BILL ANALYSIS

 

 

Senate Research Center

S.B. 1893

 

By: Birdwell

 

State Affairs

 

6/14/2023

 

Enrolled

 

 

 

AUTHOR'S / SPONSOR'S STATEMENT OF INTENT

 

The mobile application TikTok is owned by the Chinese company ByteDance, employs members of the Chinese Communist Party, and has a subsidiary partially owned by the Chinese Communist Party. Currently, there are more than 85 million TikTok users in the United States.

 

TikTok collects vast amounts of data from its users' devices�including when, where, and how they conduct Internet activity�and offers potentially sensitive information to the Chinese government. While TikTok has claimed that it stores U.S. data within the U.S., the company admitted in a letter to Congress in 2021 that China-based employees can have access to U.S. data. Under China's 2017 national intelligence law, all businesses are required to assist China in intelligence work including data sharing, and TikTok's algorithm has already censored topics politically sensitive to the Chinese Communist Party.

 

On December 7, 2022, Governor Abbott directed state agency leaders to immediately ban its officers and employees from downloading or using TikTok on any government-issued devices, including cell phones, laptops, tablets, desktop computers, and other devices capable of Internet connectivity. The Texas Department of Public Safety of the State of Texas and the Texas Department of Information Resources have developed a model plan for other state agencies that would address vulnerabilities presented by the use of TikTok on personal devices. Each state agency has been directed to implement its own policy governing the use of TikTok on personal devices.

 

(Original Author's/Sponsor's Statement of Intent)

 

S.B. 1893 amends current law relating to prohibiting the use of social media applications and services on devices owned or leased by governmental entities.

 

RULEMAKING AUTHORITY

 

This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.

 

SECTION BY SECTION ANALYSIS

 

SECTION 1. Amends Subtitle A, Title 6, Government Code, by adding Chapter 620, as follows:

 

CHAPTER 620.� USE OF CERTAIN SOCIAL MEDIA APPLICATIONS AND SERVICES
ON GOVERNMENTAL ENTITY DEVICES PROHIBITED

 

Sec. 620.001.  DEFINITIONS. Defines "covered application" and "governmental entity."

 

Sec. 620.002. DEFINING SECURITY RISK TO THIS STATE. Provides that a social media application or service, for the purposes of this chapter, poses a risk to this state if:

 

(1) the provider of the application or service may be required by a foreign government, or an entity associated with a foreign government, to provide confidential or private personal information collected by the provider through the application or service to the foreign government or associated entity without substantial due process rights or similar legal protections; or

 

(2)  the application or service poses a similar risk to the security of this state's sensitive information, critical infrastructure, or both, as an application or service described by Section 620.001(1)(A).

 

Sec. 620.003. PROHIBITION; MODEL POLICY. (a) Requires a governmental entity, subject to Section 620.004, to adopt a policy prohibiting the installation or use of a covered application on any device owned or leased by the governmental entity and requiring the removal of covered applications from those devices.

 

(b)  Requires the Department of Information Resources (DIR) and the Department of Public Safety of the State of Texas (DPS) to jointly develop a model policy for governmental entities to use in developing the policy required by Subsection (a).

 

Sec. 620.004.  EXCEPTIONS; MITIGATING MEASURES.� (a)� Authorizes a policy adopted under Section 620.003 to provide for the installation and use of a covered application to the extent necessary for:

 

(1)  providing law enforcement; or

 

(2)  developing or implementing information security measures.

 

(b)  Requires that a policy allowing the installation and use of a covered application under Subsection (a) require:

 

(1)  the use of measures to mitigate risks to posed to this state during the use of the covered application; and

 

(2)  the documentation of those measures.

 

Sec. 620.005.  APPLICATIONS IDENTIFIED BY GOVERNOR'S PROCLAMATION. Authorizes the governor by proclamation to identify social media applications or services that pose a risk to this state as described by Section 620.002.

 

Sec. 620.006.  APPLICATION IDENTIFIED BY DEPARTMENT OF INFORMATION RESOURCES AND DEPARTMENT OF PUBLIC SAFETY.� (a) Requires DIR and DPS to jointly identify social media applications or services that pose a risk to this state as described by Section 620.002.

 

(b) Requires DIR to:

 

(1)  annually submit a list of applications and services identified under Subsection (a) to the governor;

 

(2)  publish the list on DIR's publicly accessible Internet website; and

 

(3)  periodically update the list on that website.

 

SECTION 2. Requires each governmental entity, not later than the 60th day after the date DIR and DPS make available the model policy required by Section 620.003(b), Government Code, as added by this Act, to adopt the policy required by Section 620.003(a), Government Code, as added by this Act.

 

SECTION 3. Effective date: upon passage or September 1, 2023.