Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8413 (Introduced in House) — To establish a national framework for consumer privacy rights and the protection of personal data, and for other purp... · Sec. 6

Sec. 6. Processors

479 words·~2 min read·/bill/119/hr/8413/ih/section-6·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

A processor shall adhere to the instructions of a controller and shall assist the controller in meeting the requirements of this Act, including by taking into account the nature of processing and the information available to the processor— by appropriate administrative and technical measures, insofar as reasonably practicable, to fulfill the requirements of the controller to respond to an assertion of any consumer right described under section 2; and by assisting the controller in meeting the requirements of the controller under section 4.
A contract between a controller and a processor shall govern the data processing procedures of the processor with respect to processing performed on behalf of the controller. The contract shall clearly set forth instructions for processing personal data, the nature and purpose of processing, the type of personal data subject to processing, the duration of processing, and the rights and obligations of both parties. At a minimum, the contract between a controller and processor shall include requirements that the processor does the following:
Ensures that each person processing personal data is subject to a duty of confidentiality with respect to the data. At the direction of the controller, deletes or returns all personal data to the controller as requested at the end of the provision of services, unless retention of the personal data is required by law. Upon the reasonable request of the controller, makes available to the controller all information in the possession of the processor necessary to demonstrate compliance by the processor with the requirements of this Act.
Either— allows and cooperates with reasonable assessments by the controller or a designated assessor by the controller; or the processor— arranges for a qualified and independent assessor to conduct an assessment of the policies and administrative and technical measures of such processor that meet the requirements of this Act using an appropriate and accepted control standard or framework and assessment procedure for such assessment; and provides a report of the assessment to the controller upon request.
If a processor engages a subcontractor, include in any subcontract a requirement that the subcontractor meet the obligations of the processor with respect to the personal data. Nothing in this section may be construed to relieve a controller or processor from any liability imposed on the controller or processor by virtue of a role in a processing. The determination about whether a person is acting as a controller or processor with respect to a specific processing of personal data is a fact-based determination that depends upon the context in which personal data is to be processed.
If a processor, alone or jointly with others, begins determining the purpose and means of processing personal data, such processor is a controller with respect to a specific processing of such personal data. A processor that follows the instructions of a controller with respect to a specific processing of personal data remains a processor.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.