In an era of intensifying geopolitical tensions, companies with operations in the U.S. must navigate an increasingly fragmented and national security-driven regulatory landscape governing cross-border transfers of many different types of data, including personal data and technical information used in R&D and patent filings. The US Department of Justice’s new Data Security Program (DSP) essentially prohibits US persons from making certain volumes of Americans’ personal data available to entities headquartered or residing in China (including Hong Kong and Macau), Russia, Venezuela, Iran, Cuba, or North Korea, or their subsidiaries in other countries, unless an exception applies.

The Brazilian Data Protection Authority (ANPD) published Resolution CD/ANPD No. 19, which creates the procedures and rules for recognizing the suitability of other countries or international bodies to carry out international personal data transfer operations, as well as approving the standard contractual clauses that may be used by processing agents to legitimize the international transfer of personal data.