CDT’s Annotations of the BROWSER Act

This is the original text of this bill, as of 6/20/2017 (.pdf here)

To see CDT’s annotations, click here.

 

115TH CONGRESS 1ST SESSION H. R. ___

To require providers of broadband internet access service and edge services to clearly and conspicuously notify users of the privacy policies of such providers, to give users opt-in or opt-out approval rights with respect to the use of, disclosure of, and access to user information collected by such providers based on the level of sensitivity of such information, and for other purposes.

IN THE HOUSE OF REPRESENTATIVES Mrs. BLACKBURN introduced the following bill; which was referred to the Committee on _______

A BILL To require providers of broadband internet access service and edge services to clearly and conspicuously notify users of the privacy policies of such providers, to give users opt-in or opt-out approval rights with respect to the use of, disclosure of, and access to user information collected by such providers based on the level of sensitivity of such information, and for other purposes.

1 Be it enacted by the Senate and House of Representa-

2 tives of the United States of America in Congress assembled,

 

[Page 2]

1 SECTION 1. SHORT TITLE.

2 This Act may be cited as the ‘‘Balancing the Rights

3 of Web Surfers Equally and Responsibly Act of 2017’’ or

4 the ‘‘BROWSER Act of 2017’’.

5 SEC. 2. NOTICE OF PRIVACY POLICIES.

6 (a) IN GENERAL.—A provider of a covered service

7 shall provide the users of the service with notice of the

8 privacy policies of the provider with respect to the service.

9 Such notice shall be clear and conspicuous.

10 (b) AVAILABILITY TO PROSPECTIVE USERS.—The

11 notice required by subsection (a) shall be made available

12 to prospective users—

13 (1) at the point of sale of, subscription to, or

14 establishment of an account for the covered service,

15 prior to such sale, subscription, or establishment,

16 whether such point of sale, subscription, or estab-

17 lishment is in person, online, over the telephone, or

18 through another means; or

19 (2) if there is no such sale, subscription, or es-

20 tablishment, before the user uses the service.

21 (c) PERSISTENT AVAILABILITY.—The notice required

22 by subsection (a) shall be made persistently available.

23 (d) MATERIAL CHANGES.—A provider of a covered

24 service shall provide users with advance notice of any ma-

25 terial change to the privacy policies of the provider. The

 

[Page 3]

1 notice required by this subsection shall be clear and con-

2 spicuous.

3 SEC. 3. USER OPT-IN OR OPT-OUT APPROVAL RIGHTS

4 BASED ON SENSITIVITY OF INFORMATION.

5 (a) OPT-IN APPROVAL REQUIRED FOR SENSITIVE

6 USER INFORMATION.—Except as provided in subsection

7 (c), a provider of a covered service shall obtain opt-in ap-

8 proval from a user to use, disclose, or permit access to

9 the sensitive user information of the user.

10 (b) OPT-OUT APPROVAL REQUIRED FOR NON-SEN-

11 SITIVE USER INFORMATION.—Except as provided in sub-

12 section (c)—

13 (1) a provider of a covered service shall obtain

14 opt-out approval from a user to use, disclose, or per-

15 mit access to any of the non-sensitive user informa-

16 tion of the user; or

17 (2) if the provider so chooses, the provider may

18 comply with the requirement of paragraph (1) by ob-

19 taining opt-in approval from the user to use, dis-

20 close, or permit access to any such non-sensitive

21 user information. 22 (c) LIMITATIONS AND EXCEPTIONS.—A provider of

23 a covered service may use, disclose, or permit access to

24 user information without user approval for the following

25 purposes:

 

[Page 4]

1 (1) In providing the covered service from which

2 such information is derived, or in providing services

3 necessary to, or used in, the provision of such serv-

4 ice.

5 (2) To initiate, render, bill, and collect for the

6 covered service.

7 (3) To protect the rights or property of the pro-

8 vider, or to protect users of the covered service and

9 other service providers from fraudulent, abusive, or

10 unlawful use of the service.

11 (4) To provide location information or non-sen-

12 sitive user information—

13 (A) to a public safety answering point,

14 emergency medical service provider or emer-

15 gency dispatch provider, public safety, fire serv-

16 ice, or law enforcement official, or hospital

17 emergency or trauma care facility, in order to

18 respond to the request of the user for emer-

19 gency services;

20 (B) to inform the legal guardian of the

21 user, or members of the immediate family of

22 the user, of the location of the user in an emer-

23 gency situation that involves the risk of death

24 or serious physical harm; or

 

[Page 5]

1 (C) to providers of information or database

2 management services solely for purposes of as-

3 sisting in the delivery of emergency services in

4 response to an emergency.

5 (5) As otherwise required or authorized by law.

6 (d) MECHANISM FOR EXERCISING USER AP-

7 PROVAL.—

8 (1) IN GENERAL.—A provider of a covered serv-

9 ice shall make available a simple, easy-to-use mecha-

10 nism for users to grant, deny, or withdraw opt-in

11 approval or opt-out approval at any time.

12 (2) FORM AND MANNER.—The mechanism re-

13 quired by paragraph (1) shall be—

14 (A) clear and conspicuous; and

15 (B) made available—

16 (i) at no additional cost to the user;

17 and

18 (ii) in a language other than English,

19 if the provider transacts business with the

20 user in such other language.

21 (3) EFFECT.—The grant, denial, or withdrawal

22 of opt-in approval or opt-out approval by a user

23 shall—

24 (A) be given effect promptly; and

 

[Page 6]

1 (B) remain in effect until the user revokes

2 or limits such grant, denial, or withdrawal of

3 approval.

4 SEC. 4. SERVICE OFFERS CONDITIONED ON WAIVERS OF

5 PRIVACY RIGHTS.

6 A provider of a covered service may not—

7 (1) condition, or effectively condition, provision

8 of such service on agreement by a user to waive pri-

9 vacy rights guaranteed by law or regulation, includ-

10 ing this Act; or

11 (2) terminate such service or otherwise refuse

12 to provide such service as a direct or indirect con-

13 sequence of the refusal of a user to waive any such

14 privacy rights.

15 SEC. 5. ENFORCEMENT BY FEDERAL TRADE COMMISSION.

16 (a) GENERAL APPLICATION.—The requirements of

17 this Act apply, according to their terms, to—

18 (1) those persons, partnerships, and corpora-

19 tions over which the Commission has authority pur-

20 suant to section 5(a)(2) of the Federal Trade Com-

21 mission Act (15 U.S.C. 45(a)(2)); and

22 (2) providers of broadband internet access serv-

23 ice, notwithstanding the exception in such section for

24 common carriers subject to the Communications Act

25 of 1934 (47 U.S.C. 151 et seq.).

 

[Page 7]

1 (b) UNFAIR OR DECEPTIVE ACTS OR PRACTICES.—

2 A violation of this Act shall be treated as an unfair or

3 deceptive act or practice in or affecting commerce for pur-

4 poses of section 5(a)(2) of the Federal Trade Commission

5 Act (15 U.S.C. 45(a)(2)).

6 (c) POWERS OF COMMISSION.—Except as provided in

7 subsection (a)(2) of this section—

8 (1) the Commission shall enforce this Act in the

9 same manner, by the same means, and with the

10 same jurisdiction, powers, and duties as though all

11 applicable terms and provisions of the Federal Trade

12 Commission Act (15 U.S.C. 41 et seq.) were incor-

13 porated into and made a part of this Act; and

14 (2) any person who violates this Act shall be

15 subject to the penalties and entitled to the privileges

16 and immunities provided in the Federal Trade Com-

17 mission Act.

18 SEC. 6. DEFINITIONS.

19 In this Act:

20 (1) BROADBAND INTERNET ACCESS SERVICE.—

21 (A) IN GENERAL.—The term ‘‘broadband

22 internet access service’’ means a mass-market

23 retail service by wire or radio that provides the

24 capability to transmit data to and receive data

25 from all or substantially all internet endpoints,

 

[Page 8]

1 including any capabilities that are incidental to

2 and enable the operation of the communications

3 service, but excluding dial-up internet access

4 service.

5 (B) FUNCTIONAL EQUIVALENT; EVA-

6 SION.—Such term also includes any service

7 that—

8 (i) the Commission finds to be pro-

9 viding a functional equivalent of the service

10 described in subparagraph (A); or

11 (ii) is used to evade the protections

12 set forth in this Act.

13 (2) COMMISSION.—The term ‘‘Commission’’

14 means the Federal Trade Commission.

15 (3) COVERED SERVICE.—The term ‘‘covered

16 service’’ means—

17 (A) broadband internet access service; or

18 (B) an edge service.

19 (4) EDGE SERVICE.—The term ‘‘edge serv-

20 ice’’—

21 (A) means a service provided over the

22 internet—

23 (i) for which the provider requires the

24 user to subscribe or establish an account in

25 order to use the service;

 

[Page 9]

1 (ii) that the user purchases from the

2 provider of the service without a subscrip-

3 tion or account;

4 (iii) by which a program searches for

5 and identifies items in a database that cor-

6 respond to keywords or characters speci-

7 fied by the user, used especially for finding

8 particular sites on the World Wide Web; or

9 (iv) by which the user divulges sen-

10 sitive user information; and

11 (B) includes a service described in sub-

12 paragraph (A) that is provided through a soft-

13 ware program, including a mobile application.

14 (5) EMERGENCY SERVICES.—The term ‘‘emer-

15 gency services’’ has the meaning given such term in

16 section 222 of the Communications Act of 1934 (47

17 U.S.C. 222).

18 (6) MATERIAL.—The term ‘‘material’’ means,

19 with respect to a change in a privacy policy of a pro-

20 vider of a covered service, any change in such policy

21 that a user of the service, acting reasonably under

22 the circumstances, would consider important to the

23 decisions of the user regarding the privacy of the

24 user, including any change to information required

25 to be included in a privacy notice under section 2.

 

[Page 10]

1 (7) MOBILE APPLICATION.—The term ‘‘mobile

2 application’’ means a software program that runs on

3 the operating system of a mobile device.

4 (8) NON-SENSITIVE USER INFORMATION.—The

5 term ‘‘non-sensitive user information’’ means any

6 user information that is not sensitive user informa-

7 tion.

8 (9) OPT-IN APPROVAL.—The term ‘‘opt-in ap-

9 proval’’ means a method for obtaining from a user

10 of a covered service consent to use, disclose, or per-

11 mit access to sensitive user information under which

12 the provider of the service obtains express consent

13 allowing the requested usage, disclosure, or access to

14 the sensitive user information.

15 (10) OPT-OUT APPROVAL.—The term ‘‘opt-out

16 approval’’ means a method for obtaining from a user

17 of a covered service consent to use, disclose, or per-

18 mit access to non-sensitive user information under

19 which the user is deemed to have consented to the

20 use, disclosure, or access to the non-sensitive user

21 information if the user has failed to object to such

22 use, disclosure, or access.

23 (11) PUBLIC SAFETY ANSWERING POINT.—The

24 term ‘‘public safety answering point’’ has the mean

 

[Page 11]

1 ing given such term in section 222 of the Commu-

2 nications Act of 1934 (47 U.S.C. 222).

3 (12) SENSITIVE USER INFORMATION.—The

4 term ‘‘sensitive user information’’ includes any of

5 the following:

6 (A) Financial information.

7 (B) Health information.

8 (C) Information pertaining to children

9 under the age of 13.

10 (D) Social Security number.

11 (E) Precise geo-location information.

12 (F) Content of communications.

13 (G) Web browsing history, history of usage

14 of a software program (including a mobile ap-

15 plication), and the functional equivalents of ei-

16 ther.

17 (13) STATE.—The term ‘‘State’’ means each of

18 the several States, the District of Columbia, the

19 Commonwealth of Puerto Rico, Guam, American

20 Samoa, the Virgin Islands of the United States, the

21 Commonwealth of the Northern Mariana Islands,

22 any other territory or possession of the United

23 States, and each federally recognized Indian Tribe.

24 (14) USER.—The term ‘‘user’’ means, with re-

25 spect to a covered service, a person who—

 

[Page 12]

1 (A) is a current or former—

2 (i) subscriber to such service; or

3 (ii) holder of an account for such serv-

4 ice;

5 (B) purchases such service without a sub-

6 scription or account;

7 (C) is an applicant for such service; or

8 (D) in the case of a service described in

9 clause (iii) or (iv) of paragraph (4)(A), uses the

10 service.

11 (15) USER INFORMATION.—The term ‘‘user in-

12 formation’’ means any information that—

13 (A) a provider of a covered service acquires

14 in connection with the provision of such service;

15 and

16 (B) is linked or reasonably linkable to an

17 individual.

18 SEC. 7. RELATIONSHIP TO OTHER LAW.

19 (a) PREEMPTION OF STATE LAW.—No State or polit-

20 ical subdivision of a State shall, with respect to a provider

21 of a covered service subject to this Act, adopt, maintain,

22 enforce, or impose or continue in effect any law, rule, reg-

23 ulation, duty, requirement, standard, or other provision

24 having the force and effect of law relating to or with re-

25 spect to the privacy of user information.

 

[Page 13]

1 (b) OTHER FEDERAL LAW.—

2 (1) IN GENERAL.—Except as provided in para-

3 graph (2), nothing in this Act shall be construed to

4 supercede any other Federal statute or regulation

5 relating to information privacy.

6 (2) COMMUNICATIONS ACT OF 1934.—Insofar as

7 any provision of the Communications Act of 1934

8 (47 U.S.C. 151 et seq.) or any regulations promul-

9 gated under such Act apply to any person, partner-

10 ship, or corporation subject to this Act with respect

11 to privacy policies, terms of service, and practices

12 covered by this Act, such provision of the Commu-

13 nications Act of 1934 or such regulations shall have

14 no force or effect, unless such regulations pertain to

15 emergency services.

Share

Share