Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · H.R. 2701 (Introduced in House) — To provide for individual rights relating to privacy of personal information, to establish privacy and security requi... · Sec. 2

Sec. 2. Definitions

2,440 words·~11 min read·/bill/118/hr/2701/ih/section-2

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this Act: The term Agency means the Digital Privacy Agency established in section 301. The term Agency investigator means any attorney or investigator employed by the Agency who is charged with the duty of enforcing or carrying into effect any provision of this Act or a rule or order prescribed under this Act. The term behavioral personalization means the processing of an individual’s personal information, using an algorithm, model, or other means— built using— that individual’s personal information collected over a period of time; or an aggregate of the information of one or more similarly situated individuals; and designed to— alter, influence, guide, or predict that individual’s behavior; tailor or personalize a product or service to that individual; or filter, sort, limit, promote, display or otherwise differentiate between specific content or categories of content that would otherwise be accessible to that individual.
The term behavioral personalization does not include the use of historical personal information to merely prevent the display of or provide additional information about previously accessed content. The term collect includes, with respect to personal information or the contents of any communication, obtaining such information or contents in any manner, except when solely transmitting, routing, providing intermediate storage for, or providing connections for such personal information or communication through a system or network.
The term Commission means the Federal Trade Commission. The term contents , when used with respect to communication, has the meaning given such term in section 2510 of title 18, United States Code. The term covered entity means a person who— intentionally collects, processes, or maintains personal information; and sends or receives such personal information over the internet or a similar communications network. The term covered entity does not include a natural person, except to the extent such person is engaged in a commercial activity that is more than de minimis.
The term custodian means the custodian or any deputy custodian designated by the Agency. The term data breach means unauthorized access to or acquisition of personal information or contents of communications maintained by such covered entity. The term data-sharing abuse means processing, by a third party, of personal information or contents of communications disclosed by a covered entity to the third party, for any purpose other than— a purpose specified by the covered entity to the third party at the time such personal information or contents of communications was disclosed; or a purpose to which the individual to whom the information relates has consented.
The term de-identify means, with respect to information, performing actions so that such information cannot reasonably identify, relate to, describe, reference, be capable of being associated with, or be linked, directly or indirectly, to a particular individual or device, but only to the extent that the covered entity that uses such information— has performed such actions using best practices for the types of data such information contains; has implemented technical safeguards that prohibit re-identification of the individual with whom such information was linked; has implemented business processes that specifically prohibit re-identification of the information; has implemented business processes to prevent inadvertent release of such information; and makes no attempt to re-identify such information.
The Director may determine that a methodology of de-identifying personal information is insufficient for the purposes of this paragraph. The term Director means the Director of the Agency. The term disclose means, with respect to personal information or contents of communication, to sell, release, transfer, share, disseminate, make available, or otherwise cause to be communicated, such information or contents to a third party. The term documentary material includes the original or any copy of any book, document, record, report, memorandum, paper, communication, tabulation, chart, logs, electronic files, or other data or data compilations stored in any medium.
The term Federal agency has the meaning given to the term agency in section 3371 of title 5, United States Code. The term Federal privacy laws includes the laws and regulations described in section 502. The term government entity means— a Federal agency; a State or political subdivision thereof; or any agency, authority, or instrumentality of a State or political subdivision thereof. The term individual means a natural person residing in the United States. The term Indian Tribe has the meaning given such term in section 4(e) of the Indian Self-Determination and Education Assistance Act ( 25 U.S.C. 5304(e) ).
The term maintain means, with respect to personal information or the contents of any communication, to store, secure, or otherwise cause the retention of such information or contents, or to take actions necessary for storing, securing, or otherwise causing the retention of such information or contents. The term nonpublic information means information that has not been disclosed in a criminal, civil, or administrative proceeding, in a government investigation, report, or audit, or by the news media or other public source of information, and that was not obtained in violation of the law.
The term personal information means any information maintained by a covered entity that, on its own or combined with other information, is linked or reasonably linkable to a specific individual or a specific device, including de-identified personal information and the means to behavioral personalization created for or linked to a specific individual. The term personal information does not include— publicly available information linked to an individual; or information derived or inferred from personal information, if the derived or inferred information is not linked or reasonably linkable to a specific individual.
The term privacy harm means an adverse consequence or a potential adverse consequence to an individual, a group of individuals, or society caused from collecting, processing, maintaining, or disclosing of personal information or contents of communications, including— direct or indirect financial loss or economic harm; physical harm; psychological harm, including anxiety, embarrassment, fear, and other trauma; adverse outcomes or decisions with respect to the eligibility of an individual for rights, benefits, or privileges in employment (including hiring, firing, promotion, demotion, and compensation), credit and insurance (including denial of an application or obtaining less favorable terms), housing, education, professional certification, or the provision of health care and related services; stigmatization or reputational harm; price discrimination; adverse consequences that affect the private life of an individual, including private family matters and actions and communications within the home of such individual or a similar physical, online, or digital location where such individual has a reasonable expectation that personal information will not be collected, processed, or maintained; the chilling of free expression or action of an individual, a group of individuals, or society, due to perceived or actual pervasive and excessive collecting, processing, disclosing, or maintaining of personal information or contents of communications; impairing the autonomy of an individual, a group of individuals, or society; and other adverse consequences or potential adverse consequences, consistent with the provisions of this Act, as determined by the Director.
The term privacy-preserving computing means the collecting, processing, disclosing, or maintaining of personal information that has been encrypted or otherwise rendered unintelligible using a means that cannot be reversed by a covered entity, or a covered entity’s service provider, such that— if such personal information could be rendered intelligible through cooperation or sharing of cryptographic secrets by multiple persons, the covered entity has both technical safeguards and business processes to prevent such cooperation or sharing; if such personal information is rendered intelligible within a hardware processing unit or other means of performing operations on the information, there are technical safeguards that, during the normal course of operation— prevent rendering personal information intelligible anywhere but within the hardware processing unit or other means of performing operations; and make the exporting or otherwise observing of such intelligible information, or the cryptographic secret used to protect such information, impossible; and if the result of such processing of the personal information is also personal information, such result must be unintelligible to the covered entity or service provider and protected by privacy-preserving computing.
The Director may determine that a methodology of privacy-preserving computing is insufficient for the purposes of this definition. The term process means to perform or cause to be performed any operation or set of operations on personal information or contents of communication, whether or not by automated means. The term protected class means the actual or perceived race, color, ethnicity, national origin, religion, sex (including sexual orientation and gender identity or expression), familial status, or disability of an individual or group of individuals.
The term publicly available information — means— information that is lawfully made available from a government entity; information linked to a public individual or official that is made publicly accessible, without restrictions on accessibility other than the general authorization to access the services used to make the information accessible; information of an individual that— is made publicly accessible by such individual, without restrictions on accessibility other than the general authorization to access the services used to make the information accessible; and such individual has the ability to delete or change without relying on a request under section 102 or 103; and does not include— biometric information of an individual collected by a covered entity without the individual’s knowledge; information used for a purpose that is not compatible with the purpose for which the information is maintained and made available in government records; information obtained from government records for the purpose of selling such information; or information used to contact or locate a private individual either physically or electronically.
The term reasonable mechanism means, in the case of a mechanism for individuals to exercise a right under title I or interact with a covered entity under title II, a mechanism that— is equivalent in availability and ease of use to that of other mechanisms for communicating or interacting with the covered entity; and includes an online means of exercising such right or engaging in such interaction, if such individuals communicate or interact with such covered entity through an online medium or if such covered entity provides information processing services through a public or widely available application programming interface (or similar mechanism).
The terms sell and sale mean the disclosing of personal information for monetary consideration or for a thing of value by a covered entity to a third party for the purposes of processing, maintaining or disclosing such personal information at the third party’s discretion. The terms sell and sale do not include— the disclosing of personal information of an individual to a third party with which the individual has a direct relationship for purposes of providing a product or service requested by the individual or otherwise in a manner that is consistent with an individual’s reasonable expectations considering the context in which the individual provided the personal information to the covered entity; the disclosing or transfer of personal information to a subsidiary or an affiliate of the covered entity; or the disclosing or transfer of personal information to a third party as an asset that is part of a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the covered entity’s assets, unless personal information makes up the majority of the value of the assets of which the third party assumes control.
The term service provider means a covered entity that— processes, discloses, or maintains personal information, where such covered entity does not process, disclose, or maintain the personal information other than in accordance with the directions and on behalf of another covered entity; does not directly collect personal information from or control the mechanism for collecting personal information from an individual; does not earn revenue from processing, maintaining, or disclosing personal information disclosed to such covered entity by another covered entity except by providing contracted services to such other covered entity; does not disclose personal information to another covered entity unless such personal information was provided by such other covered entity or resulted from maintaining or processing performed on personal information exclusively provided by such other covered entity; does not offer services that allow another covered entity to target specific individuals using personal information not provided by such other covered entity; with respect to personal information processed or maintained by such covered entity on behalf of another covered entity, assists such other covered entity in complying with title I, including providing tools for such other covered entity to comply with such requirements if requested; and does not link the personal information provided by another covered entity to personal information from any other source.
A covered entity shall be treated as a service provider under this Act only to the extent that such covered entity is acting as a service provider, as defined in subparagraph (A). The term significant privacy harm means adverse consequences to an individual arising from the collecting, processing, maintaining, or disclosing of personal information or contents of communications, limited to subparagraph (A), (B), or
(D)of paragraph (23). The term small business means a covered entity that— does not earn revenue from the sale of personal information; earns less than half of annual revenues from the processing of personal information for targeted or personalized advertising; has not, in combination with each subsidiary and affiliate of the service, maintained personal information of 250,000 or more individuals for 3 or more of the preceding 12 months; has fewer than 200 employees; and received less than $25,000,000 in gross revenue in the preceding 12-month period. The term State means each State of the United States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe. The term State attorney general means, with respect to a State, the attorney general or chief law enforcement officer of the State, or another official or agency designated by the State to bring civil actions on behalf of the State or the residents of the State. The term State privacy regulator means an agency or instrumentality of a State that has the primary purpose of administering, implementing, or enforcing a privacy law or associated rules or regulations. The term third party means, with respect to a covered entity, a person— to which such covered entity disclosed personal information; and that is not— such covered entity; a subsidiary or corporate affiliate of such covered entity; or a service provider of such covered entity. The term users means, with respect to a product or service, the monthly active users, subscribers, or customers (or a reasonable proxy or substitute therefor determined by the Director) of such product or service. The term violation means, except where otherwise specified, any act or omission that, if proved, would constitute a violation of any provision of this Act or a rule or order issued pursuant to this Act.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 2
Definitions
U.S.C.§ 5304
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.