[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H. Res. 1039 Introduced in House (IH)]

<DOC>






115th CONGRESS
  2d Session
H. RES. 1039

 Encouraging edge providers, broadband providers, and data brokers to 
          include certain data protections in their policies.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             July 31, 2018

Mr. Poe of Texas submitted the following resolution; which was referred 
                to the Committee on Energy and Commerce

_______________________________________________________________________

                               RESOLUTION


 
 Encouraging edge providers, broadband providers, and data brokers to 
          include certain data protections in their policies.

Whereas numerous data breaches and invasions of privacy have eroded the American 
        public's confidence in the privacy protections of their data; and
Whereas this lack of confidence has eroded the perception of data security for 
        United States companies both domestically and internationally: Now, 
        therefore, be it
    Resolved, That the House encourages edge providers, broadband 
providers, and data brokers to include in their data protection 
policies--
            (1) requirements that--
                    (A) data processors have a legal basis for 
                processing the data of users;
                    (B) opt-in, freely given, specific, informed, and 
                unambiguous consent from users be a primary legal basis 
                for purposes of subparagraph (A);
                    (C) data processors design their systems in a way 
                that--
                            (i) minimizes the processing of data to 
                        only what is necessary for the specific purpose 
                        stated to the individual; and
                            (ii) by default, protects personal 
                        information from being used for other purposes;
                    (D) entities processing the data of children 
                institute special protections, particularly with 
                reference to the use of the data of children for 
                marketing purposes;
                    (E) data processors and controllers ensure 
                compliance with relevant privacy rules; and
                    (F) data processors implement appropriate oversight 
                over third-party data processors; and
            (2) the right of an individual--
                    (A) to revoke consent for data processing at any 
                time;
                    (B) not to be subject to automated decisionmaking, 
                including profiling, without human intervention if the 
                decisionmaking has legal or otherwise significant 
                effects on the individual;
                    (C) to know which entities have access to the data 
                of the individual and how that data are being used;
                    (D) to correct the data of the individual if it is 
                inaccurate or incomplete; and
                    (E) to obtain and reuse the data of the individual 
                for the purposes of the individual across other 
                services.
                                 <all>