BILL ANALYSIS
Senate Research Center |
H.B. 18 |
|
By: Slawson et al. (Hughes) |
|
State Affairs |
|
5/13/2023 |
|
Engrossed |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Mounting evidence draws a strong connection between uninhibited access to social media platforms and online content and the harmful consequences of such access�this is especially true for children. There is an epidemic of self-harm, suicide, substance abuse, sexual exploitation, and human trafficking among minors. In tandem, platforms are collecting and processing vast amounts of data from minors. This data raises privacy concerns and feeds algorithms that fuel online addiction. Advertising is increasingly of concern due to its sophistication built on data taken from children and its subtle manipulation. Parents are increasingly powerless to protect their children in the face of these sophisticated companies and the technologies they create.
H.B. 18, the Securing Children Online through Parental Empowerment (SCOPE) Act, seeks to prohibit a digital service provider (DSP) from entering into an agreement with a known minor without the consent of the known minor's parent or guardian and require a DSP to provide in those agreements the ability for the parent or guardian to permanently enable certain settings. The SCOPE Act seeks also to require certain disclosures regarding advertising and provide parents better insight into how algorithms are used to target their children.
H.B. 18 amends current law relating to the protection of minors from harmful, deceptive, or unfair trade practices in connection with the use of certain digital services.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Authorizes this Act to be cited as the Securing Children Online through Parental Empowerment (SCOPE) Act.
SECTION 2. Amends Subtitle A, Title 11, Business and Commerce Code, by adding Chapter 509, as follows:
CHAPTER 509. USE OF DIGITAL SERVICES BY MINORS
SUBCHAPTER A. GENERAL PROVISIONS
Sec. 509.001. DEFINITIONS. Defines "digital service," "digital service provider," "known minor," "minor," and "verified parent."
Sec. 509.002. APPLICABILITY. (a) Provides that this chapter does not apply to:
(1) a state agency or a political subdivision of this state;
(2) a financial institution or data subject to Title V, Gramm-Leach-Bliley Act (15 U.S.C. Section 6801 et seq.);
(3) a covered entity or business associate governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services, 45 C.F.R. Parts 160 and 164, established under the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.), and the Health Information Technology for Economic and Clinical Health Act (Division A, Title XIII, and Division B, Title IV, Pub. L. No. 111-5);
(4) a small business as defined by the United States Small Business Administration on September 1, 2024;
(5) an institution of higher education;
(6) a digital service provider who processes or maintains user data in connection with the employment, promotion, reassignment, or retention of the user as an employee or independent contractor, to the extent that the user's data is processed or maintained for that purpose;
(7) an operator or provider regulated by Subchapter D (Student Information), Chapter 32, Education Code; or
(8) a person subject to the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. Section 1232g) that operates a digital service.
(b) Provides that an Internet service provider or Internet service provider's affiliate is not considered to be a digital service provider if the Internet service provider or affiliate provides access or connection to a digital service, unless the Internet service provider or affiliate exercises control of or is otherwise responsible for the creation or provision of content that exposes a known minor to harm as described by Section 509.053.
(c) Provides that a person is not a known minor after the person's 18th birthday.
SUBCHAPTER B. DIGITAL SERVICE PROVIDER DUTIES AND PROHIBITIONS
Sec. 509.051. PROHIBITION ON AGREEMENTS WITH KNOWN MINORS; EXEMPTIONS. (a) Prohibits a digital service provider, except as provided by this section, from entering into an agreement with a known minor.
(b) Provides that an agreement, for purposes of this section, includes a terms of service agreement, a user agreement, and the creation of an account for a digital service.
(c) Authorizes a digital service provider to enter into an agreement with a known minor if the known minor's parent or guardian consents in a verifiable manner that:
(1) is specific, informed, and unambiguous; and
(2) occurs in the absence of any financial incentive.
(d) Provides that the following, for purposes of this section, are acceptable methods a digital service provider is authorized to use to obtain consent:
(1) providing a form for the known minor's parent or guardian to sign and return to the digital service provider by common carrier, facsimile, or electronic scan;
(2) providing a toll-free telephone number for the known minor's parent or guardian to call to consent;
(3) coordinating a call with a known minor's parent or guardian over videoconferencing technology;
(4) collecting information related to the known minor's parent's or guardian's government-issued identification and deleting that information after confirming the identity of the parent or guardian;
(5) allowing the known minor's parent or guardian to provide consent by responding to an e-mail and taking additional steps to verify the parent's or guardian's identity;
(6) obtaining consent from a person registered with the digital service provider as the known minor's verified parent under Section 509.052; and
(7) any other commercially reasonable method of obtaining consent that complies with Subsection (c).
(e) Requires that an agreement under this section include a method by which a known minor's parent or guardian can register with the digital service provider as the minor's verified parent under Section 509.052.
(f) Requires a digital service provider, before obtaining consent from a known minor's parent or guardian, to give the parent or guardian the ability to permanently enable settings to:
(1) enable the highest privacy setting offered by the digital service provider;
(2) prevent the digital service provider from collecting any data associated with the minor that is not necessary to provide the digital service;
(3) prevent the digital service provider from processing any data associated with the minor in a manner that is not related to the purpose for which the data was collected;
(4) prevent the digital service provider from sharing, disclosing, or transferring data associated with the minor in exchange for monetary or other valuable consideration;
(5) prevent collection of geolocation data by the digital service provider;
(6) prevent the display of targeted advertising for the minor; or
(7) prevent the minor from making purchases or financial transactions.
(g) Provides that the digital service provider, if a minor's parent or guardian, including a verified parent, gives consent or performs another function of a parent or guardian under this chapter, is considered to have actual knowledge that the minor is less than 18 years of age and is required to treat the minor as a known minor.
(h) Prohibits an agreement between a digital service provider and a known minor under this section from being construed to prevent the digital service provider from collecting, processing, or sharing user data in a manner necessary to comply with:
(1) a civil, criminal, or regulatory inquiry, investigation, subpoena, or summons by a governmental authority; or
(2) a law enforcement agency investigating conduct that the digital service provider reasonably believes in good faith to violate federal, state, or local laws.
Sec. 509.052. REGISTRATION AS VERIFIED PARENT. (a) Requires a digital service provider to provide a process for a known minor's parent or guardian to register with the digital service provider as the known minor's verified parent.
(b) Requires that the registration process under this section require a known minor's parent or guardian to confirm the parent's or guardian's identity using a method acceptable for obtaining consent under Sections 509.051(d)(1)-(5).
(c) Authorizes a person registered with a digital service provider as a known minor's verified parent to give consent or perform other functions of a known minor's parent or guardian under this chapter relating to a digital service provider with whom the verified parent is registered without confirming the verified parent's identity under Sections 509.051(d)(1)-(5).
Sec. 509.053. DIGITAL SERVICE PROVIDER DUTY TO EXERCISE REASONABLE CARE. Requires a digital service provider, in relation to a known minor's use of a digital service, to exercise reasonable care to prevent:
(1) self harm, suicide, eating disorders, and other similar behaviors;
(2) substance abuse and patterns of use that indicate addiction;
(3) bullying and harassment;
(4) sexual exploitation, including enticement, grooming, trafficking, abuse, and child pornography;
(5) advertisements for products or services that are unlawful for a minor, including illegal drugs, tobacco, gambling, pornography, and alcohol; and
(6) predatory, unfair, or deceptive marketing practices.
Sec. 509.054. ACCESS TO DATA ASSOCIATED WITH KNOWN MINOR. (a) Authorizes a known minor's parent or guardian to submit a request to a digital service provider to access any data on the digital service associated with the minor.
(b) Requires a digital service provider to establish and make available a simple and easily accessible method by which a known minor's parent or guardian is authorized to make a request for access under this section.
(c) Requires that the method established under Subsection (b):
(1) allow a known minor's parent or guardian to access:
(A) all data in the digital service provider's possession associated with the known minor, organized by type of data and by purpose for which the digital service provider processed each type of data;
(B) the name of each third party to which the digital service provider disclosed the data, if applicable;
(C) each source other than the minor from which the digital service provider obtained data associated with the known minor;
(D) the length of time for which the digital service provider will retain the data associated with the known minor;
(E) any index or score assigned to the minor as a result of the data, including whether the digital service provider created the index or score and, if not, who created the index or score;
(F) the manner in which the digital service provider uses an index or score under Paragraph (E);
(G) a method by which the known minor's parent or guardian is authorized to:
(i) dispute the accuracy of any data collected or processed by the digital service provider; and
(ii) request that the digital service provider correct any data collected or processed by the digital service provider; and
(H) a method by which the known minor's parent or guardian is authorized to request that the digital service provider delete any data associated with the known minor collected or processed by the digital service provider; and
(2) require a known minor's parent or guardian to confirm the parent's or guardian's identity using a method acceptable under Sections 509.051(d)(1)-(5).
(d) Provides that a verified parent is not required to confirm the verified parent's identity under Subsection (c)(2) when making a request under this section to the digital service provider with whom the verified parent is registered.
(e) Requires a digital service provider, if the digital service provider receives a request under Subsection (c)(1)(G), not later than the 45th day after the request is made, to determine whether the relevant data is inaccurate or incomplete and to make any corrections necessary.
(f) Requires a digital service provider, if the digital service provider receives a request under Subsection (c)(1)(H), to delete the data specified by the request not later than the 45th day after the request is made.
Sec. 509.055. ADVERTISING AND MARKETING DUTIES. Requires a digital service provider that allows advertisers to advertise to known minors on the digital service to disclose in a clear and accessible manner at the time the advertisement is displayed:
(1) the name of each product, service, or brand advertising on the digital service;
(2) the subject matter of each advertisement or marketing material on the digital service;
(3) if the digital service provider or advertiser targets advertisements to known minors on the digital service, the reason why each advertisement has been targeted to a minor;
(4) the way in which data associated with a known minor's use of the digital service leads to each advertisement targeted to the minor; and
(5) whether certain media on the digital service are advertisements.
Sec. 509.056. USE OF ALGORITHMS. Requires a digital service provider that uses algorithms to automate the suggestion, promotion, or ranking of information to known minors on the digital service to:
(1) ensure that the algorithm does not interfere with the digital service provider's duties under Section 509.053; and
(2) disclose in the digital service provider's terms of service, in a clear and accessible manner:
(A) an overview of the manner in which the digital service uses algorithms to provide information to known minors; and
(B) an overview of the manner in which those algorithms use data associated with a known minor.
Sec. 509.057.� PROHIBITION AGAINST DISCRIMINATION. Prohibits a digital service provider from discriminating against a known minor or the known minor's parent or guardian in any manner for exercising a right described by this chapter.
Sec. 509.058. PROTECTION OF TRADE SECRETS. Prohibits anything in this subchapter from being construed to require a digital service provider to disclose a trade secret.
SUBCHAPTER C. ENFORCEMENT
Sec. 509.101. DECEPTIVE TRADE PRACTICE. Provides that a violation of this chapter is a false, misleading, or deceptive act or practice as defined by Section 17.46(b) (relating to defining "false, misleading, or deceptive acts or practices"). Provides that any public remedy under Subchapter E (Deceptive Trade Practices and Consumer Protection), Chapter 17, except as provided by Section 509.102, in addition to any remedy under this chapter, is also available for a violation of this chapter.
Sec. 509.102. NO PRIVATE RIGHT OF ACTION. Prohibits this chapter from being construed as providing a basis for, or being subject to, a private right of action for a violation of this chapter.
SECTION 3. Severability clause.
SECTION 4. Effective date: September 1, 2024.