| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the use of safety management software for children on |
|
|
large social media platforms. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. This Act may be cited as Sammy's Law. |
|
|
SECTION 2. Chapter 509, Business & Commerce Code, as added |
|
|
by Chapter 795 (H.B. 18), Acts of the 88th Legislature, Regular |
|
|
Session, 2023, is amended by adding Subchapter C-1 to read as |
|
|
follows: |
|
|
SUBCHAPTER C-1. SAFETY MANAGEMENT SOFTWARE FOR SOCIAL MEDIA |
|
|
Sec. 509.121. DEFINITIONS. In this subchapter: |
|
|
(1) "Child" means an individual who is under 17 years |
|
|
of age. |
|
|
(2) "Department" means the Department of Information |
|
|
Resources. |
|
|
(3) "Large social media platform" means a social media |
|
|
platform to which Chapter 120 applies. |
|
|
(4) "Third-party safety software provider" means an |
|
|
entity that provides software designed to manage online |
|
|
interactions, content, and account settings for the safety of |
|
|
children. |
|
|
(5) "User data" means any information needed to have a |
|
|
profile on a large social media platform or content on a large |
|
|
social media platform, including images, video, audio, or text, |
|
|
that is created by or sent to a child on or through the child's |
|
|
account with the platform. |
|
|
Sec. 509.122. REQUIREMENTS FOR LARGE SOCIAL MEDIA |
|
|
PLATFORMS. (a) A large social media platform shall create, |
|
|
maintain, and make available to third-party safety software |
|
|
providers a set of real-time application programming interfaces |
|
|
that allow a child or a parent or legal guardian of a child to |
|
|
delegate permission to a third-party safety software provider to |
|
|
manage the online interactions, content, and account settings of |
|
|
the child on the large social media platform on the same terms as |
|
|
the child. |
|
|
(b) The application programming interfaces must be designed |
|
|
to allow third-party safety software providers to effectively |
|
|
manage and monitor a child's online activities and provide |
|
|
protections against cyberbullying, human trafficking, illegal drug |
|
|
distribution, sexual harassment, and violence. |
|
|
(c) A large social media platform shall establish and |
|
|
implement reasonable policies, practices, and procedures regarding |
|
|
the secure transfer of user data to third-party safety software |
|
|
providers. |
|
|
(d) In the case of a delegation made by a child or a parent |
|
|
or legal guardian of a child under this section, the large social |
|
|
media platform shall disclose to the child and the parent or legal |
|
|
guardian of the child that the delegation has been made and provide |
|
|
a summary of the user data that has been transferred to the |
|
|
third-party safety software provider. |
|
|
Sec. 509.123. IMPLEMENTATION BY DEPARTMENT. The department |
|
|
shall: |
|
|
(1) oversee the implementation of this subchapter; |
|
|
(2) establish guidelines and standards for the |
|
|
application programming interfaces and ensure compliance by large |
|
|
social media platforms; |
|
|
(3) conduct regular audits and assessments to ensure |
|
|
that large social media platforms are in compliance with the |
|
|
requirements of this subchapter; and |
|
|
(4) provide resources and support to parents and legal |
|
|
guardians using third-party safety software services to effectuate |
|
|
the protection of children from dangers including cyberbullying, |
|
|
human trafficking, illegal drug distribution, sexual harassment, |
|
|
and violence on large social media platforms. |
|
|
Sec. 509.124. REPORTING REQUIREMENTS. (a) A large social |
|
|
media platform shall submit an annual report not later than January |
|
|
1 to the department detailing the platform's compliance with the |
|
|
requirements of this subchapter. |
|
|
(b) The department shall submit an annual summary of all |
|
|
reports submitted by large social media platforms under this |
|
|
section not later than February 1 to the governor, the lieutenant |
|
|
governor, the speaker of the house of representatives, and each |
|
|
standing committee of the legislature with primary jurisdiction |
|
|
over large social media platforms highlighting the effectiveness of |
|
|
this subchapter and any areas needing improvement. |
|
|
Sec. 509.125. AUTHENTICATION. The department shall: |
|
|
(1) issue guidance to facilitate the ability of a |
|
|
third-party safety software provider to obtain user data or access |
|
|
in a manner that ensures that a request for user data or access on |
|
|
behalf of a child is a verifiable request; and |
|
|
(2) issue guidance for large social media platforms |
|
|
and third-party safety software providers regarding the |
|
|
maintenance of reasonable safety standards to protect user data. |
|
|
Sec. 509.126. LIMITATION OF LIABILITY. In any civil action |
|
|
other than an action brought by the attorney general under |
|
|
Subchapter D, a large social media platform provider may not be held |
|
|
liable for damages arising out of the transfer of user data to a |
|
|
third-party safety software provider if the large social media |
|
|
platform has in good faith complied with the requirements of this |
|
|
subchapter and the guidance issued by the department under this |
|
|
subchapter. |
|
|
Sec. 509.127. USER DATA DISCLOSURE. A third-party safety |
|
|
software provider may not disclose any user data obtained under |
|
|
this subchapter to another person except: |
|
|
(1) under a lawful request from a governmental body, |
|
|
including for law enforcement purposes or for judicial or |
|
|
administrative proceedings; |
|
|
(2) to the extent that the disclosure is required by |
|
|
law and the disclosure complies with and is limited to the relevant |
|
|
requirements of such law; |
|
|
(3) to the child or a parent or legal guardian of the |
|
|
child who made a delegation under this subchapter and whose data is |
|
|
at issue, with the third-party safety software provider making a |
|
|
good faith effort to ensure that the disclosure includes only the |
|
|
user data necessary for a reasonable parent or guardian to |
|
|
understand that the child is experiencing or is at foreseeable risk |
|
|
to experience harm; |
|
|
(4) in the case of a reasonably foreseeable serious |
|
|
and imminent threat to the health or safety of any individual, if |
|
|
the disclosure is made to a person or persons reasonably able to |
|
|
prevent or lessen the threat; and |
|
|
(5) to a public health authority or other appropriate |
|
|
government authority authorized by law to receive reports of child |
|
|
abuse or neglect. |
|
|
Sec. 509.128. DISCLOSURE REPORTING. A third-party safety |
|
|
software provider that makes a disclosure permitted by this |
|
|
subchapter shall promptly inform the child with respect to whose |
|
|
account the delegation was made and the parent or legal guardian |
|
|
that a disclosure has been or will be made, unless: |
|
|
(1) the third-party safety software provider, in the |
|
|
exercise of professional judgment, believes informing the child or |
|
|
parent or legal guardian would place the child at risk of serious |
|
|
harm; or |
|
|
(2) the third-party safety software provider is |
|
|
prohibited by law from informing the child or parent or legal |
|
|
guardian. |
|
|
Sec. 509.129. CONFLICT WITH OTHER LAW. To the extent of any |
|
|
conflict between this subchapter and another provision of this |
|
|
chapter, this subchapter controls. |
|
|
SECTION 3. This Act takes effect September 1, 2025. |