US Industry Coalition Seeks Compliance Extension for DOJ Data Rule
A coalition of major American companies has asked DOJ to extend the April 8 effective date for its data transfer rule, Privacy Daily has learned.
Sign up for a free preview to unlock the rest of this article
The 400-page rule will require significant changes to internal systems and data transaction procedures, the Global Data Alliance said in a Feb. 26 letter shared with us Tuesday. The alliance includes AT&T, FedEx, GM, Lumen, MasterCard, NetFlix, Panasonic, Pfizer, Samsung, Sony and Verizon and members of the Business Software Alliance. Compliance attorneys told us teams are scrambling to comply with a rule that carries civil and criminal penalties.
"Additional time is needed for companies to analyze and retool systems, recode software programs, alter service offerings in different markets, develop systems to identify covered persons, and change contractual relationships to meet the conditions in the final regulations," the alliance wrote.
The companies requested a non-enforcement policy period through December 2026. They're also seeking implementation guidance and FAQs with an additional 60-day comment period.
“Due to the complexity of the rule, we’re pushing for a delay/non-enforcement period to allow more time for companies to come into compliance,” an industry official said. “Doing so will alleviate compliance burdens and allow for companies to review and respond to additional forthcoming compliance guidance.”
Associations that commented on the Cybersecurity and Infrastructure Security Agency’s public proceeding on the regulation include the U.S. Chamber of Commerce, Consumer Technology Association, Information Technology Industry Council, Business Software Alliance, ACT | The App Association, Interactive Advertising Bureau, CTIA-NCTA, USTelecom and the National Foreign Trade Council.
USTelecom said Tuesday that it’s not involved in the request for an extension. The other associations didn’t comment. DOJ didn’t publish comments on its rule proceeding. The department declined to comment Tuesday.
Compliance attorneys told us earlier this month they haven’t seen a signal from the Trump administration that DOJ will halt or reconsider the regulation (see 2503100057). The prior administration’s DOJ wrote the rule in response to President Joe Biden’s February 2024 executive order. The EO directed the department to address the threat of bulk data transfers of U.S. sensitive personal data and U.S. government-related data to countries of concern, including China and Russia.
Attorneys told us the rule has been an ongoing point of discussion, particularly for companies with a digital ad presence and ties to China. Some have speculated about the Trump administration reconsidering the rule. President Donald Trump has initiated several deregulation initiatives, including a freeze and reconsideration of the Biden administration’s unpublished rules (see 2503120059).
DOJ’s data transfer rule was officially published Jan. 8. Agency rules are subject to the Congressional Review Act, which allows Congress 60 days to review "major" rules. DOJ’s published rule states that the effective date is subject to change, pending congressional review.