Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · H.R. 5807 (Introduced in House) — To establish national data privacy standards in the United States, and for other purposes. · Sec. 4

Sec. 4. Required data practices

756 words·~3 min read·/bill/117/hr/5807/ih/section-4

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, that require covered entities to implement, practice, and maintain certain data procedures and processes that meet the following requirements: Except as provided in subsection (b), require covered entities to meet all of the following requirements regarding the means by and purposes for which covered data is collected, processed, stored, and disclosed:
Except as provided in paragraph (3), covered data collection, processing, storage, and disclosure practices must meet a reasonable interest of the covered entity, including— business, educational, and administrative operations that are relevant and appropriate to the context of the relationship between the covered entity and the individual linked to the covered data; relevant and appropriate product and service development and enhancement; preventing and detecting abuse, fraud, and other criminal activity; reasonable communications and marketing practices that follow best practices, rules, and ethical standards; engaging in scientific, medical, or statistical research that follows commonly accepted ethical standards; or any other purpose for which the Commission considers to be reasonable.
In promulgating regulations in accordance with this subparagraph, the Commission shall consider— the role of impact assessments in determining the privacy risk for high-risk processing; the sensitivity of the covered data; and the impact of such regulations on small business. Covered data collection, processing, storage, and disclosure practices may not be for purposes that result in discrimination against a protected characteristic, including— discriminatory targeted advertising practices; price, service, or employment opportunity discrimination; or any other practice the Commission considers likely to result in discrimination against a protected characteristic.
In promulgating regulations in accordance with this subparagraph, the Commission shall consider— established civil rights laws, common law, and existing relevant consent decrees; the existing economic models and technology available in the digital advertising system; the role of algorithms and impact assessments; and the impact of such regulations on small businesses. Covered data collection, processing, storage, and disclosure practices may not be accomplished with means or for purposes that are deceptive, including— the use of inconspicuous recording or tracking devices and methods; the disclosure of covered data that a reasonable individual believes to be the content of a private communication with another party or parties; notices, interfaces, or other representations likely to mislead consumers; or any other practice that the Commission considers likely to mislead individuals regarding the purposes for and means by which covered data is collected, processed, stored, or disclosed.
In promulgating regulations in accordance with this subparagraph, the Commission shall consider— existing relevant consent decrees; the reasonable expectations of consumers; research on deceptive practices; the role of deceptive user interfaces; and the impact of such regulations on small businesses. Except as provided in subsection (b), require covered entities to provide individuals with conspicuous access to a method that is in easily understandable language, concise, accurate, clear, to opt out of any collection, processing, storage, or disclosure of covered data linked to the individual.
Except as provided in subsection (b), require covered entities to provide individuals with a notice that is concise, in easily understandable language, accurate, clear, timely, and conspicuous to express affirmative, opt in consent— before the covered entity collects or discloses sensitive data linked to the individual; or before the covered entity collects, processes, stores, or discloses data for purposes which are outside the context of the relationship of the covered entity with the individual linked to the data, including— the use of covered data beyond what is necessary to provide, improve, or market a good or service that the individual requests; the processing or disclosure of covered data differs in material ways from the purposes described in the privacy policy that was in effect when the data was collected; or any other purpose that Commission considers outside of context.
Except as provided in subsection (b), require covered entities to— take reasonable measures to limit the collection, processing, storage, and disclosure of covered data to the amount that is necessary to carry out the purposes for which the data is collected; and store covered data only as long as is reasonably necessary to carry out the purposes for which the data was collected. Subsection
(a)shall not apply if the limitations on the collection, processing, storage, or disclosure of covered data would— inhibit detection or prevention of a security risk or incident; risk the health, safety, or property of the covered entity or individual; or prevent compliance with an applicable law (including regulations) or legal process.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.