[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4568 Introduced in House (IH)]
<DOC>
118th CONGRESS
1st Session
H. R. 4568
To require covered entities to issue a short-form terms of service
summary statement, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 11, 2023
Mrs. Trahan introduced the following bill; which was referred to the
Committee on Energy and Commerce
_______________________________________________________________________
A BILL
To require covered entities to issue a short-form terms of service
summary statement, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Terms-of-service Labeling, Design,
and Readability Act'' or the ``TLDR Act''.
SEC. 2. STANDARD TERMS OF SERVICE SUMMARY STATEMENT.
(a) Deadline for Terms of Service Summary Statement.--Not later
than 360 days after the date of the enactment of this Act, the
Commission shall issue a rule under section 553 of title 5, United
States Code, with regard to a covered entity that publishes or has
published a terms of service--
(1) that requires the covered entity to include a truthful
and non-misleading short-form terms of service summary
statement on the website of the entity;
(2) that requires the covered entity to include a truthful
and non-misleading graphic data flow diagram on the website of
the entity; and
(3) that requires the covered entity to display the full
terms of service of the entity in an interactive data format.
(b) No New Contractual Obligation.--The requirement to include a
summary statement described in subsection (a) does not create any new
contractual obligation.
(c) Requirements for Short-Form Terms of Service Summary
Statement.--
(1) In general.--The short-form terms of service summary
statement described in subsection (a)--
(A) shall be accessible to individuals with low
levels of literacy and individuals with disabilities,
machine readable, and shall include tables, graphic
icons, hyperlinks, or other means as the Commission may
require; and
(B) may be presented differently depending on the
interface or type of device on which the statement is
being accessed by the user.
(2) Location of summary statement and graphic data flow
diagram.--The summary statement shall be placed at the top of
the permanent terms of service page of the covered entity and
any graphic data flow diagram shall be located immediately
below the statement.
(3) Contents of summary statement.--The summary statement
shall include the following:
(A) The categories of sensitive information that
the covered entity processes.
(B) The sensitive information that is required for
the basic functioning of the service and what sensitive
information is needed for additional features and
future feature development.
(C) A summary of the legal liabilities of a user
and any rights transferred from the user to the covered
entity, such as mandatory arbitration, class action
waiver, any licensing or sale by the covered entity of
the content of the user, and any waiver of moral
rights.
(D) Historical versions of the terms of service and
change logs.
(E) If the covered entity provides user deletion
services, directions for how the user can delete
sensitive information or discontinue the use of
sensitive information.
(F) A list of data breaches from the previous 3
years reported to consumers under existing Federal and
State laws.
(G) The effort required by a user to read the
entire terms of service text, such as through the total
word count and approximate time to read the statement.
(H) Any other information the Commission determines
to be necessary if that information is included in the
terms of service by the covered entity.
(4) Additional information required by the commission.--The
Commission shall include in the rule a list of other
information the Commission determines to be necessary under
paragraph (3)(H).
(d) Guidance on Graphic Data Flow Diagrams.--Not later than 360
days after the date of the enactment of this Act, the Commission shall
publish guidelines on how a covered entity can graphically display how
sensitive information of a user is shared with a subsidiary or
corporate affiliate of such entity and how sensitive information is
shared with third parties.
(e) Interactive Data Format Terms of Service.--Not later than 360
days after the date of the enactment of this Act, the Commission shall
issue a rule under section 553 of title 5, United States Code, that
requires a covered entity to tag portions of the terms of services of
the entity according to an interactive data format.
(f) Enforcement.--
(1) Unfair or deceptive acts or practices.--A violation of
this section or a regulation promulgated under this section
shall be treated as a violation of a regulation under section
18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C.
57a(a)(1)(B)) regarding unfair or deceptive acts or practices.
(2) Powers of the commission.--The Commission shall enforce
this section and the regulations promulgated under this section
in the same manner, by the same means, and with the same
jurisdiction, powers, and duties as though all applicable terms
and provisions of the Federal Trade Commission Act (15 U.S.C.
41 et seq.) were incorporated into and made a part of this
section, and any person who violates this section or a
regulation promulgated under this section shall be subject to
the penalties and entitled to the privileges and immunities
provided in the Federal Trade Commission Act.
(3) Enforcement by state attorneys general.--In any case in
which the attorney general of a State has reason to believe
that an interest of at least 1,000 residents of that State has
been or is threatened or adversely affected by the engagement
of any person in a practice that violates this section or a
regulation promulgated under this section, the State, as parens
patriae, may bring a civil action on behalf of the residents of
the State in a district court of the United States of
appropriate jurisdiction to--
(A) enjoin that practice;
(B) enforce compliance with the regulation;
(C) obtain damage, restitution, or other
compensation on behalf of residents of the State; or
(D) obtain such other relief as the court may
consider to be appropriate.
(4) Notice.--
(A) In general.--Before filing an action under
paragraph (3), the attorney general of the State
involved shall provide to the Commission--
(i) written notice of that action; and
(ii) a copy of the complaint for that
action.
(B) Exemption.--
(i) In general.--Subparagraph (A) shall not
apply with respect to the filing of an action
by an attorney general of a State under this
subsection, if the attorney general determines
that it is not feasible to provide the notice
described in that subparagraph before the
filing of the action.
(ii) Notification.--In an action described
in clause (i), the attorney general of a State
shall provide notice and a copy of the
complaint to the Commission at the same time as
the attorney general files the action.
(5) Intervention by the commission.--
(A) Authority to intervene.--The Commission may
intervene in any action brought under paragraph (3).
(B) Effect of intervention.--If the Commission
intervenes in an action under paragraph (3), the
Commission shall have the right--
(i) to be heard with respect to any matter
that arises in that action; and
(ii) to file a petition for appeal.
(6) Construction.--For purposes of bringing any civil
action under paragraph (3), nothing in this section may be
construed to prevent an attorney general of a State from
exercising the powers conferred on the attorney general by the
laws of that State to--
(A) conduct investigations;
(B) administer oaths or affirmations; or
(C) compel the attendance of witnesses or the
production of documentary and other evidence.
(7) Actions by the commission.--In any case in which an
action is instituted by or on behalf of the Commission for a
violation of this section or a regulation promulgated under
this section, a State may not, during the pendency of that
action, institute a separate action under paragraph (3) against
any defendant named in the complaint in the action instituted
by or on behalf of the Commission for that violation.
(g) Rule of Construction.--Nothing in this section shall be
construed to limit the authority of the Commission under any other
provision of law.
(h) Definitions.--In this section:
(1) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(2) Covered entity.--The term ``covered entity''--
(A) means any person or entity that operates a
website located on the internet or an online service,
that is operated for commercial purposes; and
(B) does not include a small business concern (as
defined in section 3 of the Small Business Act (15
U.S.C. 632)).
(3) Disability.--The term ``disability'' has the meaning
given the term in section 3 of the Americans with Disabilities
Act of 1990 (42 U.S.C. 12102).
(4) Interactive data format.--The term ``interactive data
format'' means an electronic data format in which pieces of
information are identified using an interactive data standard,
such as eXtensible Markup Language (XML), that is a
standardized list of electronic tags that mark the information
described in subsection (c)(3) within the terms of service of a
covered entity.
(5) Moral rights.--The term ``moral rights'' means the
rights conferred by section 106A(a) of title 17, United States
Code.
(6) Process.--The term ``process'' means any operation or
set of operations performed on sensitive information, including
collection, analysis, organization, structuring, retaining,
using, or otherwise handling sensitive information.
(7) Sensitive information.--The term ``sensitive
information'' means any of the following:
(A) Health information.
(B) Biometric information.
(C) Precise geolocation information.
(D) Social security number.
(E) Information concerning the race, color,
religion, national origin, sex, age, or disability of
an individual.
(F) The content and parties to a communication.
(G) Audio and video recordings captured through a
consumer device.
(H) Financial information, including a bank account
number, credit card number, debit card number, or
insurance policy number.
(I) Online browsing history, which means
information revealing online activities over time or
across websites or online services not owned or
operated by the covered entity.
(8) State.--The term ``State'' means each of the several
States, the District of Columbia, each commonwealth, territory,
or possession of the United States, and each federally
recognized Indian Tribe.
(9) Third party.--The term ``third party'' means, with
respect to a covered entity, a person--
(A) to which the covered entity disclosed sensitive
information; and
(B) that is not--
(i) the covered entity;
(ii) a subsidiary or corporate affiliate of
the covered entity; or
(iii) a service provider of the covered
entity.
<all>