The Association of American Universities (AAU) appreciates the opportunity to respond to the Department of Justice’s Notice of Proposed Rule Making regarding preventing access to U.S. sensitive personal data and government-related data by countries of concern or covered persons. In addition to this memo, AAU also supports the analysis and comments submitted by our sister organizations, COGR, the Association of American Medical Colleges (AAMC), and the Association of Public and Land-grant Universities (APLU).
Founded in 1900, the Association of American Universities comprises America’s leading research universities. AAU’s 69 U.S. research universities transform lives through education, research, and innovation. AAU institutions have a long-standing partnership with the federal government aimed at advancing science and technology in the national interest. This partnership, which has roots going back well over a century, is a key element of the United States’ science and technology enterprise.
AAU takes seriously the responsibility to protect research and its connected data. America’s leading research universities take seriously the economic and national security threats posed by foreign adversaries, and universities have taken steps to secure and protect the research they conduct.
The DOJ’s NPRM primarily focuses on prohibiting the commercial sale of data and licensing access to data or similar commercial transactions involving the transfer of government-related data and bulk U.S. persons’ sensitive personal data. The U.S. government holds significant concerns about selling this data to countries of concern. However, as with all security measures, the federal government must balance potential unintended consequences and allow for possible emergency situations.
Request for Clarifications
Thank you for exempting federally funded research from the list of prohibitions under the NPRM. AAU respectfully requests that the DOJ provide clarity on whether the proposed rule is intended to apply to non-commercial basic research activities, especially those with public health implications. Such clarification would be useful to universities with extensive genomic analysis capacity or academic medical centers. For example, there may be cases where private foundations or other non-governmental organizations supporting public health research or the transfer of biological products (especially in clinical trials or emergency care situations) could trigger prohibitions on information sharing under the proposed rule.
Further, we strongly agree with our colleagues at COGR that … “Various categories of ‘omic data encompass a wide set of measurements related to human physiological, pathological, or genetic measurements that are used to help understand basic mechanisms or functions of human health states and that do not contain identifiable information. Importantly, the NPRM fails to describe how these types of ‘omic data pose national security risks. Prior to taking further regulatory action concerning ‘omic data, we urge DOJ to appoint an advisory panel that includes representatives from government agencies, industry, and academic research institutions to consider the questions set forth in the NPRM Preamble on the advisability and parameters of regulations in this space.” This is important to AAU members because ‘omic research is a quickly expanding field of inquiry and ongoing discussion between agencies, industry and academic research institutions would be of great benefit to ensure a fulsome understanding of potential national security resists and unknown implications of enhanced regulatory oversight.
Request for a longer implementation timeline
Given the proposed rule's complexity, AAU recommends that DOJ also consider an effective date that allows U.S. entities, including universities, time to evaluate existing IT and laboratory service providers and vendors that may have access to covered data and are compliant with the policy.
Thank you for your consideration.