related Capabilities
Featured Insights

Webinar
Jul 14, 2026
Scott Seaman Presents on Horizontal vs. Vertical Exhaustion of Insurance

Event
July 13-15, 2026
Hinshaw Proudly Sponsors 2026 Lavender Law Conference and Career Fair

Healthcare Alert
Jul 8, 2026
A New Era of Compliance Standards for California DSOs and MSOs After the Aspen Dental Settlement

Insights for Insurers Alert
Jul 7, 2026
What Insurers Need to Know About California’s FAIR Plan Assessment Recoupment Guidance

In The News
Jul 6, 2026
Francesco Palanda’s Practical Guide for Mitigating AI-Related Business Interruption Risk

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry

In The News
Jun 26, 2026
Jason Oliveri Discusses AI Companions in Elder Care and the Risks for LGBTQ+ Residents




