Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8014 (Introduced in House) — To provide for individual rights relating to privacy of personal information, to establish privacy and security requi... · Sec. 208

Sec. 208. Requirements for notice and consent processes and privacy policies

462 words·~2 min read·/bill/119/hr/8014/ih/section-208·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Director shall establish minimum thresholds that covered entities must meet for the percentage of individuals who understand a notice or consent process or privacy policy required by this Act. In establishing such minimum thresholds, the Director shall— vary required thresholds on types and scale of reasonably foreseeable privacy harms; and take into account expectations of individuals, potential privacy harms, and individuals’ awareness of privacy harms. A covered entity shall make available a reasonable mechanism by which an individual may revoke consent for any consent given under this Act.
The Director shall develop procedures for analyzing and approving data submitted by a covered entity to establish that a notice and consent process or privacy policy of such covered entity meets the threshold established under subsection (a). If a covered entity submits testing data to and receives an approval from the Director under paragraph
(1)establishing that a notice or consent process or privacy policy of such covered entity meets the threshold established under subsection (a), such notice or consent process or privacy policy shall be presumed to have met such threshold. Such presumption may be rebutted by clear and convincing evidence. The Director shall make publicly available online the notice and consent processes and privacy policies and associated testing data that the Director approves under paragraph (1). If a small business adopts a notice or consent process of another covered entity that collects, processes, maintains, or discloses personal information in substantially the same way as such small business, if the process of such other covered entity has been approved under paragraph (1), the process of such small business shall receive the presumption under paragraph (2). A covered entity whose notice or consent process is approved under paragraph
(1)shall permit a small business to freely use such process, or a derivative thereof, as described in subparagraph (A). In the case of a small business for which there is no approved notice or consent process published under paragraph
(3)of a covered entity that collects, processes, maintains, or discloses personal information in substantially the same way as such small business, any requirement under this title for a notice or consent process to be objectively shown to meet the threshold established by the Director under subsection
(a)shall not apply to such small business. Nothing in the preceding sentence exempts a small business from the requirement to use such notice or consent process or that such process be concise and clear. Paragraph
(4)does not apply with respect to a privacy policy. A covered entity may make minor changes in a notice or consent process or privacy policy approved under paragraph
(1)and retain the presumption under paragraph
(2)for such process or policy without retesting or resubmission of testing data to the Director.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.