Sec. 404. Relationship to Federal and State laws

1,372 words·~6 min read·/bill/117/hr/8152/rh/section-404

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Nothing in this Act or a regulation promulgated under this Act may be construed to limit— the authority of the Commission, or any other Executive agency, under any other provision of law; any requirement for a common carrier subject to section 64.2011 of title 47, Code of Federal Regulations (or any successor regulation) regarding information security breaches; or any other provision of Federal law, except as otherwise provided in this Act. Nothing in this Act may be construed to modify, impair or supersede the operation of the antitrust law or any other provision of law.

Nothing in the regulatory regime adopted by this Act shall be construed as operating to limit any law deterring anticompetitive conduct or diminishing the need for full application of the antitrust law. Nothing in this Act explicitly or implicitly precludes the application of the antitrust law. For purposes of this section, the term antitrust law has the same meaning as in subsection

(a)of the first section of the Clayton Act ( 15 U.S.C. 12 ), except that such term includes section 5 of the Federal Trade Commission Act ( 15 U.S.C. 45 ) to the extent that such section 5 applies to unfair methods of competition. A covered entity that is required to comply with title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ), the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17931 et seq. ), part C of title XI of the Social Security Act ( 42 U.S.C. 1320d et seq. ), the Fair Credit Reporting Act ( 15 U.S.C. 1681 et seq. ), the Family Educational Rights and Privacy Act ( 20 U.S.C. 1232g ; part 99 of title 34, Code of Federal Regulations) to the extent such covered entity is a school as defined in 20 U.S.C. 1232g(a)(3) or 34 C.F.R. 99.1(a), section 444 of the General Education Provisions Act (commonly known as the Family Educational Rights and Privacy Act of 1974 ) ( 20 U.S.C. 1232g ) and part 99 of title 34, Code of Federal Regulations (or any successor regulation), the Confidentiality of Alcohol and Drug Abuse Patient Records at 42 U.S.C. 290dd-2 and its implementing regulations at 42 CFR part 2, the Genetic Information Non-discrimination Act (GINA), or the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 ( 42 U.S.C. 1320d–2 note), and is in compliance with the data privacy requirements of such regulations, part, title, or Act (as applicable), shall be deemed to be in compliance with the related requirements of this Act, except for section 208, solely and exclusively with respect to data subject to the requirements of such regulations, part, title, or Act. Not later than 1 year after the date of enactment of this Act, the Commission shall issue guidance describing the implementation of this paragraph. A covered entity that is required to comply with title V of the Gramm-Leach-Bliley Act ( 15 U.S.C. 6801 et seq. ), the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17931 et seq. ), part C of title XI of the Social Security Act ( 42 U.S.C. 1320d et seq. ), or the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 ( 42 U.S.C. 1320d–2 note), and is in compliance with the information security requirements of such regulations, part, title, or Act (as applicable), shall be deemed to be in compliance with the requirements of section 208, solely and exclusively with respect to data subject to the requirements of such regulations, part, title, or Act. Not later than 1 year after the date of enactment of this Act, the Commission shall issue guidance describing the implementation of this paragraph. No State or political subdivision of a State may adopt, maintain, enforce, prescribe, or continue in effect any law, regulation, rule, standard, requirement, or other provision having the force and effect of law of any State, or political subdivision of a State, covered by the provisions of this Act, or a rule, regulation, or requirement promulgated under this Act. Paragraph

(1)may not be construed to preempt, displace, or supplant the following State laws, rules, regulations, or requirements: Consumer protection laws of general applicability, such as laws regulating deceptive, unfair, or unconscionable practices, except that the fact of a violation of this Act or a regulation promulgated under this Act may not be pleaded as an element of any violation of such a law. Civil rights laws. Provisions of laws, in so far as, that govern the privacy rights or other protections of employees, employee information, students, or student information. Laws that address notification requirements in the event of a data breach. Contract or tort law. Criminal laws. Civil laws governing fraud, theft (including identity theft), unauthorized access to information or electronic devices, unauthorized use of information, malicious behavior, or similar provisions of law. Civil laws regarding cyberstalking, cyberbullying, nonconsensual pornography, sexual harassment, child abuse material, child pornography, child abduction or attempted child abduction, coercion or enticement of a child for sexual activity, or child sex trafficking. Public safety or sector specific laws unrelated to privacy or security. Provisions of law, insofar as such provisions address public records, criminal justice information systems, arrest records, mug shots, conviction records, or non-conviction records. Provisions of law, insofar as such provisions address banking records, financial records, tax records, Social Security numbers, credit cards, consumer and credit reporting and investigations, credit repair, credit clinics, or check-cashing services. Provisions of law, insofar as such provisions address facial recognition or facial recognition technologies, electronic surveillance, wiretapping, or telephone monitoring. The Biometric Information Privacy Act (740 ICLS 14 et seq.) and the Genetic Information Privacy Act (410 ILCS 513 et seq.). Provisions of laws, in so far as, such provisions to address unsolicited email or text messages, telephone solicitation, or caller identification. Provisions of laws, in so far as, such provisions address health information, medical information, medical records, HIV status, or HIV testing. Provisions of laws, in so far as, such provisions pertain to public health activities, reporting, data, or services. Provisions of law, insofar as such provisions address the confidentiality of library records. Section 1798.150 of the California Civil Code (as amended on November 3, 2020 by initiative Proposition 24, Section 16). Laws pertaining to the use of encryption as a means of providing data security. Notwithstanding any other provisions of law, the California Privacy Protection Agency established under 1798.199.10(a) of the California Privacy Rights Act may enforce this Act, in the same manner, it would otherwise enforce the California Consumer Privacy Act, Section 1798.1050 et. seq. Notwithstanding any other provision of law, sections 222, 338(i), and 631 of the Communications Act of 1934 ( 47 U.S.C. 222 ; 338(i); 551), and any regulations and orders promulgated by the Federal Communications Commission under any such section, do not apply to any covered entity with respect to the collection, processing, transfer, or security of covered data or its equivalent, and the related privacy and data security activities of a covered entity that would otherwise be regulated under such sections shall be governed exclusively by the provisions of this Act, except for— any emergency services, as defined in section 7 of the Wireless Communications and Public Safety Act of 1999 ( 47 U.S.C. 615b ); subsections

(b)and

(g)of section 222 of the Communications Act of 1934 ( 47 U.S.C. 222 ); and any obligation of an international treaty related to the exchange of traffic implemented and enforced by the Federal Communications Commission. Nothing in this Act, nor any amendment, standard, rule, requirement, assessment, or regulation promulgated under this Act, may be construed to preempt, displace, or supplant any Federal or State common law rights or remedies, or any statute creating a remedy for civil relief, including any cause of action for personal injury, wrongful death, property damage, or other financial, physical, reputational, or psychological injury based in negligence, strict liability, products liability, failure to warn, an objectively offensive intrusion into the private affairs or concerns of the individual, or any other legal theory of liability under any Federal or State common law, or any State statutory law.

Connectionstraces to 11

Traces to 11 documents

U.S. Code