Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

Code · BILL · 119th Congress · H.R. 8014 (Introduced in House) — To provide for individual rights relating to privacy of personal information, to establish privacy and security requi... · Sec. 110

Sec. 110. Exemptions, exceptions, fees, timelines, and rules of construction for rights under this title

850 words·~4 min read·/bill/119/hr/8014/ih/section-110·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

This title does not apply with respect to personal information that is collected, processed, maintained, or disclosed for any of the following purposes (or a combination of such purposes), where a covered entity has technical safeguards and business processes that limit collecting, processing, maintaining, or disclosing of such personal information to the following purposes: Detecting, responding to, or preventing security incidents or threats. Protecting against malicious, deceptive, fraudulent, or illegal activity.
A good faith response to, or compliance with, a valid subpoena, court order, or warrant (including a subpoena and court order obtained by an entity that is not a government entity) or otherwise providing information as required by law. Protecting a legally recognized privilege or other legal right. Protecting public safety. Collecting, processing, or maintaining by an employer pursuant to an employer-employee relationship of records about employees or employment status, except— where the information would not be reasonably expected to be collected in the context of an employee’s regular duties; or was disclosed to the employer by a third party.
Preventing prospective abuses of a service by an individual whose account has been previously terminated. Routing a communication through a communications network or resolving the location of a host or client on a communications network. Providing transparency in advertising or origination of user-generated content. Where compliance with this title would require the re-identification of de-identified personal information, and the covered entity does not already maintain the information necessary for such re-identification, the covered entity shall be exempt from such compliance, except for requirements under section 106.
A covered entity relying on an exemption under paragraph
(1)with respect to personal information shall disclose in the privacy policy maintained by such entity under section 211— the reason for which such information is collected, processed, maintained, or disclosed; and a description of the rights provided by this title that are not available with respect to such personal information by reason of such exemption. A covered entity may deny the request of an individual under this title if— such covered entity cannot confirm the identity of such individual; such covered entity determines that granting the request of such individual would create a legitimate risk to the privacy, security, safety, or other rights of another individual; such covered entity determines that granting the request of such individual would create a legitimate risk to free expression; or the personal information requested to be corrected under section 102 or deleted under section 103— is necessary to the completion of a transaction initiated before such request was made or the performance of a contract entered into before such request was made; was collected specifically for the completion of such transaction or the performance of such contract; and would undermine the integrity of a legally significant transaction. A covered entity may not deny a request of an individual under paragraph (1)(A) on the basis of the refusal of such individual to provide additional personal information to such covered entity to confirm the identity of such individual— if the identity of such individual can reasonably be confirmed using personal information of such individual that such covered entity (as of the time of the request) already maintains; or if such individual has an existing relationship (as of the time of the request) with such covered entity, such individual has confirmed the identity of such individual to such covered entity in the same manner as for other transactions of a similar sensitivity. This title does not apply to a service provider. Except for sections 101, 105, and 106, this title does not apply to personal information secured using privacy-preserving computing. Without undue delay but not longer than 30 days after the request, a covered entity that receives a request under this title must— comply with such request; or inform such individual of the reason for denying such request, as allowed under subsection
(a)or (b). Except as provided in paragraph (2), a covered entity may not charge a fee to an individual for a request made under this title. If a request under this title is unfounded or excessive, a covered entity may charge a reasonable fee that reflects the estimated administrative costs of complying with such request. If a covered entity plans to charge a fee under paragraph (2), it must notify the Digital Privacy Agency at least 7 days before charging such fee. The Director may reject any fee that a covered entity plans to charge for a request made under this title if the Director finds— such fee to be unreasonable relative to reasonable administrative costs of complying with a request under this title; or such request is not unfounded or excessive. Nothing in this title shall be construed to require a covered entity to— take an action that would convert information that is not personal information into personal information; collect or maintain personal information or contents of communication that the covered entity would otherwise not maintain (including a record of an individual exercising rights under this title); or maintain personal information or contents of communication longer than the covered entity would otherwise maintain such personal information.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.