Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 2499 (Introduced in Senate) — To establish data privacy and data security protections for consumers in the United States. · Sec. 102

Sec. 102. Transparency

374 words·~2 min read·/bill/117/s/2499/is/section-102·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A covered entity that processes covered data shall, with respect to such data, publish a privacy policy that is— disclosed, in a clear and conspicuous manner, to an individual prior to or at the point of the collection of covered data from the individual; and made available, in a clear and conspicuous manner, to the public. The privacy policy required under subsection
(a)shall include the following: The identity and the contact information of the covered entity (including the covered entity's points of contact for privacy and data security inquiries) and the identity of any affiliate to which covered data may be transferred by the covered entity. The categories of covered data the covered entity collects. The processing purposes for each category of covered data the covered entity collects. Whether the covered entity transfers covered data, the categories of recipients to whom the covered entity transfers covered data, and the purposes of the transfers. A general description of the covered entity’s data retention practices for covered data and the purposes for such retention. How individuals can exercise their rights under section 103. A general description of the covered entity’s data security practices. The effective date of the privacy policy. A privacy policy required under subsection
(a)shall be made available in all of the languages in which the covered entity provides a product or service that is subject to the policy, or carries out activities related to such product or service. If a covered entity makes a material change to its privacy policy, it shall notify the individuals affected before further processing or transferring of previously collected covered data and, except as provided in section 108, provide an opportunity to withdraw consent to further processing or transferring of the covered data under the changed policy. The covered entity shall provide direct notification, where possible, regarding a material change to the privacy policy to affected individuals, taking into account available technology and the nature of the relationship. Where the ownership of an individual’s device is transferred directly from one individual to another individual, a covered entity may satisfy its obligation to disclose a privacy policy prior to or at the point of collection of covered data by making the privacy policy available under subsection (a)(2).
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.