skip to main content

H.Res. 1039: Encouraging edge providers, broadband providers, and data brokers to include certain data protections in their policies.

The text of the bill below is as of Jul 31, 2018 (Introduced).


IV

115th CONGRESS

2d Session

H. RES. 1039

IN THE HOUSE OF REPRESENTATIVES

July 31, 2018

submitted the following resolution; which was referred to the Committee on Energy and Commerce

RESOLUTION

Encouraging edge providers, broadband providers, and data brokers to include certain data protections in their policies.

Whereas numerous data breaches and invasions of privacy have eroded the American public’s confidence in the privacy protections of their data; and

Whereas this lack of confidence has eroded the perception of data security for United States companies both domestically and internationally: Now, therefore, be it

That the House encourages edge providers, broadband providers, and data brokers to include in their data protection policies—

(1)

requirements that—

(A)

data processors have a legal basis for processing the data of users;

(B)

opt-in, freely given, specific, informed, and unambiguous consent from users be a primary legal basis for purposes of subparagraph (A);

(C)

data processors design their systems in a way that—

(i)

minimizes the processing of data to only what is necessary for the specific purpose stated to the individual; and

(ii)

by default, protects personal information from being used for other purposes;

(D)

entities processing the data of children institute special protections, particularly with reference to the use of the data of children for marketing purposes;

(E)

data processors and controllers ensure compliance with relevant privacy rules; and

(F)

data processors implement appropriate oversight over third-party data processors; and

(2)

the right of an individual—

(A)

to revoke consent for data processing at any time;

(B)

not to be subject to automated decisionmaking, including profiling, without human intervention if the decisionmaking has legal or otherwise significant effects on the individual;

(C)

to know which entities have access to the data of the individual and how that data are being used;

(D)

to correct the data of the individual if it is inaccurate or incomplete; and

(E)

to obtain and reuse the data of the individual for the purposes of the individual across other services.