There is 1 version of this bill. View text

Click the check-box to add or remove the section, click the text link to scroll to that section.
Titles Actions Overview All Actions Cosponsors Committees Related Bills Subjects Latest Summary All Summaries

Titles (2)

Short Titles

Short Titles - Senate

Short Title(s) as Introduced

National Security and Personal Data Protection Act of 2019

Official Titles

Official Titles - Senate

Official Titles as Introduced

A bill to safeguard data of Americans from foreign governments that pose risks to national security by imposing data security requirements and strengthening review of foreign investments, and for other purposes.


Actions Overview (1)

Date Actions Overview
11/18/2019Introduced in Senate

All Actions (1)

Date All Actions
11/18/2019Read twice and referred to the Committee on Commerce, Science, and Transportation.
Action By: Senate

Cosponsors (2)

* = Original cosponsor
CosponsorDate Cosponsored
Sen. Cotton, Tom [R-AR]* 11/18/2019
Sen. Rubio, Marco [R-FL]* 11/18/2019

Committees (1)

Committees, subcommittees and links to reports associated with this bill are listed here, as well as the nature and date of committee activity and Congressional report number.

Committee / Subcommittee Date Activity Related Documents
Senate Commerce, Science, and Transportation11/18/2019 Referred to

No related bill information was received for S.2889.


Latest Summary (1)

There is one summary for S.2889. View summaries

Shown Here:
Introduced in Senate (11/18/2019)

National Security and Personal Data Protection Act of 2019

This bill prohibits the transfer of data to, and storage of data within, foreign countries that threaten U.S. national security.

Specifically, the bill requires the Department of State to designate as a country of concern any country, including the People's Republic of China and the Russian Federation, whose data privacy and security requirements pose a substantial risk to U.S. national security.

A technology company that is subject to the jurisdiction of a country of concern and that provides a website or internet application operating in interstate or foreign commerce shall

  • not collect unnecessary user data or use any user data for a purpose that is secondary to the operation of the website, service, or application;
  • not transfer user data or information to a country of concern;
  • not store user data on a server outside either the United States or a country that has agreed to share data with U.S. law enforcement agencies; and
  • allow individuals to view and delete their individual user data.

Additionally, any company that provides a website or internet application operating in interstate or foreign commerce but which is not subject to the jurisdiction of a country of concern is prohibited from transferring data to a country of concern or storing user data on a server located in a country of concern.

The Federal Trade Commission shall enforce these requirements; however, the bill also provides for civil actions brought by either an individual or the attorney general of a state to enjoin the engagement of any person in a practice that violates the prohibitions in this bill.