Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · S. 3300 (Introduced in Senate) — To establish a Federal data protection agency, and for other purposes. · Sec. 8

Sec. 8. Specific agency authorities

660 words·~3 min read·/bill/116/s/3300/is/section-8·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

This subsection shall apply to any covered entity that satisfies one or more of the following thresholds: The entity has annual gross revenues that exceed $25,000,000. The entity annually buys, receives for the covered entity’s commercial purposes, sells, or discloses for commercial purposes, alone or in combination, the personal information of 50,000 or more individuals, households, or devices. The entity derives 50 percent or more of its annual revenues from the sale of personal data. The Agency may require reports and conduct examinations on a periodic basis of covered entities described in paragraph
(1)for purposes of— assessing compliance with the requirements of Federal privacy laws; obtaining information about the activities subject to such laws and the associated compliance systems or procedures of such entities; detecting and assessing associated risks to individuals and groups of individuals; and requiring and overseeing ex-ante impact assessments and ex-post outcome audits of high-risk data practices to advance fair and just data practices. The Agency may take any action authorized under this Act to prevent a covered entity from committing or engaging in an unfair or deceptive act or practice (as defined by the Agency under this subsection) in connection with the collection, disclosure, processing, and misuse of personal data. The Agency may prescribe rules applicable to a covered entity identifying as unlawful, unfair, or deceptive acts or practices in connection with the collection, disclosure, processing, and misuse of personal data. Rules under this section may include requirements for the purpose of preventing such acts or practices. The Agency shall have no authority under this section to declare an act or practice in connection with the collection, disclosure, processing, and misuse of personal data to be unlawful on the grounds that such act or practice is unfair, unless the Agency has a reasonable basis to conclude that— the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers; and such substantial injury is not outweighed by countervailing benefits to consumers or to competition. In determining whether an act or practice is unfair, the Agency may consider established public policies as evidence to be considered with all other evidence. Such public policy considerations may not serve as a primary basis for such determination. The Agency shall establish, in consultation with the appropriate Federal regulatory agencies, reasonable procedures to provide a timely response to consumers, in writing where appropriate, to complaints against, or inquiries concerning, a covered entity, including— steps that have been taken by the regulator in response to the complaint or inquiry of the consumer; any responses received by the regulator from the covered entity; and any follow-up actions or planned follow-up actions by the regulator in response to the complaint or inquiry of the consumer. A covered entity subject to supervision and primary enforcement by the Agency pursuant to this Act shall provide a timely response to the Agency, in writing where appropriate, concerning a consumer complaint or inquiry, including— steps that have been taken by the covered entity to respond to the complaint or inquiry of the consumer; responses received by the covered entity from the consumer; and follow-up actions or planned follow-up actions by the covered entity to respond to the complaint or inquiry of the consumer. To the extent practicable, State agencies may receive appropriate complaints from the systems established by the Agency under this subsection, if— the State agency system has the functional capacity to receive calls or electronic reports routed by the Agency systems; the State agency has satisfied any conditions of participation in the system that the Agency may establish, including treatment of personal information and sharing of information on complaint resolution or related compliance procedures and resources; and participation by the State agency includes measures necessary to provide for protection of personal information that conform to the standards for protection of the confidentiality of personal information and for data integrity and security that apply to Federal agencies.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.