Sec. 207. Civil rights and algorithms
1,152 words·~5 min read·
/bill/117/hr/8152/ih/section-207A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
A covered entity or a service provider may not collect, process, or transfer covered data in a manner that discriminates in or otherwise makes unavailable the equal enjoyment of goods or services on the basis of race, color, religion, national origin, sex, or disability. This subsection shall not apply to— the collection, processing, or transfer of covered data for the purpose of— a covered entity’s or a service provider’s self-testing to prevent or mitigate unlawful discrimination; or diversifying an applicant, participant, or customer pool; or any private club or group not open to the public, as described in section 201(e) of the Civil Rights Act of 1964 ( 42 U.S.C. 2000a(e) ).
Whenever the Commission obtains information that a covered entity or service provider may have collected, processed, or transferred covered data in violation of subsection (a), the Commission shall transmit such information as allowable under Federal law to any Executive agency with authority to initiate enforcement actions or proceedings relating to such violation. Not later than 3 years after the date of enactment of this Act, and annually thereafter, the Commission shall submit to Congress a report that includes a summary of— the types of information the Commission transmitted to Federal agencies under paragraph
(1)during the previous 1-year period; and how such information relates to Federal civil rights laws. In transmitting information under paragraph (1), the Commission may consult and coordinate with, and provide technical and investigative assistance, as appropriate, to such Executive agency. The Commission may implement this subsection by executing agreements or memoranda of understanding with the appropriate Federal agencies. Notwithstanding any other provision of law, not later than 2 years after the date of enactment of this Act, and annually thereafter, a large data holder that uses an algorithm that may cause potential harm to an individual, and uses such algorithm solely or in part, to collect, process, or transfer covered data must conduct an impact assessment of such algorithm in accordance with subparagraph (B). The impact assessment required under subparagraph
(A)shall provide the following: A detailed description of the design process and methodologies of the algorithm. A statement of the purpose, proposed uses, and foreseeable capabilities outside of the articulated proposed use of the algorithm. A detailed description of the data used by the algorithm, including the specific categories of data that will be processed as input and any data used to train the model that the algorithm relies on. A description of the outputs produced by the algorithm. An assessment of the necessity and proportionality of the algorithm in relation to its stated purpose, including reasons for the superiority of the algorithm over nonautomated decision-making methods. A detailed description of steps the large data holder has taken or will take to mitigate potential harms to individuals, including potential harms related to— any individual under the age of 17; making or facilitating advertising for, or determining access to, or restrictions on the use of housing, education, employment, healthcare, insurance, or credit opportunities; determining access to, or restrictions on the use of, any place of public accommodation, particularly as such harms relate to the protected characteristics of individuals, including race, color, religion, national origin, sex, or disability; or disparate impact on the basis of individuals’ race, color, religion, national origin, sex, or disability status. Notwithstanding any other provision of law, not later than 2 years after the date of enactment of this Act, a covered entity or service provider that knowingly develops an algorithm, solely or in part, to collect, process, or transfer covered data or publicly available information shall prior to deploying the algorithm in interstate commerce evaluate the design, structure, and inputs of the algorithm, including any training data used to develop the algorithm, to reduce the risk of the potential harms identified under paragraph (1)(B). In complying with paragraph
(1)or (2), a covered entity and a service provider may focus the impact assessment or evaluation on any algorithm, or portions of an algorithm, that may reasonably contribute to the risk of the potential harms identified under paragraph (1)(B). To the extent possible, a covered entity and a service provider shall utilize an external, independent auditor or researcher to conduct an impact assessment under paragraph
(1)or an evaluation under paragraph (2). A covered entity and a service provider— shall, not later than 30 days after completing an impact assessment or evaluation, submit the impact assessment and evaluation conducted under paragraphs
(1)and
(2)to the Commission; shall, upon request, make such impact assessment and evaluation available to Congress; and may make a summary of such impact assessment and evaluation publicly available in a place that is easily accessible to individuals. Covered entities and service providers must make all submissions under this section to the Commission in unredacted form, but a covered entity and a service provider may redact and segregate any trade secrets (as defined in section 1839 of title 18, United States Code) from public disclosure under this subparagraph. The Commission may not use any information obtained solely and exclusively through a covered entity or a service provider’s disclosure of information to the Commission in compliance with this section for any purpose other than enforcing this Act, including the study and report provisions in paragraph 6 of this section. This provision shall not preclude the Commission from providing this information to Congress in response to a subpoena or official Congressional request. Not later than 2 years after the date of enactment of this Act, the Commission shall, in consultation with the Secretary of Commerce, or their respective designees, publish guidance regarding compliance with this section. The Commission shall have authority under section 553 of title 5, United States Code, to promulgate regulations as necessary to establish processes by which a large data holder— shall submit an impact assessment to the Commission under paragraph (3)(C)(i)(I); and may exclude from this subsection any algorithm that presents low or minimal risk for potential for harms to individuals (as identified under paragraph (1)(B)). The Commission, in consultation with the Secretary of Commerce or the Secretary’s designee, shall conduct a study, to review any impact assessment or evaluation submitted under this paragraph. Such study shall include an examination of— best practices for the assessment and evaluation of algorithms; and methods to reduce the risk of harm to individuals that may be related to the use of algorithms. Not later than 3 years after the date of enactment of this Act, the Commission, in consultation with the Secretary of Commerce or the Secretary’s designee, shall submit to Congress a report containing the results of the study conducted under subsection (a), together with recommendations for such legislation and administrative action as the Commission determines appropriate. Not later than 3 years after submission of the initial report under clause (i), and as the Commission determines necessary thereafter, the Commission shall submit to Congress an updated version of such report.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 207
Civil rights and algorithms
Cites 1Cited by 0 across 0 sources