

115 HR 2520 IH: Balancing the Rights Of Web Surfers Equally and Responsibly Act of 2017
U.S. House of Representatives
2017-05-18
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I115th CONGRESS1st SessionH. R. 2520IN THE HOUSE OF REPRESENTATIVESMay 18, 2017Mrs. Blackburn (for herself, Mr. Fitzpatrick, and Mr. Flores) introduced the following bill; which was referred to the Committee on Energy and CommerceA BILLTo require providers of broadband internet access service and edge services to clearly and
			 conspicuously notify users of the privacy policies of such providers, to
			 give users opt-in or opt-out approval rights with respect to the use of,
			 disclosure of, and access to user information collected by such providers
			 based on the level of sensitivity of such information, and for other
			 purposes.
	
 1.Short titleThis Act may be cited as the Balancing the Rights Of Web Surfers Equally and Responsibly Act of 2017 or the BROWSER Act of 2017. 2.Notice of privacy policies (a)In generalA provider of a covered service shall provide the users of the service with notice of the privacy policies of the provider with respect to the service. Such notice shall be clear and conspicuous.
 (b)Availability to prospective usersThe notice required by subsection (a) shall be made available to prospective users— (1)at the point of sale of, subscription to, or establishment of an account for the covered service, prior to such sale, subscription, or establishment, whether such point of sale, subscription, or establishment is in person, online, over the telephone, or through another means; or
 (2)if there is no such sale, subscription, or establishment, before the user uses the service. (c)Persistent availabilityThe notice required by subsection (a) shall be made persistently available.
 (d)Material changesA provider of a covered service shall provide users with advance notice of any material change to the privacy policies of the provider. The notice required by this subsection shall be clear and conspicuous.
			3.User opt-in or opt-out approval rights based on sensitivity of information
 (a)Opt-In approval required for sensitive user informationExcept as provided in subsection (c), a provider of a covered service shall obtain opt-in approval from a user to use, disclose, or permit access to the sensitive user information of the user.
 (b)Opt-Out approval required for non-Sensitive user informationExcept as provided in subsection (c)— (1)a provider of a covered service shall obtain opt-out approval from a user to use, disclose, or permit access to any of the non-sensitive user information of the user; or
 (2)if the provider so chooses, the provider may comply with the requirement of paragraph (1) by obtaining opt-in approval from the user to use, disclose, or permit access to any such non-sensitive user information.
 (c)Limitations and exceptionsA provider of a covered service may use, disclose, or permit access to user information without user approval for the following purposes:
 (1)In providing the covered service from which such information is derived, or in providing services necessary to, or used in, the provision of such service.
 (2)To initiate, render, bill, and collect for the covered service. (3)To protect the rights or property of the provider, or to protect users of the covered service and other service providers from fraudulent, abusive, or unlawful use of the service.
 (4)To provide location information or non-sensitive user information— (A)to a public safety answering point, emergency medical service provider or emergency dispatch provider, public safety, fire service, or law enforcement official, or hospital emergency or trauma care facility, in order to respond to the request of the user for emergency services;
 (B)to inform the legal guardian of the user, or members of the immediate family of the user, of the location of the user in an emergency situation that involves the risk of death or serious physical harm; or
 (C)to providers of information or database management services solely for purposes of assisting in the delivery of emergency services in response to an emergency.
 (5)As otherwise required or authorized by law. (d)Mechanism for exercising user approval (1)In generalA provider of a covered service shall make available a simple, easy-to-use mechanism for users to grant, deny, or withdraw opt-in approval or opt-out approval at any time.
 (2)Form and mannerThe mechanism required by paragraph (1) shall be— (A)clear and conspicuous; and
 (B)made available— (i)at no additional cost to the user; and
 (ii)in a language other than English, if the provider transacts business with the user in such other language.
 (3)EffectThe grant, denial, or withdrawal of opt-in approval or opt-out approval by a user shall— (A)be given effect promptly; and
 (B)remain in effect until the user revokes or limits such grant, denial, or withdrawal of approval. 4.Service offers conditioned on waivers of privacy rightsA provider of a covered service may not—
 (1)condition, or effectively condition, provision of such service on agreement by a user to waive privacy rights guaranteed by law or regulation, including this Act; or
 (2)terminate such service or otherwise refuse to provide such service as a direct or indirect consequence of the refusal of a user to waive any such privacy rights.
			5.Enforcement by Federal Trade Commission
 (a)General applicationThe requirements of this Act apply, according to their terms, to— (1)those persons, partnerships, and corporations over which the Commission has authority pursuant to section 5(a)(2) of the Federal Trade Commission Act (15 U.S.C. 45(a)(2)); and
 (2)providers of broadband internet access service, notwithstanding the exception in such section for common carriers subject to the Communications Act of 1934 (47 U.S.C. 151 et seq.).
 (b)Unfair or deceptive acts or practicesA violation of this Act shall be treated as an unfair or deceptive act or practice in or affecting commerce for purposes of section 5(a)(2) of the Federal Trade Commission Act (15 U.S.C. 45(a)(2)).
 (c)Powers of CommissionExcept as provided in subsection (a)(2) of this section— (1)the Commission shall enforce this Act in the same manner, by the same means, and with the same jurisdiction, powers, and duties as though all applicable terms and provisions of the Federal Trade Commission Act (15 U.S.C. 41 et seq.) were incorporated into and made a part of this Act; and
 (2)any person who violates this Act shall be subject to the penalties and entitled to the privileges and immunities provided in the Federal Trade Commission Act.
 6.DefinitionsIn this Act: (1)Broadband internet access service (A)In generalThe term broadband internet access service means a mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all internet endpoints, including any capabilities that are incidental to and enable the operation of the communications service, but excluding dial-up internet access service.
 (B)Functional equivalent; evasionSuch term also includes any service that— (i)the Commission finds to be providing a functional equivalent of the service described in subparagraph (A); or
 (ii)is used to evade the protections set forth in this Act. (2)CommissionThe term Commission means the Federal Trade Commission.
 (3)Covered serviceThe term covered service means— (A)broadband internet access service; or
 (B)an edge service. (4)Edge serviceThe term edge service—
 (A)means a service provided over the internet— (i)for which the provider requires the user to subscribe or establish an account in order to use the service;
 (ii)that the user purchases from the provider of the service without a subscription or account; (iii)by which a program searches for and identifies items in a database that correspond to keywords or characters specified by the user, used especially for finding particular sites on the World Wide Web; or
 (iv)by which the user divulges sensitive user information; and (B)includes a service described in subparagraph (A) that is provided through a software program, including a mobile application.
 (5)Emergency servicesThe term emergency services has the meaning given such term in section 222 of the Communications Act of 1934 (47 U.S.C. 222). (6)MaterialThe term material means, with respect to a change in a privacy policy of a provider of a covered service, any change in such policy that a user of the service, acting reasonably under the circumstances, would consider important to the decisions of the user regarding the privacy of the user, including any change to information required to be included in a privacy notice under section 2.
 (7)Mobile applicationThe term mobile application means a software program that runs on the operating system of a mobile device. (8)Non-sensitive user informationThe term non-sensitive user information means any user information that is not sensitive user information.
 (9)Opt-in approvalThe term opt-in approval means a method for obtaining from a user of a covered service consent to use, disclose, or permit access to sensitive user information under which the provider of the service obtains express consent allowing the requested usage, disclosure, or access to the sensitive user information.
 (10)Opt-out approvalThe term opt-out approval means a method for obtaining from a user of a covered service consent to use, disclose, or permit access to non-sensitive user information under which the user is deemed to have consented to the use, disclosure, or access to the non-sensitive user information if the user has failed to object to such use, disclosure, or access.
 (11)Public safety answering pointThe term public safety answering point has the meaning given such term in section 222 of the Communications Act of 1934 (47 U.S.C. 222). (12)Sensitive user informationThe term sensitive user information includes any of the following:
 (A)Financial information. (B)Health information.
 (C)Information pertaining to children under the age of 13. (D)Social Security number.
 (E)Precise geo-location information. (F)Content of communications.
 (G)Web browsing history, history of usage of a software program (including a mobile application), and the functional equivalents of either.
 (13)StateThe term State means each of the several States, the District of Columbia, the Commonwealth of Puerto Rico, Guam, American Samoa, the Virgin Islands of the United States, the Commonwealth of the Northern Mariana Islands, any other territory or possession of the United States, and each federally recognized Indian Tribe.
 (14)UserThe term user means, with respect to a covered service, a person who— (A)is a current or former—
 (i)subscriber to such service; or (ii)holder of an account for such service;
 (B)purchases such service without a subscription or account; (C)is an applicant for such service; or
 (D)in the case of a service described in clause (iii) or (iv) of paragraph (4)(A), uses the service. (15)User informationThe term user information means any information that—
 (A)a provider of a covered service acquires in connection with the provision of such service; and (B)is linked or reasonably linkable to an individual.
				7.Relationship to other law
 (a)Preemption of State lawNo State or political subdivision of a State shall, with respect to a provider of a covered service subject to this Act, adopt, maintain, enforce, or impose or continue in effect any law, rule, regulation, duty, requirement, standard, or other provision having the force and effect of law relating to or with respect to the privacy of user information.
			(b)Other Federal law
 (1)In generalExcept as provided in paragraph (2), nothing in this Act shall be construed to supercede any other Federal statute or regulation relating to information privacy.
 (2)Communications Act of 1934Insofar as any provision of the Communications Act of 1934 (47 U.S.C. 151 et seq.) or any regulations promulgated under such Act apply to any person, partnership, or corporation subject to this Act with respect to privacy policies, terms of service, and practices covered by this Act, such provision of the Communications Act of 1934 or such regulations shall have no force or effect, unless such regulations pertain to emergency services.
				