II
117th CONGRESS
1st Session
S. 3330
IN THE SENATE OF THE UNITED STATES
December 7, 2021
Mr. Warner (for himself, Mrs. Fischer, Ms. Klobuchar, and Mr. Thune) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation
A BILL
To prohibit the use of exploitative and deceptive practices by large online operators and to promote consumer welfare in the use of behavioral research by such providers.
Short title
This Act may be cited as the Deceptive Experiences To Online Users Reduction Act
or the DETOUR Act
.
Definitions
In this Act:
Behavioral or psychological experiment or research
The term behavioral or psychological experiment or research means the study, including through human experimentation, of overt or observable actions or mental phenomena inferred from behavior, including interactions between and among individuals and the activities of social groups.
Child
The term child
has the meaning given such term in section 1302 of the Children's Online Privacy Protection Act of 1998 (15 U.S.C. 6501).
Commission
The term Commission means the Federal Trade Commission.
Compulsive usage
The term compulsive usage means any response stimulated by external factors that causes an individual to engage in repetitive behavior causing psychological distress, loss of control, anxiety, depression, or harmful stress responses.
Independent review board
The term independent review board means a board, committee, or other group that serves to protect the welfare and privacy of users and is formally designated by a large online operator to review, to approve the initiation of, and to conduct periodic review of, any research by, or at the direction or discretion of, a large online operator, involving human subjects.
Informed consent
The term informed consent—
means the express, affirmative consent freely given by a user, in which such user is provided a clear and conspicuous description—
of a process by which a user is provided adequate information prior to being included in any behavioral or psychological experiment or research in order to allow for an informed decision about voluntary participation in such behavioral or psychological research experiment or research; and
ensuring the understanding by such user of the furnished information and any associated benefits, risks, or consequences of participation prior to obtaining the voluntary agreement to participate by the user; and
does not include—
the consent of a child; or
the consent to a provision contained in a general contract or service agreement.
Large online operator
The term large online operator means any person that—
provides an online service;
has more than 100,000,000 authenticated users of an online service in any 30-day period; and
is subject to the jurisdiction of the Commission under the Federal Trade Commission Act (15 U.S.C. 41 et seq.).
Online service
The term online service means a website or a service, other than an internet access service, that is made available to the public over the internet, including a social network, a search engine, or an email service.
User
The term user means any individual who engages with an online service.
User data
The term user data means any information relating to an identified or identifiable individual user, whether directly submitted to the large online operator by the user or derived from the observed activity of the user by the large online operator.
Unfair and deceptive acts and practices relating to the manipulation of user interfaces
Conduct prohibited
It shall be unlawful for any large online operator—
to design, modify, or manipulate a user interface with the purpose or substantial effect of obscuring, subverting, or impairing user autonomy, decision-making, or choice to obtain consent or user data;
to subdivide or segment consumers of online services into groups for the purposes of behavioral or psychological experiment or research of users of an online service, except with the informed consent of each user involved; or
to design, modify, or manipulate a user interface on a website or online service, or portion thereof, that is directed to a child, with the purpose or substantial effect of causing, increasing, or encouraging compulsive usage, inclusive of video auto-play functions initiated without the consent of a user.
Duties of large online operators
Any large online operator that engages in any form of behavioral or psychological experiment or research based on the activity or data of its users shall do each of the following:
The large online operator shall disclose to its users on a routine basis, but not less than once each 90 days, the general purpose of any such behavioral or psychological experiment or research, to each user whose user data is or was during the previous 90-day period subject to or included in any behavioral or psychological experiment or research.
The large online operator shall disclose to the public on a routine basis, but not less than once each 90 days, any experiments or studies with the purposes of promoting engagement or product conversion being currently undertaken, or concluded since the prior disclosure.
The large online operator shall present the disclosures described in paragraphs (1) and (2) in a manner that—
is clear, conspicuous, context-appropriate, and easily accessible; and
is not deceptively obscured.
Subject to subparagraph (B), the large online operator shall remove and delete all data obtained from affected users in the course of behavioral or psychological experiment or research if the large online operator—
determines (or determines that it has reason to believe) that the informed consent for the processing of user data for such behavioral or psychological experiment or research was inappropriately acquired from such users; and
is unable to obtain within 2 business days of such determination the appropriate informed consent.
If the large online operator is unable to remove and delete user data pursuant to subparagraph (A), the large online operator shall discontinue the related behavioral or psychological experiment or research.
The large online operator shall establish an Independent Review Board for any behavioral or psychological experiment or research, of any purpose, conducted on users or on the basis of user activity or data, which shall review and have authority to approve, require modification in, or disapprove all behavioral or psychological experiment or research.
The large online operator shall ensure that any Independent Review Board established under paragraph (5) shall register with the Commission, including providing to the Commission—
the names and resumes of every Board member;
the composition and reporting structure of the Board to the management of the operator;
the process by which the Board is to be notified of proposed studies or modifications along with the processes by which the board is capable of vetoing or amending such proposals;
any compensation provided to board members; and
any conflict of interest that might exist concerning a board member’s participation in the Board.
Registered professional standards body
In general
An association of large online operators may register as a professional standards body by filing with the Commission an application for registration in such form as the Commission, by rule, may prescribe containing the rules of the association and such other information and documents as the Commission, by rule, may prescribe as necessary or appropriate in the public interest or for protecting the welfare of users of large online operators.
Professional standards body
An association of large online operators may not register as a professional standards body unless the Commission determines that—
the association is so organized and has the capacity to enforce compliance by its members and persons associated with its members, with the provisions of this Act;
the rules of the association provide that any large online operator may become a member of such association;
the rules of the association ensure a fair representation of its members in the selection of its directors and administration of its affairs and provide that one or more directors shall be representative of users and not be associated with, or receive any direct or indirect funding from, a member of the association or any large online operator;
the rules of the association are designed to prevent exploitative and manipulative acts or practices, to promote transparent and fair principles of technology development and design, to promote research in keeping with best practices of study design and informed consent, and to continually evaluate industry practices and issue contractually binding guidance consistent with the objectives of this Act;
the rules of the association provide that its members and persons associated with its members shall be appropriately disciplined for violation of any provision of this Act, the rules or regulations thereunder, or the rules of the association, by expulsion, suspension, limitation of activities, functions, fine, censure, being suspended or barred from being associated with a member, or any other appropriate sanction; and
the rules of the association are in accordance with the provisions of this Act, and, in general, provide a fair procedure for the disciplining of members and persons associated with members, the denial of membership to any person seeking membership therein, the barring of any person from becoming associated with a member thereof, and the prohibition or limitation by the association of any person with respect to access to services offered by the association or a member thereof.
Responsibilities and activities
Bright-line rules
An association shall—
develop, on a continuing basis, guidance and bright-line rules for the development and design of technology products of large online operators consistent with subparagraph (B); and
notify the Commission of such guidance and bright-line rules.
Safe harbors
In formulating guidance under subparagraph (A), the association shall define conduct that does not have the purpose or substantial effect of subverting or impairing user autonomy, decision-making, or choice, or of cultivating compulsive usage for a child, such as—
de minimis user interface changes derived from testing consumer preferences, including different styles, layouts, or text, where such changes are not done with the purpose of obtaining user consent or user data;
algorithms or data outputs outside the control of a large online operator or its affiliates; and
establishing default settings that provide enhanced privacy protection to users or otherwise enhance their autonomy and decision-making ability.
Enforcement by the Commission
Unfair or deceptive acts or practices
In general
A violation of subsection (a) or (b) shall be treated as a violation of a rule defining an unfair or deceptive act or practice under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)).
Determination
For purposes of enforcement of this Act, the Commission shall determine an act or practice is unfair or deceptive if the act or practice—
has the purpose, or substantial effect, of subverting or impairing user autonomy, decision-making, or choice to obtain consent or user data; or
has the purpose, or substantial effect, of cultivating compulsive usage by a child.
Powers of the Commission
In general
The Commission shall enforce this Act and the regulations promulgated under this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act.
Privileges and immunities
Any person who violates this Act or a regulation promulgated under this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act (15 U.S.C. 41 et seq.).
Authority preserved
Nothing in this Act shall be construed to limit the authority of the Commission under any other provision of law.
Regulations
Not later than 1 year after the date of enactment of this Act, the Commission shall promulgate regulations under section 553 of title 5, United States Code, that—
establish rules and procedures for obtaining the informed consent of users;
establish rules for the registration, formation, oversight, and management of the independent review boards, including standards that ensure effective independence of such entities from improper or undue influence by a large online operator;
establish rules for the registration, formation, oversight, and management of professional standards bodies, including procedures for the regular oversight of such bodies and revocation of their designation;
in consultation with a professional standards body established under subsection (c), define conduct that does not have the purpose or substantial effect of subverting or impairing user autonomy, decision-making, or choice, or of cultivating compulsive usage for a child, such as—
de minimis user interface changes derived from testing consumer preferences, including different styles, layouts, or text, where such changes are not done with the purpose of obtaining user consent or user data;
algorithms or data outputs outside the control of a large online operator or its affiliates; and
establishing default settings that provide enhanced privacy protection to users or otherwise enhance their autonomy and decision-making ability.
Safe harbor
The Commission may not bring an enforcement action under this Act against any large online operator that relied in good faith on the guidance of a professional standards body.
