Sec. 9. Prohibition on sale of connected devices for children and minors that fail to meet appropriate cybersecurity and data security standards
164 words·~1 min read·
/bill/115/hr/5930/ih/section-9A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Beginning 1 year after the date of enactment of this Act, or such earlier date as the Commission considers appropriate, no person may sell a connected device unless the connected device meets appropriate cybersecurity and data security standards established by the Commission. The Commission shall promulgate, under section 553 of title 5, United States Code, cybersecurity and data security standards described in subsection (a). In promulgating cybersecurity and data security standards under paragraph (1), the Commission shall— create cybersecurity and data security standards for different subsets of connected devices based on the varying degrees of— cybersecurity and data security risk associated with each subset of connected device; sensitivity of information collected, stored, or transmitted by each subset of connected device; and functionality of each subset of connected device; consider incorporating, to the extent practicable, existing cybersecurity and data security standards; and ensure that the cybersecurity and data security standards— are consistent with Fair Information Practice Principles described in section 4; and promote data minimization.