| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the protection of minors from harmful, deceptive, or |
|
|
unfair trade practices in connection with the use of certain |
|
|
digital services. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subtitle A, Title 11, Business & Commerce Code, |
|
|
is amended by adding Chapter 509 to read as follows: |
|
|
CHAPTER 509. COLLECTION OR USE OF MINORS' PERSONAL IDENTIFYING |
|
|
INFORMATION BY DIGITAL SERVICE PROVIDERS |
|
|
SUBCHAPTER A. GENERAL PROVISIONS |
|
|
Sec. 509.001. DEFINITIONS. In this chapter: |
|
|
(1) "Digital service" means a website, an application, |
|
|
a program, or software that performs collection or processing |
|
|
functions with Internet connectivity. |
|
|
(2) "Digital service provider" means a person who owns |
|
|
or operates a digital service. |
|
|
(3) "Minor" means a child who is at least 13 years of |
|
|
age but younger than 18 years of age. |
|
|
(4) "Personal identifying information" means any |
|
|
information linked or reasonably linked to a specific minor, |
|
|
including: |
|
|
(A) a name, account name, alias, or online |
|
|
identifier; |
|
|
(B) a home or other physical address; |
|
|
(C) an Internet Protocol (IP) address or e-mail |
|
|
address; |
|
|
(D) a social security number; |
|
|
(E) a telephone number; |
|
|
(F) a driver's license number or state |
|
|
identification card number; |
|
|
(G) a passport number; |
|
|
(H) physical characteristics or description; |
|
|
(I) race, ethnicity, or national origin; |
|
|
(J) religion or faith; |
|
|
(K) sex, gender, or sexual orientation; |
|
|
(L) family status; |
|
|
(M) disability status; |
|
|
(N) political affiliation; |
|
|
(O) commercial information, including: |
|
|
(i) records relating to personal property; |
|
|
(ii) products or services the minor |
|
|
purchased, obtained, or considered; or |
|
|
(iii) other histories, interests, or |
|
|
tendencies in consumption; |
|
|
(P) biometric information; |
|
|
(Q) device identifiers, online identifiers, |
|
|
persistent identifiers, or digital fingerprinting information; |
|
|
(R) Internet, browsing, or search history, |
|
|
including any information relating to a minor's use of an Internet |
|
|
website; |
|
|
(S) geolocation information; |
|
|
(T) audio, electronic, visual, thermal, |
|
|
olfactory, or similar information, including facial recognition; |
|
|
(U) educational information; |
|
|
(V) health information; |
|
|
(W) the contents of, attachments to, and parties |
|
|
to text messages, e-mails, voicemails, audio conversations, and |
|
|
video conversations; |
|
|
(X) financial information, including: |
|
|
(i) bank account numbers; |
|
|
(ii) credit card numbers; |
|
|
(iii) debit card numbers; |
|
|
(iv) insurance policy numbers; or |
|
|
(v) information related to the balance of |
|
|
any financial accounts; or |
|
|
(Y) any inferences drawn from personal |
|
|
identifying information that might identify a minor's traits, |
|
|
characteristics, or trends. |
|
|
Sec. 509.002. APPLICABILITY. (a) This chapter applies to a |
|
|
digital service provider that: |
|
|
(1) collects or processes the personal identifying |
|
|
information of minors; and |
|
|
(2) either: |
|
|
(A) targets minors; or |
|
|
(B) knows or should know that the digital service |
|
|
appeals to minors. |
|
|
(b) For purposes of Subsection (a): |
|
|
(1) a digital service targets or appeals to minors if: |
|
|
(A) the digital service contains subject matter |
|
|
that is tailored toward minors, including: |
|
|
(i) animated characters; |
|
|
(ii) instruction or activities intended for |
|
|
minors; |
|
|
(iii) music or audio popular among minors; |
|
|
(iv) images containing: |
|
|
(a) models who are minors; or |
|
|
(b) celebrities who are minors or who |
|
|
are popular among minors; |
|
|
(v) colloquial use of language that is |
|
|
common among minors; or |
|
|
(vi) advertisements intended for minors; or |
|
|
(B) empirical evidence obtained by the digital |
|
|
service provider, an advertiser, the press, third-party |
|
|
complaints, or another entity that conducts privacy and security |
|
|
impact assessments demonstrates that: |
|
|
(i) many users of the digital service are |
|
|
minors; or |
|
|
(ii) the intended audience for the digital |
|
|
service is minors; and |
|
|
(2) a digital service does not target or appeal to |
|
|
minors by referring or linking to a digital service that targets or |
|
|
appeals to minors. |
|
|
SUBCHAPTER B. DIGITAL SERVICE PROVIDER DUTIES AND PROHIBITIONS |
|
|
Sec. 509.051. DIGITAL SERVICE PROVIDER DUTY TO PREVENT |
|
|
HARM. (a) A digital service provider shall prevent physical, |
|
|
emotional, and developmental harm to a minor using a digital |
|
|
service, including: |
|
|
(1) self harm, suicide, eating disorders, and other |
|
|
similar behaviors; |
|
|
(2) substance abuse and patterns of use that indicate |
|
|
addiction; |
|
|
(3) bullying and harassment; |
|
|
(4) sexual exploitation, including enticement, |
|
|
grooming, trafficking, abuse, and child pornography; |
|
|
(5) advertisements for products or services that are |
|
|
unlawful for a minor, including illegal drugs, tobacco, gambling, |
|
|
pornography, and alcohol; and |
|
|
(6) predatory, unfair, or deceptive marketing |
|
|
practices. |
|
|
(b) A digital service provider shall ensure that a minor is |
|
|
not exposed to a type of harm described by Subsection (a). |
|
|
Sec. 509.052. PROHIBITION ON COLLECTION OF PERSONAL |
|
|
IDENTIFYING INFORMATION; EXEMPTIONS. (a) Except as provided by this |
|
|
section, a digital service provider may not collect a minor's |
|
|
personal identifying information. |
|
|
(b) A digital service provider may collect a minor's |
|
|
personal identifying information for employment purposes. |
|
|
(c) A digital service provider may collect a minor's |
|
|
personal identifying information if the minor's parent or guardian |
|
|
consents in a manner that: |
|
|
(1) is specific, informed, and unambiguous; |
|
|
(2) takes into account: |
|
|
(A) the minor's age; and |
|
|
(B) the minor's developmental and cognitive |
|
|
needs and capabilities; |
|
|
(3) is for only a single specific act of collection or |
|
|
processing of personal identifying information; |
|
|
(4) occurs in the absence of any financial or other |
|
|
incentive; |
|
|
(5) occurs before the collection or processing of the |
|
|
minor's personal identifying information; |
|
|
(6) occurs in a time, place, and manner that the |
|
|
minor's parent or guardian would expect the consent to be sought; |
|
|
and |
|
|
(7) is not deceptive or coercive. |
|
|
(d) A digital service provider may collect a minor's |
|
|
personal identifying information without the consent of the minor's |
|
|
parent or guardian if: |
|
|
(1) the personal identifying information is a form of |
|
|
online contact information that: |
|
|
(A) is used to respond to a single specific |
|
|
request made by the minor; |
|
|
(B) is not used to contact the minor in any other |
|
|
way; and |
|
|
(C) is not retained by the digital service |
|
|
provider once a response has been made; |
|
|
(2) the personal identifying information is for the |
|
|
purpose of receiving consent under Subsection (c) and is not |
|
|
retained by the digital service provider after: |
|
|
(A) the minor's parent or guardian gives consent |
|
|
under Subsection (c); or |
|
|
(B) eight hours after the personal identifying |
|
|
information is collected; or |
|
|
(3) the personal identifying information is necessary |
|
|
to respond to judicial process or comply with a law enforcement |
|
|
agency on a matter related to public safety. |
|
|
(e) A digital service provider that collects a minor's |
|
|
personal identifying information with the consent of the minor's |
|
|
parent or guardian shall set the minor's digital service to the |
|
|
strongest settings available to protect the minor from harm, as |
|
|
described by Section 509.051(a). |
|
|
Sec. 509.053. PARENTAL TOOLS. (a) A digital service |
|
|
provider shall make available to each parent or guardian who gives |
|
|
consent under Section 509.052 parental tools to allow the parent or |
|
|
guardian to supervise the minor's use of the digital service. |
|
|
(b) Parental tools under this section must allow a parent or |
|
|
guardian to: |
|
|
(1) control the minor's privacy and account settings, |
|
|
including the settings described by Section 509.052(e); |
|
|
(2) restrict the ability of a minor to make purchases |
|
|
and financial transactions; |
|
|
(3) monitor the amount of time the minor spends using |
|
|
the digital service; and |
|
|
(4) disable any default parental controls placed on |
|
|
the digital service. |
|
|
Sec. 509.054. ACCESS TO PERSONAL IDENTIFYING INFORMATION. |
|
|
(a) A minor or minor's parent or guardian may submit a request to a |
|
|
digital service provider to access the minor's personal identifying |
|
|
information. |
|
|
(b) A digital service provider shall establish and make |
|
|
available a simple and easily accessible method by which a minor or |
|
|
a minor's parent or guardian may make a request for information |
|
|
under this section. |
|
|
(c) The method established under Subsection (b) must allow a |
|
|
minor or minor's parent or guardian to access: |
|
|
(1) all of the minor's personal identifying |
|
|
information in the digital service provider's possession that the |
|
|
provider has collected or processed, organized by: |
|
|
(A) type of personal identifying information; |
|
|
and |
|
|
(B) purpose for which the digital service |
|
|
provider processed each type of personal identifying information; |
|
|
(2) the name of each third party to which the digital |
|
|
service provider disclosed the personal identifying information, |
|
|
if applicable; |
|
|
(3) each source other than the minor from which the |
|
|
digital service provider obtained the minor's personal identifying |
|
|
information; |
|
|
(4) the length of time for which the digital service |
|
|
provider will retain the minor's personal identifying information; |
|
|
(5) any index or score assigned to the minor as a |
|
|
result of the personal identifying information, including whether |
|
|
the digital service provider created the index or score and, if not, |
|
|
who created the index or score; |
|
|
(6) the manner in which the digital service provider |
|
|
uses an index or score under Subdivision (5); |
|
|
(7) a method by which a minor or minor's parent or |
|
|
guardian may: |
|
|
(A) dispute the accuracy of any personal |
|
|
identifying information collected or processed by the digital |
|
|
service provider; and |
|
|
(B) request that the digital service provider |
|
|
correct any personal identifying information collected or |
|
|
processed by the digital service provider; and |
|
|
(8) a method by which a minor or minor's parent or |
|
|
guardian may request that the digital service provider delete any |
|
|
personal identifying information collected or processed by the |
|
|
digital service provider. |
|
|
(d) If a digital service provider receives a request under |
|
|
Subsection (c)(7), the digital service provider shall, not later |
|
|
than the 45th day after the request is made: |
|
|
(1) determine whether the relevant personal |
|
|
identifying information is inaccurate or incomplete; and |
|
|
(2) make any corrections necessary. |
|
|
(e) If a digital service provider receives a request under |
|
|
Subsection (c)(8), the digital service provider shall delete the |
|
|
personal identifying information specified by the request not later |
|
|
than the 45th day after the request is made. |
|
|
Sec. 509.055. ADVERTISING AND MARKETING DUTIES. A digital |
|
|
service provider that allows advertisers to advertise to minors on |
|
|
the digital service shall disclose in a clear and accessible |
|
|
manner: |
|
|
(1) the name of each product, service, or brand |
|
|
advertising on the digital service; |
|
|
(2) the subject matter of each advertisement or |
|
|
marketing material on the digital service; |
|
|
(3) if the digital service provider or advertiser |
|
|
targets advertisements to minors on the digital service, the reason |
|
|
why each advertisement has been targeted to a minor; |
|
|
(4) the way in which a minor's personal identifying |
|
|
information leads to each advertisement targeted to the minor; and |
|
|
(5) whether certain media on the digital service are |
|
|
advertisements. |
|
|
Sec. 509.056. USE OF ALGORITHMS. A digital service provider |
|
|
that uses algorithms to automate the suggestion, promotion, or |
|
|
ranking of information to minors on the digital service shall: |
|
|
(1) ensure that the algorithm does not interfere with |
|
|
the digital service provider's duties under Section 509.051; and |
|
|
(2) disclose in the digital service provider's terms |
|
|
of service, in a clear and accessible manner: |
|
|
(A) an overview of the manner in which the |
|
|
digital service uses algorithms to provide information to minors; |
|
|
(B) an overview of the manner in which those |
|
|
algorithms use the personal identifying information of minors; |
|
|
(C) options available to a minor and a minor's |
|
|
parent or guardian to modify the results of information provided by |
|
|
the algorithm, including the ability to opt out of or down-rank |
|
|
certain information; and |
|
|
(D) the ability minors have to opt out of using |
|
|
the algorithm. |
|
|
Sec. 509.057. PROHIBITION ON LIMITING OR DISCONTINUING |
|
|
DIGITAL SERVICE. A digital service provider may not limit or |
|
|
discontinue a digital service provided to a minor because the minor |
|
|
or minor's parent or guardian withholds or withdraws consent to the |
|
|
collection or processing of any personal identifying information |
|
|
not required to provide the digital service. |
|
|
SUBCHAPTER C. ENFORCEMENT |
|
|
Sec. 509.101. CIVIL ACTION; LIABILITY. (a) A minor's parent |
|
|
or guardian may bring an action against a digital service provider |
|
|
for a violation of this chapter. |
|
|
(b) Notwithstanding Sections 41.003 and 41.004, Civil |
|
|
Practice and Remedies Code, a parent or guardian who prevails in an |
|
|
action under this section is entitled to receive: |
|
|
(1) injunctive relief; |
|
|
(2) actual damages; |
|
|
(3) punitive damages; |
|
|
(4) reasonable attorney's fees; |
|
|
(5) court costs; and |
|
|
(6) any other relief the court deems appropriate. |
|
|
(c) A violation of this chapter constitutes an injury in |
|
|
fact to the minor. |
|
|
Sec. 509.102. DECEPTIVE TRADE PRACTICE. A violation of this |
|
|
chapter is a false, misleading, or deceptive act or practice as |
|
|
defined by Section 17.46(b). In addition to any remedy under this |
|
|
chapter, a remedy under Subchapter E, Chapter 17, is also available |
|
|
for a violation of this chapter. |
|
|
SECTION 2. This Act takes effect September 1, 2024. |