Sec. 5. Digital Marketing Bill of Rights for Teens and Fair Information Practices Principles
787 words·~4 min read·
/bill/113/s/1700/is/section-5A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
It is unlawful for an operator of a website, online service, online application, or mobile application directed to minors, or an operator having actual knowledge that personal information being collected is from a minor, to collect personal information from a minor unless such operator has adopted and complies with a Digital Marketing Bill of Rights for Teens that is consistent with the Fair Information Practices Principles described in subsection (b). The Fair Information Practices Principles described in this subsection are the following:
Except as provided in paragraph (3), personal information should be collected from a minor only when collection of the personal information is— consistent with the context of a particular transaction or service or the relationship of the minor with the operator, including collection necessary to fulfill a transaction or provide a service requested by the minor; or required or specifically authorized by law. The personal information of a minor should be accurate, complete, and kept up-to-date to the extent necessary to fulfill the purposes described in subparagraphs
(A)through
(D)of paragraph (3). The purposes for which personal information is collected should be specified to the minor not later than at the time of the collection of the information. The subsequent use or disclosure of the information should be limited to— fulfillment of the transaction or service requested by the minor; support for the internal operations of the website, service, or application, as described in section 312.2 of title 16, Code of Federal Regulations; compliance with legal process or other purposes expressly authorized under specific legal authority; or other purposes— that are specified in a notice to the minor; and to which the minor has consented under paragraph
(7)before the information is used or disclosed for such other purposes. The personal information of a minor should not be retained for longer than is necessary to fulfill a transaction or provide a service requested by the minor or such other purposes specified in subparagraphs
(A)through
(D)of paragraph (3). The operator should implement a reasonable and appropriate data disposal policy based on the nature and sensitivity of such personal information. The personal information of a minor should be protected by reasonable and appropriate security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure. The operator should maintain a general policy of openness about developments, practices, and policies with respect to the personal information of a minor. The operator should provide each minor using the website, online service, online application, or mobile application of the operator with a clear and prominent means— to identify and contact the operator, by, at a minimum, disclosing, clearly and prominently, the identity of the operator and— in the case of an operator who is an individual, the address of the principal residence of the operator and an email address and telephone number for the operator; or in the case of any other operator, the address of the principal place of business of the operator and an email address and telephone number for the operator; to determine whether the operator possesses any personal information of the minor, the nature of any such information, and the purposes for which the information was collected and is being retained; to obtain any personal information of the minor that is in the possession of the operator from the operator, or from a person specified by the operator, within a reasonable time after making a request, at a charge (if any) that is not excessive, in a reasonable manner, and in a form that is readily intelligible to the minor; to challenge the accuracy of personal information of the minor that is in the possession of the operator; and if the minor establishes the inaccuracy of personal information in a challenge under clause (iv), to have such information erased, corrected, completed, or otherwise amended. Nothing in this paragraph shall be construed to permit an operator to erase or otherwise modify personal information requested by a law enforcement agency pursuant to legal authority. The operator should— obtain consent from a minor before using or disclosing the personal information of the minor for any purpose other than the purposes described in subparagraphs
(A)through
(C)of paragraph (3); and obtain affirmative express consent from a minor before using or disclosing previously collected personal information of the minor for purposes that constitute a material change in practice from the original purposes specified to the minor under paragraph (3). Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate, under section 553 of title 5, United States Code, regulations to implement this section, including regulations further defining the Fair Information Practices Principles described in subsection (b).