[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 3330 Introduced in Senate (IS)]

<DOC>






117th CONGRESS
  1st Session
                                S. 3330

 To prohibit the use of exploitative and deceptive practices by large 
    online operators and to promote consumer welfare in the use of 
                 behavioral research by such providers.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            December 7, 2021

 Mr. Warner (for himself, Mrs. Fischer, Ms. Klobuchar, and Mr. Thune) 
introduced the following bill; which was read twice and referred to the 
           Committee on Commerce, Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
 To prohibit the use of exploitative and deceptive practices by large 
    online operators and to promote consumer welfare in the use of 
                 behavioral research by such providers.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Deceptive Experiences To Online 
Users Reduction Act'' or the ``DETOUR Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) Behavioral or psychological experiment or research.--
        The term ``behavioral or psychological experiment or research'' 
        means the study, including through human experimentation, of 
        overt or observable actions or mental phenomena inferred from 
        behavior, including interactions between and among individuals 
        and the activities of social groups.
            (2) Child.--The term ``child'' has the meaning given such 
        term in section 1302 of the Children's Online Privacy 
        Protection Act of 1998 (15 U.S.C. 6501).
            (3) Commission.--The term ``Commission'' means the Federal 
        Trade Commission.
            (4) Compulsive usage.--The term ``compulsive usage'' means 
        any response stimulated by external factors that causes an 
        individual to engage in repetitive behavior causing 
        psychological distress, loss of control, anxiety, depression, 
        or harmful stress responses.
            (5) Independent review board.--The term ``independent 
        review board'' means a board, committee, or other group that 
        serves to protect the welfare and privacy of users and is 
        formally designated by a large online operator to review, to 
        approve the initiation of, and to conduct periodic review of, 
        any research by, or at the direction or discretion of, a large 
        online operator, involving human subjects.
            (6) Informed consent.--The term ``informed consent''--
                    (A) means the express, affirmative consent freely 
                given by a user, in which such user is provided a clear 
                and conspicuous description--
                            (i) of a process by which a user is 
                        provided adequate information prior to being 
                        included in any behavioral or psychological 
                        experiment or research in order to allow for an 
                        informed decision about voluntary participation 
                        in such behavioral or psychological research 
                        experiment or research; and
                            (ii) ensuring the understanding by such 
                        user of the furnished information and any 
                        associated benefits, risks, or consequences of 
                        participation prior to obtaining the voluntary 
                        agreement to participate by the user; and
                    (B) does not include--
                            (i) the consent of a child; or
                            (ii) the consent to a provision contained 
                        in a general contract or service agreement.
            (7) Large online operator.--The term ``large online 
        operator'' means any person that--
                    (A) provides an online service;
                    (B) has more than 100,000,000 authenticated users 
                of an online service in any 30-day period; and
                    (C) is subject to the jurisdiction of the 
                Commission under the Federal Trade Commission Act (15 
                U.S.C. 41 et seq.).
            (8) Online service.--The term ``online service'' means a 
        website or a service, other than an internet access service, 
        that is made available to the public over the internet, 
        including a social network, a search engine, or an email 
        service.
            (9) User.--The term ``user'' means any individual who 
        engages with an online service.
            (10) User data.--The term ``user data'' means any 
        information relating to an identified or identifiable 
        individual user, whether directly submitted to the large online 
        operator by the user or derived from the observed activity of 
        the user by the large online operator.

SEC. 3. UNFAIR AND DECEPTIVE ACTS AND PRACTICES RELATING TO THE 
              MANIPULATION OF USER INTERFACES.

    (a) Conduct Prohibited.--It shall be unlawful for any large online 
operator--
            (1) to design, modify, or manipulate a user interface with 
        the purpose or substantial effect of obscuring, subverting, or 
        impairing user autonomy, decision-making, or choice to obtain 
        consent or user data;
            (2) to subdivide or segment consumers of online services 
        into groups for the purposes of behavioral or psychological 
        experiment or research of users of an online service, except 
        with the informed consent of each user involved; or
            (3) to design, modify, or manipulate a user interface on a 
        website or online service, or portion thereof, that is directed 
        to a child, with the purpose or substantial effect of causing, 
        increasing, or encouraging compulsive usage, inclusive of video 
        auto-play functions initiated without the consent of a user.
    (b) Duties of Large Online Operators.--Any large online operator 
that engages in any form of behavioral or psychological experiment or 
research based on the activity or data of its users shall do each of 
the following:
            (1) The large online operator shall disclose to its users 
        on a routine basis, but not less than once each 90 days, the 
        general purpose of any such behavioral or psychological 
        experiment or research, to each user whose user data is or was 
        during the previous 90-day period subject to or included in any 
        behavioral or psychological experiment or research.
            (2) The large online operator shall disclose to the public 
        on a routine basis, but not less than once each 90 days, any 
        experiments or studies with the purposes of promoting 
        engagement or product conversion being currently undertaken, or 
        concluded since the prior disclosure.
            (3) The large online operator shall present the disclosures 
        described in paragraphs (1) and (2) in a manner that--
                    (A) is clear, conspicuous, context-appropriate, and 
                easily accessible; and
                    (B) is not deceptively obscured.
            (4)(A) Subject to subparagraph (B), the large online 
        operator shall remove and delete all data obtained from 
        affected users in the course of behavioral or psychological 
        experiment or research if the large online operator--
                    (i) determines (or determines that it has reason to 
                believe) that the informed consent for the processing 
                of user data for such behavioral or psychological 
                experiment or research was inappropriately acquired 
                from such users; and
                    (ii) is unable to obtain within 2 business days of 
                such determination the appropriate informed consent.
            (B) If the large online operator is unable to remove and 
        delete user data pursuant to subparagraph (A), the large online 
        operator shall discontinue the related behavioral or 
        psychological experiment or research.
            (5) The large online operator shall establish an 
        Independent Review Board for any behavioral or psychological 
        experiment or research, of any purpose, conducted on users or 
        on the basis of user activity or data, which shall review and 
        have authority to approve, require modification in, or 
        disapprove all behavioral or psychological experiment or 
        research.
            (6) The large online operator shall ensure that any 
        Independent Review Board established under paragraph (5) shall 
        register with the Commission, including providing to the 
        Commission--
                    (A) the names and resumes of every Board member;
                    (B) the composition and reporting structure of the 
                Board to the management of the operator;
                    (C) the process by which the Board is to be 
                notified of proposed studies or modifications along 
                with the processes by which the board is capable of 
                vetoing or amending such proposals;
                    (D) any compensation provided to board members; and
                    (E) any conflict of interest that might exist 
                concerning a board member's participation in the Board.
    (c) Registered Professional Standards Body.--
            (1) In general.--An association of large online operators 
        may register as a professional standards body by filing with 
        the Commission an application for registration in such form as 
        the Commission, by rule, may prescribe containing the rules of 
        the association and such other information and documents as the 
        Commission, by rule, may prescribe as necessary or appropriate 
        in the public interest or for protecting the welfare of users 
        of large online operators.
            (2) Professional standards body.--An association of large 
        online operators may not register as a professional standards 
        body unless the Commission determines that--
                    (A) the association is so organized and has the 
                capacity to enforce compliance by its members and 
                persons associated with its members, with the 
                provisions of this Act;
                    (B) the rules of the association provide that any 
                large online operator may become a member of such 
                association;
                    (C) the rules of the association ensure a fair 
                representation of its members in the selection of its 
                directors and administration of its affairs and provide 
                that one or more directors shall be representative of 
                users and not be associated with, or receive any direct 
                or indirect funding from, a member of the association 
                or any large online operator;
                    (D) the rules of the association are designed to 
                prevent exploitative and manipulative acts or 
                practices, to promote transparent and fair principles 
                of technology development and design, to promote 
                research in keeping with best practices of study design 
                and informed consent, and to continually evaluate 
                industry practices and issue contractually binding 
                guidance consistent with the objectives of this Act;
                    (E) the rules of the association provide that its 
                members and persons associated with its members shall 
                be appropriately disciplined for violation of any 
                provision of this Act, the rules or regulations 
                thereunder, or the rules of the association, by 
                expulsion, suspension, limitation of activities, 
                functions, fine, censure, being suspended or barred 
                from being associated with a member, or any other 
                appropriate sanction; and
                    (F) the rules of the association are in accordance 
                with the provisions of this Act, and, in general, 
                provide a fair procedure for the disciplining of 
                members and persons associated with members, the denial 
                of membership to any person seeking membership therein, 
                the barring of any person from becoming associated with 
                a member thereof, and the prohibition or limitation by 
                the association of any person with respect to access to 
                services offered by the association or a member 
                thereof.
            (3) Responsibilities and activities.--
                    (A) Bright-line rules.--An association shall--
                            (i) develop, on a continuing basis, 
                        guidance and bright-line rules for the 
                        development and design of technology products 
                        of large online operators consistent with 
                        subparagraph (B); and
                            (ii) notify the Commission of such guidance 
                        and bright-line rules.
                    (B) Safe harbors.--In formulating guidance under 
                subparagraph (A), the association shall define conduct 
                that does not have the purpose or substantial effect of 
                subverting or impairing user autonomy, decision-making, 
                or choice, or of cultivating compulsive usage for a 
                child, such as--
                            (i) de minimis user interface changes 
                        derived from testing consumer preferences, 
                        including different styles, layouts, or text, 
                        where such changes are not done with the 
                        purpose of obtaining user consent or user data;
                            (ii) algorithms or data outputs outside the 
                        control of a large online operator or its 
                        affiliates; and
                            (iii) establishing default settings that 
                        provide enhanced privacy protection to users or 
                        otherwise enhance their autonomy and decision-
                        making ability.
    (d) Enforcement by the Commission.--
            (1) Unfair or deceptive acts or practices.--
                    (A) In general.--A violation of subsection (a) or 
                (b) shall be treated as a violation of a rule defining 
                an unfair or deceptive act or practice under section 
                18(a)(1)(B) of the Federal Trade Commission Act (15 
                U.S.C. 57a(a)(1)(B)).
                    (B) Determination.--For purposes of enforcement of 
                this Act, the Commission shall determine an act or 
                practice is unfair or deceptive if the act or 
                practice--
                            (i) has the purpose, or substantial effect, 
                        of subverting or impairing user autonomy, 
                        decision-making, or choice to obtain consent or 
                        user data; or
                            (ii) has the purpose, or substantial 
                        effect, of cultivating compulsive usage by a 
                        child.
            (2) Powers of the commission.--
                    (A) In general.--The Commission shall enforce this 
                Act and the regulations promulgated under this Act in 
                the same manner, by the same means, and with the same 
                jurisdiction, powers, and duties as though all 
                applicable terms and provisions of the Federal Trade 
                Commission Act (15 U.S.C. 41 et seq.) were incorporated 
                into and made a part of this Act.
                    (B) Privileges and immunities.--Any person who 
                violates this Act or a regulation promulgated under 
                this Act shall be subject to the penalties and entitled 
                to the privileges and immunities provided in the 
                Federal Trade Commission Act (15 U.S.C. 41 et seq.).
                    (C) Authority preserved.--Nothing in this Act shall 
                be construed to limit the authority of the Commission 
                under any other provision of law.
                    (D) Regulations.--Not later than 1 year after the 
                date of enactment of this Act, the Commission shall 
                promulgate regulations under section 553 of title 5, 
                United States Code, that--
                            (i) establish rules and procedures for 
                        obtaining the informed consent of users;
                            (ii) establish rules for the registration, 
                        formation, oversight, and management of the 
                        independent review boards, including standards 
                        that ensure effective independence of such 
                        entities from improper or undue influence by a 
                        large online operator;
                            (iii) establish rules for the registration, 
                        formation, oversight, and management of 
                        professional standards bodies, including 
                        procedures for the regular oversight of such 
                        bodies and revocation of their designation;
                            (iv) in consultation with a professional 
                        standards body established under subsection 
                        (c), define conduct that does not have the 
                        purpose or substantial effect of subverting or 
                        impairing user autonomy, decision-making, or 
                        choice, or of cultivating compulsive usage for 
                        a child, such as--
                                    (I) de minimis user interface 
                                changes derived from testing consumer 
                                preferences, including different 
                                styles, layouts, or text, where such 
                                changes are not done with the purpose 
                                of obtaining user consent or user data;
                                    (II) algorithms or data outputs 
                                outside the control of a large online 
                                operator or its affiliates; and
                                    (III) establishing default settings 
                                that provide enhanced privacy 
                                protection to users or otherwise 
                                enhance their autonomy and decision-
                                making ability.
            (3) Safe harbor.--The Commission may not bring an 
        enforcement action under this Act against any large online 
        operator that relied in good faith on the guidance of a 
        professional standards body.
                                 <all>