Sec. 4. Fair Information Practices Principles
914 words·~4 min read·
/bill/118/s/1418/rs/section-4A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Fair Information Practices Principles described in this section are the following: Except as provided in paragraph (3), personal information should be collected from a child or teen only when collection of the personal information is— consistent with the context of a particular transaction or service or the relationship of the child or teen with the operator, including collection necessary to fulfill a transaction or provide a service requested by the child or teen; or required or specifically authorized by law. The personal information of a child or teen should be accurate, complete, and kept up-to-date to the extent necessary to fulfill the purposes described in subparagraphs
(A)through
(D)of paragraph (3). The purposes for which personal information is collected and used should be specified to the parent of a child or to a teen not later than at the time of the collection of the information. The subsequent use or disclosure of the information should be limited to— fulfillment of the transaction or service requested by the teen or parent of the child; support for the internal operations of the website, service, or application, as described in section 312.2 of title 16, Code of Federal Regulations (as in effect on the date of enactment of this Act), excluding any activity relating to targeted marketing directed to children, teens, or a device of a child or teen if the support for internal operations in consistent with the interest of the child or teen; compliance with legal process or other purposes expressly authorized under specific legal authority; or other purposes— that are specified in a notice to the teen or parent of the child; and to which the teen or parent of the child has consented under paragraph
(7)before the information is used or disclosed for such other purposes. The personal information of a child or teen should not be retained for longer than is necessary to fulfill a transaction or provide a service requested by the child or teen or such other purposes specified in subparagraphs
(A)through
(D)of paragraph (3). The operator should implement a reasonable and appropriate data disposal policy based on the nature and sensitivity of personal information described in subparagraph (A). The personal information of a child or teen should be protected by reasonable and appropriate security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure. The operator should be transparent about developments, practices, and policies with respect to the personal information of a child or teen. The operator should provide to each parent of a child, or to each teen, using the website, online service, online application, mobile application, or connected device of the operator with a clear and prominent means— to identify and contact the operator, by, at a minimum, disclosing, clearly and prominently, the identity of the operator and— in the case of an operator who is an individual, the address of the principal residence (but not a personal residence) of the operator and an email address or online contact form and telephone number for the operator; or in the case of any other operator, the address of the principal place of business of the operator and an email address or online contact form and telephone number for the operator; to determine whether the operator possesses any personal information of the child or teen, the nature of any such information, and the purposes for which the information was collected and is being retained; to obtain any personal information of the child or teen that is in the possession of the operator from the operator, or from a person specified by the operator, within a reasonable time after making a request, at a charge (if any) that is not excessive, in a reasonable manner, and in a form that is readily intelligible to the child or teen; to challenge the accuracy of personal information of the child or teen that is in the possession of the operator; to determine if the child or teen has established the inaccuracy of personal information in a challenge under clause
(iv)in order to have such information erased, corrected, completed, or otherwise amended; and to determine the method by which the operator obtains data relevant to the child or teen. Nothing in this paragraph shall be construed to permit an operator to erase or otherwise modify personal information requested by a law enforcement agency pursuant to legal authority. The operator should— obtain consent from a parent of a child or from a teen before using or disclosing the personal information of the child or teen for any purpose other than the purposes described in subparagraph
(A)of paragraph (3); and obtain affirmative express consent from a parent of a child or from a teen before using or disclosing previously collected personal information of the child or teen for purposes that constitute a material change in practice from the original purposes specified to the child or teen under paragraph (3). The personal information of a child or teen shall not be used to direct content to the child or teen, or a group of individuals similar to the child or teen, on the basis of race, socioeconomic factors, or any proxy thereof. Nothing in this section, including compliance with the Fair Information Principles, shall be construed to permit an operator to avoid compliance with other requirements set forth in this Act or the Children's Online Privacy Protection Act ( 15 U.S.C. 6501 et seq. ).
Connectionstraces to 1
Traces to 1 document
U.S. Code
Citation graph
cites case law
Sec. 4
Fair Information Practices Principles
Cites 1Cited by 0 across 0 sources