II
117th CONGRESS
2d Session
S. 3501
IN THE SENATE OF THE UNITED STATES
January 13 (legislative day, January 10), 2022
Mr. Cassidy (for himself and Mr. Luján) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation
A BILL
To require the Federal Trade Commission to issue a short-form terms of service summary statement, and for other purposes.
Short title
This Act may be cited as the Terms-of-service Labeling, Design, and Readability Act
or the TLDR Act
.
Standard terms of service summary statement
Deadline for terms of service summary statement
Not later than 360 days after the date of the enactment of this Act, the Commission shall issue a rule under section 553 of title 5, United States Code—
that requires a covered entity to include a short-form terms of service summary statement on the website of the entity;
that requires a covered entity to include graphic data flow diagram on the website of the entity and includes guidance for such diagram; and
that requires a covered entity to display the full terms of service of the entity in an interactive data format.
Requirements for short-Form terms of service summary statement
In general
The short-form terms of service summary statement described in subsection (a)—
shall be easy to understand, machine readable, and may include tables, graphic icons, hyperlinks, or other means determined by the Commission; and
may be established separately depending on the interface or type of device on which the statement is being accessed by the user.
Location of summary statement and graphic data flow diagram
The summary statement shall be placed at the top of the permanent terms of service page of the covered entity and any graphic data flow diagram shall be located immediately below the statement.
Contents of summary statement
The summary statement shall disclose the following:
The effort required by a user to read the entire terms of service text, such as through the total word count and approximate time to read the statement.
The categories of sensitive information that the covered entity processes.
The sensitive information that is required for the basic functioning of the service and what sensitive information is needed for additional features and future feature development.
A summary of the legal liabilities of a user and any rights transferred from the user to the covered entity, such as mandatory arbitration, class action waiver, any licensing by the covered entity of the content of the user, and any waiver of moral rights.
Historical versions of the terms of service and change logs.
If the covered entity provides user deletion services, directions for how the user can delete sensitive information or discontinue the use of sensitive information.
A list of data breaches from the previous 3 years reported to consumers under existing Federal and State laws.
Anything else determined to be necessary by the Commission.
Guidance on graphic data flow diagrams
Not later than 360 days after the date of the enactment of this Act, the Commission shall publish guidelines on how a covered entity can graphically display how sensitive information of a user is shared with a subsidiary or corporate affiliate of such the entity and how sensitive information is shared with third parties.
Interactive data format terms of service
Not later than 360 days after the date of the enactment of this Act, the Commission shall issue a rule under section 553 of title 5, United States Code, that requires a covered entity to tag portions of the terms of services of the entity according to an interactive data format.
Enforcement
Unfair or deceptive acts or practices
A violation of this section or a regulation promulgated under this section shall be treated as a violation of a regulation under section 18(a)(1)(B) of the Federal Trade Commission Act (15 U.S.C. 57a(a)(1)(B)) regarding unfair or deceptive acts or practices.
Powers of the commission
The Commission shall enforce this section and the regulations promulgated under this section in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this section, and any person who violates this section or a regulation promulgated under this section shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act.
Enforcement by State Attorneys General
In any case in which the attorney general of a State has reason to believe that an interest of at least 1,000 residents of that State has been or is threatened or adversely affected by the engagement of any person in a practice that violates this section or a regulation promulgated under this section, the State, as parens patriae, may bring a civil action on behalf of the residents of the State in a district court of the United States of appropriate jurisdiction to—
enjoin that practice;
enforce compliance with the regulation;
obtain damage, restitution, or other compensation on behalf of residents of the State; or
obtain such other relief as the court may consider to be appropriate.
Notice
In general
Before filing an action under paragraph (3), the attorney general of the State involved shall provide to the Commission—
written notice of that action; and
a copy of the complaint for that action.
Exemption
In general
Subparagraph (A) shall not apply with respect to the filing of an action by an attorney general of a State under this subsection, if the attorney general determines that it is not feasible to provide the notice described in that subparagraph before the filing of the action.
Notification
In an action described in clause (i), the attorney general of a State shall provide notice and a copy of the complaint to the Commission at the same time as the attorney general files the action.
Removal to Federal court
The Commission may intervene in any action brought under paragraph (3) and remove the action to the appropriate United States district court.
Rule of construction
Nothing in this section shall be construed to limit the authority of the Commission under any other provision of law.
Definitions
In this section:
Commission
The term Commission means the Federal Trade Commission.
Covered entity
The term covered entity—
means any person that operates a website located on the internet or an online service, that is operated for commercial purposes; and
does not include a small business concern (as defined in section 3 of the Small Business Act (15 U.S.C. 632)).
Interactive data format
The term interactive data format means an electronic data format in which pieces of information are identified using an interactive data standard, such as eXtensible Markup Language (XML), that is a standardized list of electronic tags that mark the information described in section 2(b)(3) within the terms of service of a covered entity.
Sensitive information
The term sensitive information means any of the following:
Health information.
Biometric information.
Precise geolocation information.
Social security number.
Information concerning the race, color, religion, national origin, sex, age, or disability of an individual.
The content and parties to a communication.
Audio and video recordings captured through a consumer device.
Financial information, including a bank account number, credit card number, debit card number, or insurance policy number.
Online browsing history related to the information described in subparagraphs (A) through (H).
State
The term State means each of the several States, the District of Columbia, each commonwealth, territory, or possession of the United States, and each federally recognized Indian Tribe.
Third party
The term third party means, with respect to a covered entity, a person—
to whom the covered entity disclosed sensitive information; and
is not—
the covered entity;
a subsidiary or corporate affiliate of the covered entity; or
a service provider of the covered entity.
