[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 3501 Introduced in Senate (IS)]
<DOC>
117th CONGRESS
2d Session
S. 3501
To require the Federal Trade Commission to issue a short-form terms of
service summary statement, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
January 13 (legislative day, January 10), 2022
Mr. Cassidy (for himself and Mr. Lujan) introduced the following bill;
which was read twice and referred to the Committee on Commerce,
Science, and Transportation
_______________________________________________________________________
A BILL
To require the Federal Trade Commission to issue a short-form terms of
service summary statement, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Terms-of-service Labeling, Design,
and Readability Act'' or the ``TLDR Act''.
SEC. 2. STANDARD TERMS OF SERVICE SUMMARY STATEMENT.
(a) Deadline for Terms of Service Summary Statement.--Not later
than 360 days after the date of the enactment of this Act, the
Commission shall issue a rule under section 553 of title 5, United
States Code--
(1) that requires a covered entity to include a short-form
terms of service summary statement on the website of the
entity;
(2) that requires a covered entity to include graphic data
flow diagram on the website of the entity and includes guidance
for such diagram; and
(3) that requires a covered entity to display the full
terms of service of the entity in an interactive data format.
(b) Requirements for Short-Form Terms of Service Summary
Statement.--
(1) In general.--The short-form terms of service summary
statement described in subsection (a)--
(A) shall be easy to understand, machine readable,
and may include tables, graphic icons, hyperlinks, or
other means determined by the Commission; and
(B) may be established separately depending on the
interface or type of device on which the statement is
being accessed by the user.
(2) Location of summary statement and graphic data flow
diagram.--The summary statement shall be placed at the top of
the permanent terms of service page of the covered entity and
any graphic data flow diagram shall be located immediately
below the statement.
(3) Contents of summary statement.--The summary statement
shall disclose the following:
(A) The effort required by a user to read the
entire terms of service text, such as through the total
word count and approximate time to read the statement.
(B) The categories of sensitive information that
the covered entity processes.
(C) The sensitive information that is required for
the basic functioning of the service and what sensitive
information is needed for additional features and
future feature development.
(D) A summary of the legal liabilities of a user
and any rights transferred from the user to the covered
entity, such as mandatory arbitration, class action
waiver, any licensing by the covered entity of the
content of the user, and any waiver of moral rights.
(E) Historical versions of the terms of service and
change logs.
(F) If the covered entity provides user deletion
services, directions for how the user can delete
sensitive information or discontinue the use of
sensitive information.
(G) A list of data breaches from the previous 3
years reported to consumers under existing Federal and
State laws.
(H) Anything else determined to be necessary by the
Commission.
(c) Guidance on Graphic Data Flow Diagrams.--Not later than 360
days after the date of the enactment of this Act, the Commission shall
publish guidelines on how a covered entity can graphically display how
sensitive information of a user is shared with a subsidiary or
corporate affiliate of such the entity and how sensitive information is
shared with third parties.
(d) Interactive Data Format Terms of Service.--Not later than 360
days after the date of the enactment of this Act, the Commission shall
issue a rule under section 553 of title 5, United States Code, that
requires a covered entity to tag portions of the terms of services of
the entity according to an interactive data format.
(e) Enforcement.--
(1) Unfair or deceptive acts or practices.--A violation of
this section or a regulation promulgated under this section
shall be treated as a violation of a regulation under section
18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C.
57a(a)(1)(B)) regarding unfair or deceptive acts or practices.
(2) Powers of the commission.--The Commission shall enforce
this section and the regulations promulgated under this section
in the same manner, by the same means, and with the same
jurisdiction, powers, and duties as though all applicable terms
and provisions of the Federal Trade Commission Act (15 U.S.C.
41 et seq.) were incorporated into and made a part of this
section, and any person who violates this section or a
regulation promulgated under this section shall be subject to
the penalties and entitled to the privileges and immunities
provided in the Federal Trade Commission Act.
(3) Enforcement by state attorneys general.--In any case in
which the attorney general of a State has reason to believe
that an interest of at least 1,000 residents of that State has
been or is threatened or adversely affected by the engagement
of any person in a practice that violates this section or a
regulation promulgated under this section, the State, as parens
patriae, may bring a civil action on behalf of the residents of
the State in a district court of the United States of
appropriate jurisdiction to--
(A) enjoin that practice;
(B) enforce compliance with the regulation;
(C) obtain damage, restitution, or other
compensation on behalf of residents of the State; or
(D) obtain such other relief as the court may
consider to be appropriate.
(4) Notice.--
(A) In general.--Before filing an action under
paragraph (3), the attorney general of the State
involved shall provide to the Commission--
(i) written notice of that action; and
(ii) a copy of the complaint for that
action.
(B) Exemption.--
(i) In general.--Subparagraph (A) shall not
apply with respect to the filing of an action
by an attorney general of a State under this
subsection, if the attorney general determines
that it is not feasible to provide the notice
described in that subparagraph before the
filing of the action.
(ii) Notification.--In an action described
in clause (i), the attorney general of a State
shall provide notice and a copy of the
complaint to the Commission at the same time as
the attorney general files the action.
(5) Removal to federal court.--The Commission may intervene
in any action brought under paragraph (3) and remove the action
to the appropriate United States district court.
(f) Rule of Construction.--Nothing in this section shall be
construed to limit the authority of the Commission under any other
provision of law.
(g) Definitions.--In this section:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Covered entity.--The term ``covered entity''--
(A) means any person that operates a website
located on the internet or an online service, that is
operated for commercial purposes; and
(B) does not include a small business concern (as
defined in section 3 of the Small Business Act (15
U.S.C. 632)).
(3) Interactive data format.--The term ``interactive data
format'' means an electronic data format in which pieces of
information are identified using an interactive data standard,
such as eXtensible Markup Language (XML), that is a
standardized list of electronic tags that mark the information
described in section 2(b)(3) within the terms of service of a
covered entity.
(4) Sensitive information.--The term ``sensitive
information'' means any of the following:
(A) Health information.
(B) Biometric information.
(C) Precise geolocation information.
(D) Social security number.
(E) Information concerning the race, color,
religion, national origin, sex, age, or disability of
an individual.
(F) The content and parties to a communication.
(G) Audio and video recordings captured through a
consumer device.
(H) Financial information, including a bank account
number, credit card number, debit card number, or
insurance policy number.
(I) Online browsing history related to the
information described in subparagraphs (A) through (H).
(5) State.--The term ``State'' means each of the several
States, the District of Columbia, each commonwealth, territory,
or possession of the United States, and each federally
recognized Indian Tribe.
(6) Third party.--The term ``third party'' means, with
respect to a covered entity, a person--
(A) to whom the covered entity disclosed sensitive
information; and
(B) is not--
(i) the covered entity;
(ii) a subsidiary or corporate affiliate of
the covered entity; or
(iii) a service provider of the covered
entity.
<all>