United States of America: Federal Trade Commission issued letters regarding compliance with Protecting Americans’ Data from Foreign Adversaries Act

On 9 February 2026, the Federal Trade Commission (FTC) sent letters to 13 data brokers regarding their obligations to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA). The PADFAA prohibits data brokers from selling, releasing, or providing access to personally identifiable sensitive data about Americans to any foreign adversary or entity controlled by such countries, including North Korea, China, Russia, and Iran. Under the legislation, sensitive data includes health, financial, genetic, biometric, and geolocation information, as well as sexual behaviour details, account login credentials, and government-issued identifiers. The FTC identified instances where data brokers offered information concerning the status of individuals as members of the Armed Forces, which is subject to the requirements of the Act. The letters require companies to review their business practices and note that violations may lead to enforcement actions and civil penalties of up to USD 53'088 per violation.