Balancing the Rights Of Web Surfers Equally and Responsibly Act of 2017 or the BROWSER Act of 2017
This bill authorizes the Federal Trade Commission to enforce information privacy protections that require broadband Internet access services and certain websites or mobile applications providing subscription, account, purchase, or search engine services to allow users to opt-in or opt-out of the use, disclosure, or access to their user information depending on the sensitivity of the information.
Opt-in approval through the user's express consent must be obtained for the use of sensitive information that is:
Opt-out approval must be provided for the use of non-sensitive user information under a method in which users are deemed to have consented if they fail to object after being provided notice of privacy policies.
The bill allows a service provider to use information without approval for specified purposes, including for services necessary for provision of the service and to initiate, render, bill, and collect for the service.
Service providers must allow users to grant, deny, or withdraw approval at any time.
The bill prohibits providers from conditioning service on a user's agreement to waive privacy rights.
[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2520 Introduced in House (IH)]
<DOC>
115th CONGRESS
1st Session
H. R. 2520
To require providers of broadband internet access service and edge
services to clearly and conspicuously notify users of the privacy
policies of such providers, to give users opt-in or opt-out approval
rights with respect to the use of, disclosure of, and access to user
information collected by such providers based on the level of
sensitivity of such information, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 18, 2017
Mrs. Blackburn (for herself, Mr. Fitzpatrick, and Mr. Flores)
introduced the following bill; which was referred to the Committee on
Energy and Commerce
_______________________________________________________________________
A BILL
To require providers of broadband internet access service and edge
services to clearly and conspicuously notify users of the privacy
policies of such providers, to give users opt-in or opt-out approval
rights with respect to the use of, disclosure of, and access to user
information collected by such providers based on the level of
sensitivity of such information, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Balancing the Rights Of Web Surfers
Equally and Responsibly Act of 2017'' or the ``BROWSER Act of 2017''.
SEC. 2. NOTICE OF PRIVACY POLICIES.
(a) In General.--A provider of a covered service shall provide the
users of the service with notice of the privacy policies of the
provider with respect to the service. Such notice shall be clear and
conspicuous.
(b) Availability to Prospective Users.--The notice required by
subsection (a) shall be made available to prospective users--
(1) at the point of sale of, subscription to, or
establishment of an account for the covered service, prior to
such sale, subscription, or establishment, whether such point
of sale, subscription, or establishment is in person, online,
over the telephone, or through another means; or
(2) if there is no such sale, subscription, or
establishment, before the user uses the service.
(c) Persistent Availability.--The notice required by subsection (a)
shall be made persistently available.
(d) Material Changes.--A provider of a covered service shall
provide users with advance notice of any material change to the privacy
policies of the provider. The notice required by this subsection shall
be clear and conspicuous.
SEC. 3. USER OPT-IN OR OPT-OUT APPROVAL RIGHTS BASED ON SENSITIVITY OF
INFORMATION.
(a) Opt-In Approval Required for Sensitive User Information.--
Except as provided in subsection (c), a provider of a covered service
shall obtain opt-in approval from a user to use, disclose, or permit
access to the sensitive user information of the user.
(b) Opt-Out Approval Required for Non-Sensitive User Information.--
Except as provided in subsection (c)--
(1) a provider of a covered service shall obtain opt-out
approval from a user to use, disclose, or permit access to any
of the non-sensitive user information of the user; or
(2) if the provider so chooses, the provider may comply
with the requirement of paragraph (1) by obtaining opt-in
approval from the user to use, disclose, or permit access to
any such non-sensitive user information.
(c) Limitations and Exceptions.--A provider of a covered service
may use, disclose, or permit access to user information without user
approval for the following purposes:
(1) In providing the covered service from which such
information is derived, or in providing services necessary to,
or used in, the provision of such service.
(2) To initiate, render, bill, and collect for the covered
service.
(3) To protect the rights or property of the provider, or
to protect users of the covered service and other service
providers from fraudulent, abusive, or unlawful use of the
service.
(4) To provide location information or non-sensitive user
information--
(A) to a public safety answering point, emergency
medical service provider or emergency dispatch
provider, public safety, fire service, or law
enforcement official, or hospital emergency or trauma
care facility, in order to respond to the request of
the user for emergency services;
(B) to inform the legal guardian of the user, or
members of the immediate family of the user, of the
location of the user in an emergency situation that
involves the risk of death or serious physical harm; or
(C) to providers of information or database
management services solely for purposes of assisting in
the delivery of emergency services in response to an
emergency.
(5) As otherwise required or authorized by law.
(d) Mechanism for Exercising User Approval.--
(1) In general.--A provider of a covered service shall make
available a simple, easy-to-use mechanism for users to grant,
deny, or withdraw opt-in approval or opt-out approval at any
time.
(2) Form and manner.--The mechanism required by paragraph
(1) shall be--
(A) clear and conspicuous; and
(B) made available--
(i) at no additional cost to the user; and
(ii) in a language other than English, if
the provider transacts business with the user
in such other language.
(3) Effect.--The grant, denial, or withdrawal of opt-in
approval or opt-out approval by a user shall--
(A) be given effect promptly; and
(B) remain in effect until the user revokes or
limits such grant, denial, or withdrawal of approval.
SEC. 4. SERVICE OFFERS CONDITIONED ON WAIVERS OF PRIVACY RIGHTS.
A provider of a covered service may not--
(1) condition, or effectively condition, provision of such
service on agreement by a user to waive privacy rights
guaranteed by law or regulation, including this Act; or
(2) terminate such service or otherwise refuse to provide
such service as a direct or indirect consequence of the refusal
of a user to waive any such privacy rights.
SEC. 5. ENFORCEMENT BY FEDERAL TRADE COMMISSION.
(a) General Application.--The requirements of this Act apply,
according to their terms, to--
(1) those persons, partnerships, and corporations over
which the Commission has authority pursuant to section 5(a)(2)
of the Federal Trade Commission Act (15 U.S.C. 45(a)(2)); and
(2) providers of broadband internet access service,
notwithstanding the exception in such section for common
carriers subject to the Communications Act of 1934 (47 U.S.C.
151 et seq.).
(b) Unfair or Deceptive Acts or Practices.--A violation of this Act
shall be treated as an unfair or deceptive act or practice in or
affecting commerce for purposes of section 5(a)(2) of the Federal Trade
Commission Act (15 U.S.C. 45(a)(2)).
(c) Powers of Commission.--Except as provided in subsection (a)(2)
of this section--
(1) the Commission shall enforce this Act in the same
manner, by the same means, and with the same jurisdiction,
powers, and duties as though all applicable terms and
provisions of the Federal Trade Commission Act (15 U.S.C. 41 et
seq.) were incorporated into and made a part of this Act; and
(2) any person who violates this Act shall be subject to
the penalties and entitled to the privileges and immunities
provided in the Federal Trade Commission Act.
SEC. 6. DEFINITIONS.
In this Act:
(1) Broadband internet access service.--
(A) In general.--The term ``broadband internet
access service'' means a mass-market retail service by
wire or radio that provides the capability to transmit
data to and receive data from all or substantially all
internet endpoints, including any capabilities that are
incidental to and enable the operation of the
communications service, but excluding dial-up internet
access service.
(B) Functional equivalent; evasion.--Such term also
includes any service that--
(i) the Commission finds to be providing a
functional equivalent of the service described
in subparagraph (A); or
(ii) is used to evade the protections set
forth in this Act.
(2) Commission.--The term ``Commission'' means the Federal
Trade Commission.
(3) Covered service.--The term ``covered service'' means--
(A) broadband internet access service; or
(B) an edge service.
(4) Edge service.--The term ``edge service''--
(A) means a service provided over the internet--
(i) for which the provider requires the
user to subscribe or establish an account in
order to use the service;
(ii) that the user purchases from the
provider of the service without a subscription
or account;
(iii) by which a program searches for and
identifies items in a database that correspond
to keywords or characters specified by the
user, used especially for finding particular
sites on the World Wide Web; or
(iv) by which the user divulges sensitive
user information; and
(B) includes a service described in subparagraph
(A) that is provided through a software program,
including a mobile application.
(5) Emergency services.--The term ``emergency services''
has the meaning given such term in section 222 of the
Communications Act of 1934 (47 U.S.C. 222).
(6) Material.--The term ``material'' means, with respect to
a change in a privacy policy of a provider of a covered
service, any change in such policy that a user of the service,
acting reasonably under the circumstances, would consider
important to the decisions of the user regarding the privacy of
the user, including any change to information required to be
included in a privacy notice under section 2.
(7) Mobile application.--The term ``mobile application''
means a software program that runs on the operating system of a
mobile device.
(8) Non-sensitive user information.--The term ``non-
sensitive user information'' means any user information that is
not sensitive user information.
(9) Opt-in approval.--The term ``opt-in approval'' means a
method for obtaining from a user of a covered service consent
to use, disclose, or permit access to sensitive user
information under which the provider of the service obtains
express consent allowing the requested usage, disclosure, or
access to the sensitive user information.
(10) Opt-out approval.--The term ``opt-out approval'' means
a method for obtaining from a user of a covered service consent
to use, disclose, or permit access to non-sensitive user
information under which the user is deemed to have consented to
the use, disclosure, or access to the non-sensitive user
information if the user has failed to object to such use,
disclosure, or access.
(11) Public safety answering point.--The term ``public
safety answering point'' has the meaning given such term in
section 222 of the Communications Act of 1934 (47 U.S.C. 222).
(12) Sensitive user information.--The term ``sensitive user
information'' includes any of the following:
(A) Financial information.
(B) Health information.
(C) Information pertaining to children under the
age of 13.
(D) Social Security number.
(E) Precise geo-location information.
(F) Content of communications.
(G) Web browsing history, history of usage of a
software program (including a mobile application), and
the functional equivalents of either.
(13) State.--The term ``State'' means each of the several
States, the District of Columbia, the Commonwealth of Puerto
Rico, Guam, American Samoa, the Virgin Islands of the United
States, the Commonwealth of the Northern Mariana Islands, any
other territory or possession of the United States, and each
federally recognized Indian Tribe.
(14) User.--The term ``user'' means, with respect to a
covered service, a person who--
(A) is a current or former--
(i) subscriber to such service; or
(ii) holder of an account for such service;
(B) purchases such service without a subscription
or account;
(C) is an applicant for such service; or
(D) in the case of a service described in clause
(iii) or (iv) of paragraph (4)(A), uses the service.
(15) User information.--The term ``user information'' means
any information that--
(A) a provider of a covered service acquires in
connection with the provision of such service; and
(B) is linked or reasonably linkable to an
individual.
SEC. 7. RELATIONSHIP TO OTHER LAW.
(a) Preemption of State Law.--No State or political subdivision of
a State shall, with respect to a provider of a covered service subject
to this Act, adopt, maintain, enforce, or impose or continue in effect
any law, rule, regulation, duty, requirement, standard, or other
provision having the force and effect of law relating to or with
respect to the privacy of user information.
(b) Other Federal Law.--
(1) In general.--Except as provided in paragraph (2),
nothing in this Act shall be construed to supercede any other
Federal statute or regulation relating to information privacy.
(2) Communications act of 1934.--Insofar as any provision
of the Communications Act of 1934 (47 U.S.C. 151 et seq.) or
any regulations promulgated under such Act apply to any person,
partnership, or corporation subject to this Act with respect to
privacy policies, terms of service, and practices covered by
this Act, such provision of the Communications Act of 1934 or
such regulations shall have no force or effect, unless such
regulations pertain to emergency services.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Energy and Commerce.
Referred to the Subcommittee on Digital Commerce and Consumer Protection.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line