Florida Attorney General (AG) James Uthmeier has announced the creation of a specialized task force dedicated to investigating and prosecuting foreign companies that misappropriate Floridians’ personal data under existing Florida consumer protection and criminal statutes. The Consumer Harm from International Nefarious Actors (CHINA or the Unit) Prevention Unit will specifically focus on companies linked to “foreign adversaries,” including those with connections to the Chinese Communist Party (CCP).
While the unit will primarily focus on the health care industry, which Uthmeier identified as possessing “the most sensitive of human data,” all foreign companies operating in Florida face increased risk in the form of potential criminal and civil enforcement actions. The CHINA Unit will also investigate allegations of money laundering, cyber fraud, and other crimes linked to the CCP and other nations of concern. The health care sector, however, has been considered one of the most susceptible to exploitation in light of the industry’s reliance on Chinese-manufactured medical devices. The CCP’s ability to compel production of data collected by companies subject to its control has long been an identified concern voiced by many in the national security community. The Unit’s focus appears to extend not only to foreign-domiciled companies but also to U.S. entities with foreign ownership, control, or data access arrangements.
Uthmeier’s office has recently initiated investigations into entities spanning a variety of industries, including Shein Marketplace, a Chinese e-commerce platform; Lorex Technology, Inc., a Canadian company that specializes in Wi-Fi security cameras and baby monitors; Contec, a Chinese company that sells Internet-connected medical devices; and TP-Link Systems, Inc., which produces Wi-Fi routers. Public statements indicate that subpoenas and audit letters have already been issued by the Florida AG’s office to companies with known or suspected ties to China. The Unit can be expected to utilize its investigative powers under a wide range of local Florida laws under the jurisdiction of the AG’s office in order to aggressively pursue its stated goals.
The creation of this Unit expands state-level enforcement to issues traditionally reserved for federal regulation, such as national security and foreign influence on data privacy. The Unit’s focus is also consistent with a federal focus on restricting the access to U.S. sensitive data and intellectual property by foreign adversaries for national security reasons. For instance, in April 2025, the Department of Justice’s Data Security Program took effect pursuant to Executive Order 14117, which implements prohibitions and restrictions on transfers of U.S. data to countries of concern, including China. In addition, in December 2025, the BIOSECURE Act became law, which aims to prevent the U.S. government from procuring biotechnology equipment or services from designated biotechnology companies of concern, initially including entities derived from the U.S. Department of Defense’s list of Chinese military companies.
The CHINA Unit’s dual aims of prevention and enforcement present an increased likelihood that foreign companies will face investigative action even absent evidence of data breaches or security failures. Accordingly, foreign companies operating in Florida should:
- Ensure that privacy policies and other disclosures clearly state whether data is stored on foreign servers or accessible to foreign entities.
- Conduct an audit of IT processes and data infrastructure to identify foreign data transfers that would warrant disclosure.
- Implement enhanced data protection procedures to ensure compliance with the unit’s security expectations.
For additional information regarding these developments or related compliance considerations, please contact the Foley attorneys listed below or your regular Foley & Lardner contact.
