The Council on Governmental Relations (COGR), which represents over 200 U.S. research universities and affiliated institutes, submitted comments in response to the U.S. Department of Justice’s Advance Notice of Proposed Rulemaking (ANPRM) concerning restrictions on access to Americans’ sensitive personal and government-related data by countries of concern. COGR acknowledges the importance of protecting sensitive research data from foreign exploitation but urges that regulations remain balanced to ensure critical international research, particularly in biomedical, public health, and scientific fields, is not unduly hindered. While COGR supports the proposed "official business" exemption for federally funded research, it expresses significant concern over the absence of similar exemptions for non-federally funded research, which is also vital for scientific progress and often complements government funding. The organization stresses that overly restrictive data-sharing rules, particularly low thresholds for what constitutes "bulk data," could impede U.S. participation in global collaborative studies, limit access to novel medical treatments, and undermine the country’s ability to respond effectively to global health challenges.
COGR provides detailed feedback on specific aspects of the ANPRM. It contends that de-identified and anonymized data should be regulated less stringently, in line with existing privacy standards, and that further consultation with subject-matter experts and federal agencies is needed regarding regulation of emerging "omic" data types. The letter highlights the practical and economic challenges for institutions in verifying counterparts as "covered persons," monitoring compliance lists, and controlling downstream data transfers, especially across jurisdictions with differing levels of transparency and legal enforcement. COGR proposes several mitigations, including the establishment of higher bulk data thresholds for research, creation of research-specific exemptions or general licenses for privately funded studies, and the adoption of compliance systems that build on existing cybersecurity standards to avoid duplicative burdens. The association strongly recommends transparent advisory processes for clarifying complex rules and underscores the necessity for phased, reasonable compliance timelines, especially for long-term research projects. Ultimately, COGR encourages the DOJ to adopt a regulatory framework that secures national interests without stifling the international collaboration essential for U.S. scientific leadership and public health.
