Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · H.R. 8749 (Introduced in House) — To provide for digital accountability and transparency. · Sec. 4

Sec. 4. Required data practices

625 words·~3 min read·/bill/116/hr/8749/ih/section-4

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, that require covered entities to implement, practice, and maintain certain data procedures and processes that meet the following requirements: Except as provided in subsection (b), require covered entities to meet all of the following requirements regarding the means by and purposes for which covered data is collected, processed, stored, and disclosed:
Except as provided in paragraph (3), covered data collection, processing, storage, and disclosure practices must meet a reasonable interest of the covered entity, including— business, educational, and administrative operations that are relevant and appropriate to the context of the relationship between the covered entity and the individual linked to the covered data; relevant and appropriate product and service development and enhancement; preventing and detecting abuse, fraud, and other criminal activity; reasonable communications and marketing practices that follow best practices, rules, and ethical standards; engaging in scientific, medical, or statistical research that follows commonly accepted ethical standards; or any other purpose for which the Commission considers to be reasonable.
Covered data collection, processing, storage, and disclosure practices may not be for purposes that result in discrimination against a protected characteristic, including— discriminatory targeted advertising practices; price, service, or employment opportunity discrimination; or any other practice the Commission considers likely to result in unfair discrimination against a protected characteristic. Covered data collection, processing, storage, and disclosure practices may not be accomplished with means or for purposes that are deceptive, including— the use of inconspicuous recording or tracking devices and methods; the disclosure of covered data that a reasonable individual believes to be the content of a private communication with another party or parties; notices, interfaces, or other representations likely to mislead consumers; or any other practice that the Commission considers likely to mislead individuals regarding the purposes for and means by which covered data is collected, processed, stored, or disclosed.
Except as provided in subsection (b), require covered entities to provide individuals with conspicuous access to a method that is in easily understandable language, concise, accurate, clear, to opt out of any collection, processing, storage, or disclosure of covered data linked to the individual. Except as provided in subsection (b), require covered entities to provide individuals with a notice that is concise, in easily understandable language, accurate, clear, timely, and conspicuous to express affirmative, opt-in consent— before the covered entity collects or discloses sensitive data linked to the individual; or before the covered entity collects, processes, stores, or discloses data for purposes which are outside the context of the relationship of the covered entity with the individual linked to the data, including— the use of covered data beyond what is necessary to provide, improve, or market a good or service that the individual requests; the processing or disclosure of covered data differs in material ways from the purposes described in the privacy policy that was in effect when the data was collected; and any other purpose that Commission considers outside of context.
Except as provided in subsection (b), require covered entities to— take reasonable measures to limit the collection, processing, storage, and disclosure of covered data to the amount that is necessary to carry out the purposes for which the data is collected; and store covered data only as long as is reasonably necessary to carry out the purposes for which the data was collected. Subsection
(a)shall not apply if the limitations on the collection, processing, storage, or disclosure of covered data would— inhibit detection or prevention of a security risk or incident; risk the health, safety, or property of the covered entity or individual; or prevent compliance with an applicable law (including regulations) or legal process.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.