88R20495 MLH-F
 
  By: Slawson, Patterson, González of El Paso, H.B. No. 18
      Burrows, Darby, et al.
 
  Substitute the following for H.B. No. 18:
 
  By:  Lozano C.S.H.B. No. 18
 
 
 
A BILL TO BE ENTITLED
 
AN ACT
  relating to the protection of minors from harmful, deceptive, or
  unfair trade practices in connection with the use of certain
  digital services.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  This Act may be cited as the Securing Children
  Online through Parental Empowerment (SCOPE) Act.
         SECTION 2.  Subtitle A, Title 11, Business & Commerce Code,
  is amended by adding Chapter 509 to read as follows:
  CHAPTER 509. USE OF DIGITAL SERVICES BY MINORS
  SUBCHAPTER A. GENERAL PROVISIONS
         Sec. 509.001.  DEFINITIONS. In this chapter:
               (1)  "Digital service" means a website, an application,
  a program, or software that performs collection or processing
  functions with Internet connectivity.
               (2)  "Digital service provider" means a person who owns
  or operates a digital service.
               (3)  "Known minor" means a minor under circumstances
  where a digital service provider has actual knowledge of, or
  wilfully disregards, a minor's age.
               (4)  "Minor" means a child who is younger than 18 years
  of age.
               (5)  "Verified parent" means a person who has
  registered with a digital service provider as the parent or
  guardian of a known minor under Section 509.052.
         Sec. 509.002.  APPLICABILITY. This chapter does not apply
  to:
               (1)  a state agency or a political subdivision of this
  state;
               (2)  a financial institution or data subject to Title
  V, Gramm-Leach-Bliley Act (15 U.S.C. Section 6801 et seq.);
               (3)  a covered entity or business associate governed by
  the privacy, security, and breach notification rules issued by the
  United States Department of Health and Human Services, 45 C.F.R.
  Parts 160 and 164, established under the Health Insurance
  Portability and Accountability Act of 1996 (42 U.S.C. Section 1320d
  et seq.), and the Health Information Technology for Economic and
  Clinical Health Act (Division A, Title XIII, and Division B, Title
  IV, Pub. L. No. 111-5);
               (4)  a small business as defined by the United States
  Small Business Administration on September 1, 2024; or
               (5)  an institution of higher education.
  SUBCHAPTER B. DIGITAL SERVICE PROVIDER DUTIES AND PROHIBITIONS
         Sec. 509.051.  PROHIBITION ON AGREEMENTS WITH KNOWN MINORS;
  EXEMPTIONS.  (a)  Except as provided by this section, a digital
  service provider may not enter into an agreement with a known minor.
         (b)  For purposes of this section, an agreement includes:
               (1)  a terms of service agreement;
               (2)  a user agreement; and
               (3)  the creation of an account for a digital service.
         (c)  A digital service provider may enter into an agreement
  with a known minor if the known minor's parent or guardian consents
  in a verifiable manner that:
               (1)  is specific, informed, and unambiguous; and
               (2)  occurs in the absence of any financial or other
  incentive.
         (d)  For purposes of this section, the following are
  acceptable methods a digital service provider may use to obtain
  consent:
               (1)  providing a form for the known minor's parent or
  guardian to sign and return to the digital service provider by
  common carrier, facsimile, or electronic scan;
               (2)  providing a toll-free telephone number for the
  known minor's parent or guardian to call to consent;
               (3)  coordinating a call with a known minor's parent or
  guardian over videoconferencing technology;
               (4)  collecting information related to the known
  minor's parent's or guardian's government-issued identification and
  deleting that information after confirming the identity of the
  parent or guardian;
               (5)  allowing the known minor's parent or guardian to
  provide consent by responding to an e-mail and taking additional
  steps to verify the parent's or guardian's identity; and
               (6)  obtaining consent from a person registered with
  the digital service provider as the known minor's verified parent
  under Section 509.052.
         (e)  An agreement under this section must include a method by
  which a known minor's parent or guardian can register with the
  digital service provider as the minor's verified parent under
  Section 509.052.
         (f)  Before obtaining consent from a known minor's parent or
  guardian, a digital service provider must give the parent or
  guardian the ability to permanently enable settings to:
               (1)  enable the highest privacy setting offered by the
  digital service provider;
               (2)  prevent the digital service provider from
  collecting any data associated with the minor that is not necessary
  to provide the digital service;
               (3)  prevent the digital service provider from
  processing any data associated with the minor in a manner that is
  not related to the purpose for which the data was collected;
               (4)  prevent the digital service provider from sharing,
  disclosing, or transferring data associated with the minor in
  exchange for monetary or other valuable consideration;
               (5)  prevent collection of geolocation data by the
  digital service provider;
               (6)  disable targeted advertising for the minor; or
               (7)  prevent the minor from making purchases or
  financial transactions.
         (g)  If a minor's parent or guardian, including a verified
  parent, gives consent or performs another function of a parent or
  guardian under this chapter, the digital service provider:
               (1)  is considered to have actual knowledge that the
  minor is less than 18 years of age; and
               (2)  must treat the minor as a known minor.
         Sec. 509.052.  REGISTRATION AS VERIFIED PARENT. (a) A
  digital service provider shall provide a process for a known
  minor's parent or guardian to register with the digital service
  provider as the known minor's verified parent.
         (b)  The registration process under this section must
  require a known minor's parent or guardian to confirm the parent's
  or guardian's identity using a method acceptable for obtaining
  consent under Sections 509.051(d)(1)-(5).
         (c)  A person registered with a digital service provider as a
  known minor's verified parent may give consent or perform other
  functions of a known minor's parent or guardian under this chapter
  relating to a digital service provider with whom the verified
  parent is registered without confirming the verified parent's
  identity under Sections 509.051(d)(1)-(5).
         Sec. 509.053.  DIGITAL SERVICE PROVIDER DUTY TO PREVENT
  HARM. (a) A digital service provider shall exercise reasonable
  care to prevent physical, emotional, and developmental harm to a
  known minor in relation to the minor's use of the digital service,
  including:
               (1)  self harm, suicide, eating disorders, and other
  similar behaviors;
               (2)  substance abuse and patterns of use that indicate
  addiction;
               (3)  bullying and harassment;
               (4)  sexual exploitation, including enticement,
  grooming, trafficking, abuse, and child pornography;
               (5)  advertisements for products or services that are
  unlawful for a minor, including illegal drugs, tobacco, gambling,
  pornography, and alcohol; and
               (6)  predatory, unfair, or deceptive marketing
  practices.
         (b)  A digital service provider shall exercise reasonable
  care to ensure that a known minor is not exposed to a type of harm
  described by Subsection (a) in relation to the minor's use of the
  digital service.
         Sec. 509.054.  ACCESS TO DATA ASSOCIATED WITH KNOWN MINOR.
  (a) A known minor's parent or guardian may submit a request to a
  digital service provider to access any data on the digital service
  associated with the minor.
         (b)  A digital service provider shall establish and make
  available a simple and easily accessible method by which a known
  minor's parent or guardian may make a request for access under this
  section.
         (c)  The method established under Subsection (b) must:
               (1)  allow a known minor's parent or guardian to access:
                     (A)  all data in the digital service provider's
  possession associated with the known minor, organized by:
                           (i)  type of data; and
                           (ii)  purpose for which the digital service
  provider processed each type of data;
                     (B)  the name of each third party to which the
  digital service provider disclosed the data, if applicable;
                     (C)  each source other than the minor from which
  the digital service provider obtained data associated with the
  known minor;
                     (D)  the length of time for which the digital
  service provider will retain the data associated with the known
  minor;
                     (E)  any index or score assigned to the minor as a
  result of the data, including whether the digital service provider
  created the index or score and, if not, who created the index or
  score;
                     (F)  the manner in which the digital service
  provider uses an index or score under Paragraph (E);
                     (G)  a method by which the known minor's parent or
  guardian may:
                           (i)  dispute the accuracy of any data
  collected or processed by the digital service provider; and
                           (ii)  request that the digital service
  provider correct any data collected or processed by the digital
  service provider; and
                     (H)  a method by which the known minor's parent or
  guardian may request that the digital service provider delete any
  data associated with the known minor collected or processed by the
  digital service provider; and
               (2)  require a known minor's parent or guardian to
  confirm the parent's or guardian's identity using a method
  acceptable under Sections 509.051(d)(1)-(5).
         (d)  A verified parent is not required to confirm the
  verified parent's identity under Subsection (c)(2) when making a
  request under this section to the digital service provider with
  whom the verified parent is registered.
         (e)  If a digital service provider receives a request under
  Subsection (c)(1)(G), the digital service provider shall, not later
  than the 45th day after the request is made:
               (1)  determine whether the relevant data is inaccurate
  or incomplete; and
               (2)  make any corrections necessary.
         (f)  If a digital service provider receives a request under
  Subsection (c)(1)(H), the digital service provider shall delete the
  data specified by the request not later than the 45th day after the
  request is made.
         Sec. 509.055.  ADVERTISING AND MARKETING DUTIES. A digital
  service provider that allows advertisers to advertise to known
  minors on the digital service shall disclose in a clear and
  accessible manner at the time the advertisement is displayed:
               (1)  the name of each product, service, or brand
  advertising on the digital service;
               (2)  the subject matter of each advertisement or
  marketing material on the digital service;
               (3)  if the digital service provider or advertiser
  targets advertisements to known minors on the digital service, the
  reason why each advertisement has been targeted to a minor;
               (4)  the way in which data associated with a known
  minor's use of the digital service leads to each advertisement
  targeted to the minor; and
               (5)  whether certain media on the digital service are
  advertisements.
         Sec. 509.056.  USE OF ALGORITHMS. A digital service
  provider that uses algorithms to automate the suggestion,
  promotion, or ranking of information to known minors on the digital
  service shall:
               (1)  ensure that the algorithm does not interfere with
  the digital service provider's duties under Section 509.053; and
               (2)  disclose in the digital service provider's terms
  of service, in a clear and accessible manner:
                     (A)  an overview of the manner in which the
  digital service uses algorithms to provide information to known
  minors; and
                     (B)  an overview of the manner in which those
  algorithms use data associated with a known minor.
         Sec. 509.057.  PROHIBITION ON LIMITING OR DISCONTINUING
  DIGITAL SERVICE. A digital service provider may not limit or
  discontinue a digital service provided to a known minor due to the
  nature of responses made by the known minor's parent or guardian
  under Section 509.051(f).
  SUBCHAPTER C. ENFORCEMENT
         Sec. 509.101.  DECEPTIVE TRADE PRACTICE. A violation of
  this chapter is a false, misleading, or deceptive act or practice as
  defined by Section 17.46(b). In addition to any remedy under this
  chapter, a remedy under Subchapter E, Chapter 17, is also available
  for a violation of this chapter.
         SECTION 3.  If any provision of this Act or its application
  to any person or circumstance is held invalid, the invalidity does
  not affect other provisions or applications of this Act that can be
  given effect without the invalid provision or application, and to
  this end the provisions of this Act are declared to be severable.
         SECTION 4.  This Act takes effect September 1, 2024.