Text: H.R.3481 — 113th Congress (2013-2014)All Bill Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in House (11/14/2013)


113th CONGRESS
1st Session
H. R. 3481


To amend the Children’s Online Privacy Protection Act of 1998 to extend, enhance, and revise the provisions relating to collection, use, and disclosure of personal information of children, to establish certain other protections for personal information of children and minors, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

November 14, 2013

Mr. Barton (for himself, Mr. Rush, Mr. Cassidy, Mr. Farenthold, Mr. Cohen, Ms. DeLauro, Mr. Ellison, Ms. Norton, Ms. Schakowsky, Mr. Tierney, and Ms. Tsongas) introduced the following bill; which was referred to the Committee on Energy and Commerce


A BILL

To amend the Children’s Online Privacy Protection Act of 1998 to extend, enhance, and revise the provisions relating to collection, use, and disclosure of personal information of children, to establish certain other protections for personal information of children and minors, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Do Not Track Kids Act of 2013”.

SEC. 2. Findings.

Congress finds the following:

(1) Since the enactment of the Children’s Online Privacy Protection Act of 1998, the World Wide Web has changed dramatically, with the creation of tens of millions of websites, the proliferation of entirely new media platforms, and the emergence of a diverse ecosystem of services, devices, and applications that enable users to connect wirelessly within an online environment without being tethered to a desktop computer.

(2) The explosive growth of the Internet ecosystem has unleashed a wide array of opportunities to learn, communicate, participate in civic life, access entertainment, and engage in commerce.

(3) In addition to these significant benefits, the Internet also presents challenges, particularly with respect to the efforts of entities to track the online activities of children and minors and to collect, use, and disclose personal information about them, including their geolocation, for commercial purposes.

(4) Children and teens are visiting numerous companies’ websites, and marketers are using multimedia games, online quizzes, and mobile phone and tablet applications to create ties to children and teens.

(5) According to a study by the Wall Street Journal in 2010, websites directed to children and teens were more likely to use cookies and other tracking tools than sites directed to a general audience.

(6) This study examined 50 popular websites for children and teens in the United States and found that these 50 sites placed 4,123 cookies, beacons, and other tracking tools on the test computer used for the study.

(7) This is 30 percent greater than the number of such tracking tools that were placed on the test computer in a similar study of the 50 overall most popular websites in the United States, which are generally directed to adults.

(8) Children and teens lack the cognitive ability to distinguish advertising from program content and to understand that the purpose of advertising is to persuade them, making them unable to activate the defenses on which adults rely.

(9) Children and teens are less able than adults to understand the potential long-term consequences of having their information available to third parties, including advertisers, and other individuals.

(10) According to Common Sense Media and the Center for Digital Democracy, 90 percent of teens have used some form of social media, 75 percent have a social networking site, and 51 percent check their social networking site at least once a day.

(11) Ninety-one percent of parents and 91 percent of adults believe it is not okay for advertisers to collect information about a child’s location from that child’s mobile phone.

(12) Ninety-four percent of parents and 91 percent of adults agree that advertisers should receive the parent’s permission before putting tracking software on a child’s computer.

(13) Ninety-six percent of parents and 94 percent of adults expressed disapproval when asked if it is “okay for a website to ask children for personal information about their friends”.

(14) Eighty-eight percent of parents would support a law that requires search engines and social networking sites to get users’ permission before using their personal information.

(15) A Commonsense Media/Zogby poll found that 94 percent of parents and 94 percent of adults believe individuals should have the ability to request the deletion, after a specific period of time, of all of their personal information held by an online search engine, social networking site, or marketing company.

(16) According to a Pew/Berkman Center poll, 69 percent of parents of teens who engage in online activity are concerned about how such activity might affect their children’s future academic or employment opportunities.

(17) Eighty-one percent of parents of teens who engage in online activity say they are concerned about how much information advertisers can learn about their children’s online activity.

SEC. 3. Online collection, use, and disclosure of personal information of children.

(a) Definitions.—Section 1302 of the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501) is amended—

(1) by amending paragraph (2) to read as follows:

“(2) OPERATOR.—The term ‘operator’—

“(A) means any person who, for commercial purposes, in interstate or foreign commerce, operates or provides a website on the Internet, online service, online application, or mobile application, and who—

“(i) collects or maintains, either directly or through a service provider, personal information from or about the users of such website, service, or application;

“(ii) allows another person to collect personal information directly from users of such website, service, or application (in which case the operator is deemed to have collected the information); or

“(iii) allows users of such website, service, or application to publicly disclose personal information (in which case the operator is deemed to have collected the information); and

“(B) does not include any nonprofit entity that would otherwise be exempt from coverage under section 5 of the Federal Trade Commission Act (15 U.S.C. 45).”;

(2) in paragraph (4)—

(A) by amending subparagraph (A) to read as follows:

“(A) the release of personal information for any purpose, except where such information is provided to a person other than an operator who provides support for the internal operations of the website, online service, online application, or mobile application of the operator and does not disclose or use that information for any other purpose; and”; and

(B) in subparagraph (B), by striking “website or online service” and inserting “website, online service, online application, or mobile application”;

(3) in paragraph (8)—

(A) by amending subparagraph (G) to read as follows:

“(G) information concerning a child or the parents of that child (including any unique or substantially unique identifier, such as a customer number) that an operator collects online from the child and combines with an identifier described in subparagraphs (A) through (G).”;

(B) by redesignating subparagraphs (F) and (G) as subparagraphs (G) and (H), respectively; and

(C) by inserting after subparagraph (E) the following new subparagraph:

“(F) information (including an Internet protocol address) that permits the identification of an individual, the computer of an individual, or any other device used by an individual to access the Internet or an online service, online application, or mobile application;”;

(4) by striking paragraph (10) and redesignating paragraphs (11) and (12) as paragraphs (10) and (11), respectively; and

(5) by adding at the end the following new paragraph:

“(12) ONLINE, ONLINE SERVICE, ONLINE APPLICATION, MOBILE APPLICATION, DIRECTED TO CHILDREN.—The terms ‘online’, ‘online service’, ‘online application’, ‘mobile application’, and ‘directed to children’ shall have the meanings given them by the Commission by regulation. Not later than 1 year after the date of the enactment of the Do Not Track Kids Act of 2013, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations that define such terms broadly enough so that they are not limited to current technology, consistent with the principles articulated by the Commission regarding the definition of the term ‘Internet’ in its statement of basis and purpose on the final rule under this title promulgated on November 3, 1999 (64 Fed. Reg. 59891). The definition of the term ‘online service’ in such regulations shall include broadband Internet access service (as defined in the Report and Order of the Federal Communications Commission relating to the matter of preserving the open Internet and broadband industry practices (FCC 10–201, adopted by the Commission on December 21, 2010)).”.

(b) Online collection, use, and disclosure of personal information of children.—Section 1303 of the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6502) is amended—

(1) by striking the heading and inserting the following: “Online collection, use, and disclosure of personal information of children.”;

(2) in subsection (a)—

(A) by amending paragraph (1) to read as follows:

“(1) IN GENERAL.—It is unlawful for an operator of a website, online service, online application, or mobile application directed to children, or an operator having actual knowledge that personal information being collected is from a child, to collect personal information from a child in a manner that violates the regulations prescribed under subsection (b).”; and

(B) in paragraph (2)—

(i) by striking “of such a website or online service”; and

(ii) by striking “subsection (b)(1)(B)(iii)” and inserting “subsection (b)(1)(C)(iii)”; and

(3) in subsection (b)—

(A) by amending paragraph (1) to read as follows:

“(1) IN GENERAL.—Not later than 1 year after the date of the enactment of the Do Not Track Kids Act of 2013, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to require an operator of a website, online service, online application, or mobile application directed to children, or an operator having actual knowledge that personal information being collected is from a child—

“(A) to provide clear and conspicuous notice in clear and plain language of the types of personal information the operator collects, how the operator uses such information, whether the operator discloses such information, and the procedures or mechanisms the operator uses to ensure that personal information is not collected from children except in accordance with the regulations promulgated under this paragraph;

“(B) to obtain verifiable parental consent for the collection, use, or disclosure of personal information of a child;

“(C) to provide to a parent whose child has provided personal information to the operator, upon request by and proper identification of the parent—

“(i) a description of the specific types of personal information collected from the child by the operator;

“(ii) the opportunity at any time to refuse to permit the further use or maintenance in retrievable form, or future collection, by the operator of personal information collected from the child; and

“(iii) a means that is reasonable under the circumstances for the parent to obtain any personal information collected from the child, if such information is available to the operator at the time the parent makes the request;

“(D) not to condition participation in a game, or use of a website, service, or application, by a child on the provision by the child of more personal information than is reasonably required to participate in the game or use the website, service, or application; and

“(E) to establish and maintain reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”;

(B) in paragraph (2)—

(i) in the matter preceding subparagraph (A), by striking “paragraph (1)(A)(ii)” and inserting “paragraph (1)(B)”; and

(ii) in subparagraph (A), by inserting “or to contact a different child” after “to recontact the child”;

(C) by amending paragraph (3) to read as follows:

“(3) CONTINUATION OF SERVICE.—The regulations shall prohibit an operator from discontinuing service provided to a child on the basis of refusal by the parent of the child, under the regulations prescribed under paragraph (1)(C)(ii), to permit the further use or maintenance in retrievable form, or future collection, by the operator of personal information collected from the child, to the extent that the operator is capable of providing such service without such information.”; and

(D) by adding at the end the following:

“(4) RULE FOR TREATMENT OF USERS OF WEBSITES, SERVICES, AND APPLICATIONS DIRECTED TO CHILDREN.—An operator of a website, online service, online application, or mobile application that is directed to children shall treat all users of such website, service, or application as children for purposes of this title, except as permitted by the Commission by a regulation promulgated under this title.”.

(c) Administration and applicability of Act.—Section 1306 of the Children's Online Privacy Protection Act of 1998 (15 U.S.C. 6505) is amended—

(1) in subsection (b)—

(A) in paragraph (1), by striking “, in the case of” and all that follows and inserting the following: “by the appropriate Federal banking agency with respect to any insured depository institution (as such terms are defined in section 3 of such Act (12 U.S.C. 1813));”; and

(B) by striking paragraph (2) and redesignating paragraphs (3) through (6) as paragraphs (2) through (5), respectively; and

(2) by adding at the end the following new subsection:

“(f) Telecommunications carriers and cable operators.—

“(1) ENFORCEMENT BY FTC.—Notwithstanding section 5(a)(2) of the Federal Trade Commission Act (15 U.S.C. 45(a)(2)), compliance with the requirements imposed under this title shall be enforced by the Commission with respect to any telecommunications carrier (as defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153)).

“(2) RELATIONSHIP TO OTHER LAW.—To the extent that sections 222, 338(i), and 631 of the Communications Act of 1934 (47 U.S.C. 222; 338(i); 551) are inconsistent with this title, this title controls.”.

SEC. 4. Targeted marketing to children or minors.

(a) Acts prohibited.—It is unlawful for—

(1) an operator of a website, online service, online application, or mobile application directed to children, or an operator having actual knowledge that personal information being collected is from a child, to use, disclose to third parties, or compile personal information for targeted marketing purposes without verifiable parental consent; or

(2) an operator of a website, online service, online application, or mobile application directed to minors, or an operator having actual knowledge that personal information being collected is from a minor, to use, disclose to third parties, or compile personal information for targeted marketing purposes without the consent of the minor.

(b) Regulations.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to implement this section.

SEC. 5. Digital Marketing Bill of Rights for Teens and Fair Information Practices Principles.

(a) Acts prohibited.—It is unlawful for an operator of a website, online service, online application, or mobile application directed to minors, or an operator having actual knowledge that personal information being collected is from a minor, to collect personal information from a minor unless such operator has adopted and complies with a Digital Marketing Bill of Rights for Teens that is consistent with the Fair Information Practices Principles described in subsection (b).

(b) Fair Information Practices Principles.—The Fair Information Practices Principles described in this subsection are the following:

(1) COLLECTION LIMITATION PRINCIPLE.—Except as provided in paragraph (3), personal information should be collected from a minor only when collection of the personal information is—

(A) consistent with the context of a particular transaction or service or the relationship of the minor with the operator, including collection necessary to fulfill a transaction or provide a service requested by the minor; or

(B) required or specifically authorized by law.

(2) DATA QUALITY PRINCIPLE.—The personal information of a minor should be accurate, complete, and kept up-to-date to the extent necessary to fulfill the purposes described in subparagraphs (A) through (D) of paragraph (3).

(3) PURPOSE SPECIFICATION PRINCIPLE.—The purposes for which personal information is collected should be specified to the minor not later than at the time of the collection of the information. The subsequent use or disclosure of the information should be limited to—

(A) fulfillment of the transaction or service requested by the minor;

(B) support for the internal operations of the website, service, or application, as described in section 312.2 of title 16, Code of Federal Regulations;

(C) compliance with legal process or other purposes expressly authorized under specific legal authority; or

(D) other purposes—

(i) that are specified in a notice to the minor; and

(ii) to which the minor has consented under paragraph (7) before the information is used or disclosed for such other purposes.

(4) RETENTION LIMITATION PRINCIPLE.—The personal information of a minor should not be retained for longer than is necessary to fulfill a transaction or provide a service requested by the minor or such other purposes specified in subparagraphs (A) through (D) of paragraph (3). The operator should implement a reasonable and appropriate data disposal policy based on the nature and sensitivity of such personal information.

(5) SECURITY SAFEGUARDS PRINCIPLE.—The personal information of a minor should be protected by reasonable and appropriate security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure.

(6) OPENNESS PRINCIPLE.—

(A) IN GENERAL.—The operator should maintain a general policy of openness about developments, practices, and policies with respect to the personal information of a minor. The operator should provide each minor using the website, online service, online application, or mobile application of the operator with a clear and prominent means to do the following:

(i) Identify and contact the operator. At minimum, the operator should disclose, clearly and prominently, the identity of the operator and—

(I) in the case of an operator who is an individual, the address of the principal residence of the operator and an email address and telephone number for the operator; or

(II) in the case of any other operator, the address of the principal place of business of the operator and an email address and telephone number for the operator.

(ii) Determine whether the operator possesses any personal information of the minor, the nature of any such information, and the purposes for which the information was collected and is being retained.

(iii) Obtain any personal information of the minor that is in the possession of the operator from the operator, or from a person specified by the operator, within a reasonable time after making a request, at a charge (if any) that is not excessive, in a reasonable manner, and in a form that is readily intelligible to the minor.

(iv) Challenge the accuracy of personal information of the minor that is in the possession of the operator.

(v) If the minor establishes the inaccuracy of personal information in a challenge under clause (iv), have such information erased, corrected, completed, or otherwise amended.

(B) LIMITATION.—Nothing in this paragraph shall be construed to permit an operator to erase or otherwise modify personal information requested by a law enforcement agency pursuant to legal authority.

(7) INDIVIDUAL PARTICIPATION PRINCIPLE.—The operator should—

(A) obtain consent from a minor before using or disclosing the personal information of the minor for any purpose other than those described in subparagraphs (A) through (C) of paragraph (3); and

(B) obtain affirmative express consent from a minor before using or disclosing previously collected personal information of the minor for purposes that constitute a material change in practice from the original purposes specified to the minor under paragraph (3).

(c) Regulations.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to implement this section, including regulations further defining the Fair Information Practices Principles described in subsection (b).

SEC. 6. Online collection of geolocation information of children and minors.

(a) Acts prohibited.—

(1) IN GENERAL.—It is unlawful for an operator of a website, online service, online application, or mobile application directed to children or minors, or an operator having actual knowledge that geolocation information being collected is from a child or minor, to collect geolocation information from a child or minor in a manner that violates the regulations prescribed under subsection (b).

(2) DISCLOSURE TO PARENT OR MINOR PROTECTED.—Notwithstanding paragraph (1), neither an operator nor the operator’s agent shall be held to be liable under any Federal or State law for any disclosure made in good faith and following reasonable procedures in responding to a request for disclosure of geolocation information under subparagraph (C)(ii)(III) or (D)(ii)(III) of subsection (b)(1).

(b) Regulations.—

(1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations that require an operator of a website, online service, online application, or mobile application directed to children or minors, or an operator having actual knowledge that geolocation information being collected is from a child or minor—

(A) to provide clear and conspicuous notice in clear and plain language of any geolocation information the operator collects, how the operator uses such information, and whether the operator discloses such information;

(B) to establish procedures or mechanisms to ensure that geolocation information is not collected from children or minors except in accordance with regulations promulgated under this paragraph;

(C) in the case of collection of geolocation information from a child—

(i) prior to collecting such information, to obtain verifiable parental consent; and

(ii) after collecting such information, to provide to the parent of the child, upon request by and proper identification of the parent—

(I) a description of the geolocation information collected from the child by the operator;

(II) the opportunity at any time to refuse to permit the further use or maintenance in retrievable form, or future collection, by the operator of geolocation information from the child; and

(III) a means that is reasonable under the circumstances for the parent to obtain any geolocation information collected from the child, if such information is available to the operator at the time the parent makes the request; and

(D) in the case of collection of geolocation information from a minor—

(i) prior to collecting such information, to obtain affirmative express consent from such minor; and

(ii) after collecting such information, to provide to the minor, upon request—

(I) a description of the geolocation information collected from the minor by the operator;

(II) the opportunity at any time to refuse to permit the further use or maintenance in retrievable form, or future collection, by the operator of geolocation information from the minor; and

(III) a means that is reasonable under the circumstances for the minor to obtain any geolocation information collected from the minor, if such information is available to the operator at the time the minor makes the request.

(2) WHEN CONSENT NOT REQUIRED.—The regulations promulgated under paragraph (1) shall provide that verifiable parental consent under subparagraph (C)(i) of such paragraph or affirmative express consent under subparagraph (D)(i) of such paragraph is not required when the collection of the geolocation information of a child or minor is necessary, to the extent permitted under other provisions of law, to provide information to law enforcement agencies or for an investigation on a matter related to public safety.

(3) CONTINUATION OF SERVICE.—The regulations promulgated under paragraph (1) shall prohibit an operator from discontinuing service provided to—

(A) a child on the basis of refusal by the parent of the child, under subparagraph (C)(ii)(II) of such paragraph, to permit the further use or maintenance in retrievable form, or future online collection, of geolocation information from the child by the operator, to the extent that the operator is capable of providing such service without such information; or

(B) a minor on the basis of refusal by the minor, under subparagraph (D)(ii)(II) of such paragraph, to permit the further use or maintenance in retrievable form, or future online collection, of geolocation information from the minor by the operator, to the extent that the operator is capable of providing such service without such information.

(c) Inconsistent State law.—No State or local government may impose any liability for commercial activities or actions by operators in interstate or foreign commerce in connection with an activity or action described in this section that is inconsistent with the treatment of those activities or actions under this section.

SEC. 7. Removal of content.

(a) Acts prohibited.—It is unlawful for an operator of a website, online service, online application, or mobile application to make publicly available through the website, service, or application content or information that contains or displays personal information of children or minors in a manner that violates the regulations prescribed under subsection (b).

(b) Regulations.—

(1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations that require an operator—

(A) to the extent technologically feasible, to implement mechanisms that permit a user of the website, service, or application of the operator to erase or otherwise eliminate content or information submitted to the website, service, or application by such user that is publicly available through the website, service, or application and contains or displays personal information of children or minors; and

(B) to take appropriate steps to make users aware of such mechanisms and to provide notice to users that such mechanisms do not necessarily provide comprehensive removal of the content or information submitted by such users.

(2) EXCEPTION.—The regulations promulgated under paragraph (1) may not require an operator or third party to erase or otherwise eliminate content or information that—

(A) any other provision of Federal or State law requires the operator or third party to maintain; or

(B) was submitted to the website, service, or application of the operator by any person other than the user who is attempting to erase or otherwise eliminate such content or information, including content or information submitted by such user that was republished or resubmitted by another person.

(3) LIMITATION.—Nothing in this section shall be construed to limit the authority of a law enforcement agency to obtain any content or information from an operator as authorized by law or pursuant to an order of a court of competent jurisdiction.

SEC. 8. Enforcement and applicability.

(a) Enforcement by the Commission.—

(1) IN GENERAL.—Except as otherwise provided, this Act and the regulations prescribed under this Act shall be enforced by the Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.).

(2) UNFAIR OR DECEPTIVE ACTS OR PRACTICES.—Subject to subsection (b), a violation of this Act or a regulation prescribed under this Act shall be treated as a violation of a rule defining an unfair or deceptive act or practice prescribed under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).

(3) ACTIONS BY THE COMMISSION.—Subject to subsection (b), and except as provided in subsection (d)(1), the Commission shall prevent any person from violating this Act or a regulation prescribed under this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act, and any person who violates this Act or such regulation shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act.

(b) Enforcement by certain other agencies.—Notwithstanding subsection (a), compliance with the requirements imposed under this Act shall be enforced as follows:

(1) Under section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818) by the appropriate Federal banking agency, with respect to an insured depository institution (as such terms are defined in section 3 of such Act (12 U.S.C. 1813)).

(2) Under the Federal Credit Union Act (12 U.S.C. 1751 et seq.) by the National Credit Union Administration Board, with respect to any Federal credit union.

(3) Under part A of subtitle VII of title 49, United States Code, by the Secretary of Transportation, with respect to any air carrier or foreign air carrier subject to such part.

(4) Under the Packers and Stockyards Act, 1921 (7 U.S.C. 181 et seq.) (except as provided in section 406 of such Act (7 U.S.C. 226; 227)) by the Secretary of Agriculture, with respect to any activities subject to such Act.

(5) Under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.) by the Farm Credit Administration, with respect to any Federal land bank, Federal land bank association, Federal intermediate credit bank, or production credit association.

(c) Enforcement by State attorneys general.—

(1) IN GENERAL.—

(A) CIVIL ACTIONS.—In any case in which the attorney general of a State has reason to believe that an interest of the residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates this Act or a regulation prescribed under this Act, the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to—

(i) enjoin that practice;

(ii) enforce compliance with this Act or such regulation;

(iii) obtain damages, restitution, or other compensation on behalf of residents of the State; or

(iv) obtain such other relief as the court may consider to be appropriate.

(B) NOTICE.—

(i) IN GENERAL.—Before filing an action under subparagraph (A), the attorney general of the State involved shall provide to the Commission—

(I) written notice of that action; and

(II) a copy of the complaint for that action.

(ii) EXEMPTION.—

(I) IN GENERAL.—Clause (i) shall not apply with respect to the filing of an action by an attorney general of a State under this paragraph, if the attorney general determines that it is not feasible to provide the notice described in that clause before the filing of the action.

(II) NOTIFICATION.—In an action described in subclause (I), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action.

(2) INTERVENTION.—

(A) IN GENERAL.—On receiving notice under paragraph (1)(B), the Commission shall have the right to intervene in the action that is the subject of the notice.

(B) EFFECT OF INTERVENTION.—If the Commission intervenes in an action under paragraph (1), it shall have the right—

(i) to be heard with respect to any matter that arises in that action; and

(ii) to file a petition for appeal.

(3) CONSTRUCTION.—For purposes of bringing any civil action under paragraph (1), nothing in this Act shall be construed to prevent an attorney general of a State from exercising the powers conferred on the attorney general by the laws of that State to—

(A) conduct investigations;

(B) administer oaths or affirmations; or

(C) compel the attendance of witnesses or the production of documentary and other evidence.

(4) ACTIONS BY THE COMMISSION.—In any case in which an action is instituted by or on behalf of the Commission for violation of this Act or a regulation prescribed under this Act, no State may, during the pendency of that action, institute an action under paragraph (1) against any defendant named in the complaint in the action instituted by or on behalf of the Commission for that violation.

(5) VENUE; SERVICE OF PROCESS.—

(A) VENUE.—Any action brought under paragraph (1) may be brought in the district court of the United States that meets applicable requirements relating to venue under section 1391 of title 28, United States Code.

(B) SERVICE OF PROCESS.—In an action brought under paragraph (1), process may be served in any district in which the defendant—

(i) is an inhabitant; or

(ii) may be found.

(d) Telecommunications carriers and cable operators.—

(1) ENFORCEMENT BY FTC.—Notwithstanding section 5(a)(2) of the Federal Trade Commission Act (15 U.S.C. 45(a)(2)), compliance with the requirements imposed under this Act shall be enforced by the Commission with respect to any telecommunications carrier (as defined in section 3 of the Communications Act of 1934 (47 U.S.C. 153)).

(2) RELATIONSHIP TO OTHER LAW.—To the extent that sections 222, 338(i), and 631 of the Communications Act of 1934 (47 U.S.C. 222; 338(i); 551) are inconsistent with this Act, this Act controls.

SEC. 9. Rule for treatment of users of websites, services, and applications directed to children or minors.

An operator of a website, online service, online application, or mobile application that is directed to children or minors shall treat all users of such website, service, or application as children or minors (as the case may be) for purposes of this Act, except as permitted by the Commission by a regulation promulgated under this Act.

SEC. 10. Definitions.

(a) In general.—In this Act:

(1) MINOR.—The term “minor” means an individual over the age of 12 and under the age of 16.

(2) TARGETED MARKETING.—The term “targeted marketing” means advertising or other efforts to market a product or service that are directed to a specific individual or device—

(A) based on the personal information of the individual or a unique identifier of the device; and

(B) as a result of use by the individual, or access by the device, of a website, online service, online application, or mobile application.

(b) Terms defined by Commission.—In this Act, the terms “directed to minors” and “geolocation information” shall have the meanings given such terms by the Commission by regulation. Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations that define such terms broadly enough so that they are not limited to current technology, consistent with the principles articulated by the Commission regarding the definition of the term “Internet” in its statement of basis and purpose on the final rule under the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501 et seq.) promulgated on November 3, 1999 (64 Fed. Reg. 59891).

(c) Other definitions.—The definitions set forth in section 1302 of the Children’s Online Privacy Protection Act of 1998 (15 U.S.C. 6501), as amended by section 3(a), shall apply in this Act, except to the extent the Commission provides otherwise by regulations issued under section 553 of title 5, United States Code.

SEC. 11. Effective dates.

(a) In general.—Except as provided in subsections (b) and (c), this Act and the amendments made by this Act shall take effect on the date that is 1 year after the date of the enactment of this Act.

(b) Authority To promulgate regulations.—The following shall take effect on the date of the enactment of this Act:

(1) The amendments made by subsections (a)(5) and (b)(3)(A) of section 3.

(2) Sections 4(b), 5(c), 6(b), and 7(b).

(3) Subsections (b) and (c) of section 10.

(c) Digital Marketing Bill of Rights for Teens.—Section 5, except for subsection (c) of such section, shall take effect on the date that is 180 days after the promulgation of regulations under such subsection.