Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8413 (Introduced in House) — To establish a national framework for consumer privacy rights and the protection of personal data, and for other purp... · Sec. 3

Sec. 3. Controllers

608 words·~3 min read·/bill/119/hr/8413/ih/section-3·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A controller shall limit the collection of personal data to what is adequate, relevant, and reasonably necessary in relation to each purpose for which the data is processed as disclosed to the consumer. Except as otherwise provided in this section, a controller may not process personal data for any purpose that is not reasonably necessary or compatible with the disclosed purpose for which the personal data is processed as disclosed to the consumer, unless the controller obtains the consent of the consumer before any such processing.
A controller may not process personal data in violation of a Federal law that prohibits unlawful discrimination against a consumer. A controller may not discriminate against a consumer for exercising any consumer right described under section 2, including by denying goods or services, charging different prices or rates for goods or services, or providing a different level of quality of goods and services to the consumer. Nothing in subsection
(d)may be construed— to require a controller to provide a product or service that requires the personal data of a consumer that the controller does not collect or maintain; or to prohibit a controller from offering a different price, rate, level, quality, or selection of goods or services to a consumer, including offering goods or services for no fee, if the offer is related to the voluntary participation of a consumer in a bona fide loyalty, rewards, premium features, discounts, or club card program. Beginning on the date of the enactment of this Act, any provision of a contract or agreement of any kind that waives or limits a consumer right described under section 2 shall be deemed contrary to public policy and shall be void and unenforceable. Before processing the personal data of a consumer, a controller shall provide that consumer with a reasonably accessible, clear, and meaningful privacy notice that includes the following: Each category of personal data processed by the controller. Each purpose for processing personal data. How a consumer may exercise a consumer right described under section 2, including how a consumer may appeal the decision of a controller under section 2(d). Each category of personal data the controller shares with any other controller or any governmental entity. Each category of other controllers or any governmental entity, if any, with whom the controller shares personal data. Whether any personal data processed by the controller is transferred to, processed in, stored in, or sold to a covered nation. If a controller sells personal data of a consumer, the controller shall clearly and conspicuously disclose— such activity before any collection or sale of personal data; and the manner in which a consumer may exercise the right to opt out of the sale of such personal data under section 2(a)(5). If a controller processes personal data of a consumer for targeted advertising, the controller shall clearly and conspicuously disclose— such activity before any collection or use of personal data; and the manner in which a consumer may exercise the right to opt out of such processing under section 2(a)(5). A controller that relies on profiling to make a decision that has a legal or similarly significant effect on a consumer shall clearly and conspicuously disclose to such consumer before any such decision is made that— the decision will be made using automated means; and the manner in which a consumer may exercise the right to opt out of such profiling. For purposes of paragraph
(1)and section 2(a)(5), a controller relies on profiling to make a decision that has a legal or similarly significant effect on a consumer if such decision is made with no human review, involvement, oversight, or intervention.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.