Connecticut 2025 Regular Session

Connecticut House Bill HB05474 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1	1
2	2
3		-	LCO 5327 1 of 7
	3	+
	4	+	LCO No. 5327 1 of 7
4	5
5	6		General Assembly Committee Bill No. 5474
6	7		January Session, 2025
7	8		LCO No. 5327
8	9
9	10
10	11		Referred to Committee on COMMITTEE ON CHILDREN
11	12
12	13
13	14		Introduced by:
14	15		(KID)
15	16
16	17
17	18
18	19		AN ACT CONCERNING SOCIAL MEDIA PLATFORMS AND MINORS.
19	20		Be it enacted by the Senate and House of Representatives in General
20	21		Assembly convened:
21	22
22	23		Section 1. (NEW) (Effective October 1, 2025) (a) As used in this section: 1
23	24		(1) "Consumer" means an individual who is a resident of this state 2
24	25		and a user of a social media platform; 3
25	26		(2) "Cyberbullying" means any unwanted and aggressive behavior on 4
26	27		a social media platform; 5
27	28		(3) "Mental health services" has the same meaning as provided in 6
28	29		section 19a-498c of the general statutes; 7
29	30		(4) "Owner" means a person who owns a social media platform; 8
30	31		(5) "Person" means an individual, association, corporation, limited 9
31	32		liability company, partnership, trust or other legal entity; and 10
32	33		(6) "Social media platform" has the same meaning as provided in 11
33		-	section 42-528 of the general statutes. 12 Committee Bill No. 5474
	34	+	section 42-528 of the general statutes. 12
	35	+	(b) Not later than January 1, 2026, each owner of a social media 13
	36	+	Committee Bill No. 5474
34	37
35	38
36		-	LCO 5327 2 of 7
	39	+	LCO No. 5327 2 of 7
37	40
38		-	(b) Not later than January 1, 2026, each owner of a social media 13
39	41		platform shall incorporate an online safety center into the social media 14
40	42		platform. Each online safety center shall, at a minimum, provide the 15
41	43		consumers who use such social media platform with: 16
42	44		(1) Resources for the purposes of (A) preventing cyberbullying on 17
43	45		such social media platform, and (B) enabling each consumer to identify 18
44	46		any means available to such consumer to obtain mental health services, 19
45	47		including, but not limited to, an Internet web site address or telephone 20
46	48		number where such consumer may obtain mental health services for the 21
47	49		treatment of an anxiety disorder or the prevention of suicide; 22
48	50		(2) An explanation of such social media platform's mechanism for 23
49	51		reporting harmful or unwanted behavior, including, but not limited to, 24
50	52		cyberbullying, on such social media platform; and 25
51	53		(3) Educational information concerning the impact that social media 26
52	54		platforms have on users' mental health. 27
53	55		(c) Not later than January 1, 2026, each owner of a social media 28
54	56		platform shall establish a cyberbullying policy for the social media 29
55	57		platform. Such policy shall, at a minimum, set forth the manner in which 30
56	58		such owner handles reports of cyberbullying on such social media 31
57	59		platform. 32
58	60		Sec. 2. Section 42-529 of the general statutes is repealed and the 33
59	61		following is substituted in lieu thereof (Effective October 1, 2025): 34
60	62		For the purposes of this section and sections 42-529a to 42-529e, 35
61	63		inclusive, as amended by this act: 36
62	64		(1) "Adult" means any individual who is at least eighteen years of age; 37
63	65		(2) "Consent" has the same meaning as provided in section 42-515; 38
64	66		(3) "Consumer" has the same meaning as provided in section 42-515; 39
65		-	(4) "Controller" has the same meaning as provided in section 42-515; 40 Committee Bill No. 5474
	67	+	(4) "Controller" has the same meaning as provided in section 42-515; 40
	68	+	Committee Bill No. 5474
66	69
67	70
68		-	LCO 5327 3 of 7
	71	+	LCO No. 5327 3 of 7
69	72
70	73		(5) "Heightened risk of harm to minors" means processing minors' 41
71	74		personal data in a manner that presents any reasonably foreseeable risk 42
72	75		of (A) any unfair or deceptive treatment of, or any unlawful disparate 43
73	76		impact on, minors, (B) any financial, physical or reputational injury to 44
74	77		minors, [or] (C) any physical or other intrusion upon the solitude or 45
75	78		seclusion, or the private affairs or concerns, of minors if such intrusion 46
76	79		would be offensive to a reasonable person, or (D) any harm to the 47
77	80		physical or mental health of minors; 48
78	81		(6) "HIPAA" has the same meaning as provided in section 42-515; 49
79	82		(7) "Minor" means any consumer who is younger than eighteen years 50
80	83		of age; 51
81	84		(8) "Online service, product or feature" means any service, product or 52
82	85		feature that is provided online. "Online service, product or feature" does 53
83	86		not include any (A) telecommunications service, as defined in 47 USC 54
84	87		153, as amended from time to time, (B) broadband Internet access 55
85	88		service, as defined in 47 CFR 54.400, as amended from time to time, or 56
86	89		(C) delivery or use of a physical product; 57
87	90		(9) "Person" has the same meaning as provided in section 42-515; 58
88	91		(10) "Personal data" has the same meaning as provided in section 42-59
89	92		515; 60
90	93		(11) "Precise geolocation data" has the same meaning as provided in 61
91	94		section 42-515; 62
92	95		(12) "Process" and "processing" have the same meaning as provided 63
93	96		in section 42-515; 64
94	97		(13) "Processor" has the same meaning as provided in section 42-515; 65
95	98		(14) "Profiling" has the same meaning as provided in section 42-515; 66
96	99		(15) "Protected health information" has the same meaning as 67
97		-	provided in section 42-515; 68 Committee Bill No. 5474
	100	+	provided in section 42-515; 68
	101	+	Committee Bill No. 5474
98	102
99	103
100		-	LCO 5327 4 of 7
	104	+	LCO No. 5327 4 of 7
101	105
102	106		(16) "Sale of personal data" has the same meaning as provided in 69
103	107		section 42-515; 70
104	108		(17) "Targeted advertising" has the same meaning as provided in 71
105	109		section 42-515; and 72
106	110		(18) "Third party" has the same meaning as provided in section 42-73
107	111		515. 74
108	112		Sec. 3. Subsections (b) and (c) of section 42-529a of the general statutes 75
109	113		are repealed and the following is substituted in lieu thereof (Effective 76
110	114		October 1, 2025): 77
111	115		(b) (1) Subject to the consent requirement established in subdivision 78
112	116		(3) of this subsection, no controller that offers any online service, 79
113	117		product or feature to consumers whom such controller has actual 80
114	118		knowledge, or wilfully disregards, are minors shall [: (A) Process] 81
115	119		process any minor's personal data: [(i) for] (A) For the purposes of [(I)] 82
116	120		(i) targeted advertising, [(II)] (ii) any sale of personal data, or [(III)] (iii) 83
117	121		profiling in furtherance of any fully automated decision made by such 84
118	122		controller that produces any legal or similarly significant effect 85
119	123		concerning the provision or denial by such controller of any financial or 86
120	124		lending services, housing, insurance, education enrollment or 87
121	125		opportunity, criminal justice, employment opportunity, health care 88
122	126		services or access to essential goods or services; [, (ii)] (B) unless such 89
123	127		processing is reasonably necessary to provide such online service, 90
124	128		product or feature; [, (iii)] (C) for any processing purpose [(I)] (i) other 91
125	129		than the processing purpose that the controller disclosed at the time 92
126	130		such controller collected such personal data, or [(II)] (ii) that is 93
127	131		reasonably necessary for, and compatible with, the processing purpose 94
128	132		described in subparagraph [(A)(iii)(I)] (C)(i) of this subdivision; [,] or 95
129	133		[(iv)] (D) for longer than is reasonably necessary to provide such online 96
130	134		service, product or feature. [; or (B) use any system design feature to 97
131	135		significantly increase, sustain or extend any minor's use of such online 98
132	136		service, product or feature.] The provisions of this subdivision shall not 99
133		-	apply to any service or application that is used by and under the 100 Committee Bill No. 5474
	137	+	apply to any service or application that is used by and under the 100
	138	+	Committee Bill No. 5474
134	139
135	140
136		-	LCO 5327 5 of 7
	141	+	LCO No. 5327 5 of 7
137	142
138	143		direction of an educational entity, including, but not limited to, a 101
139	144		learning management system or a student engagement program. 102
140	145		(2) Subject to the consent requirement established in subdivision (3) 103
141	146		of this subsection, no controller that offers an online service, product or 104
142	147		feature to consumers whom such controller has actual knowledge, or 105
143	148		wilfully disregards, are minors shall collect a minor's precise 106
144	149		geolocation data unless: (A) Such precise geolocation data is reasonably 107
145	150		necessary for the controller to provide such online service, product or 108
146	151		feature and, if such data is necessary to provide such online service, 109
147	152		product or feature, such controller may only collect such data for the 110
148	153		time necessary to provide such online service, product or feature; and 111
149	154		(B) the controller provides to the minor a signal indicating that such 112
150	155		controller is collecting such precise geolocation data, which signal shall 113
151	156		be available to such minor for the entire duration of such collection. 114
152	157		(3) No controller shall engage in the activities described in 115
153	158		subdivisions (1) and (2) of this subsection unless the controller obtains 116
154	159		the minor's consent or, if the minor is younger than thirteen years of age, 117
155	160		the consent of such minor's parent or legal guardian. A controller that 118
156	161		complies with the verifiable parental consent requirements established 119
157	162		in the Children's Online Privacy Protection Act of 1998, 15 USC 6501 et 120
158	163		seq., and the regulations, rules, guidance and exemptions adopted 121
159	164		pursuant to said act, as said act and such regulations, rules, guidance 122
160	165		and exemptions may be amended from time to time, shall be deemed to 123
161	166		have satisfied any requirement to obtain parental consent under this 124
162	167		subdivision. 125
163	168		(c) (1) No controller that offers any online service, product or feature 126
164	169		to consumers whom such controller has actual knowledge, or wilfully 127
165	170		disregards, are minors shall: (A) Provide any consent mechanism that is 128
166	171		designed to substantially subvert or impair, or is manipulated with the 129
167	172		effect of substantially subverting or impairing, user autonomy, decision-130
168	173		making or choice; [or] (B) except as provided in subdivision (2) of this 131
169	174		subsection, offer any direct messaging apparatus for use by minors 132
170		-	~~[without providing] unless (i) such controller provides readily 133~~ Committee Bill No. 5474
	175	+	Committee Bill No. 5474
171	176
172	177
173		-	LCO 5327 6 of 7
	178	+	LCO No. 5327 6 of 7
174	179
	180	+	[without providing] unless (i) such controller provides readily 133
175	181		accessible and easy-to-use safeguards to limit the ability of adults to 134
176	182		send unsolicited communications to minors with whom they are not 135
177	183		connected, and (ii) such online service, product or feature includes a 136
178	184		default setting that prevents adults from sending unsolicited 137
179	185		communications to minors with whom they are not connected; or (C) 138
180	186		except as provided in subdivision (3) of this subsection, use any system 139
181	187		design feature to significantly increase, sustain or extend any minor's 140
182	188		use of such online service, product or feature. 141
183	189		(2) The provisions of subparagraph (B) of subdivision (1) of this 142
184	190		subsection shall not apply to services where the predominant or 143
185	191		exclusive function is: (A) Electronic mail; or (B) direct messaging 144
186	192		consisting of text, photos or videos that are sent between devices by 145
187	193		electronic means, where messages are (i) shared between the sender and 146
188	194		the recipient, (ii) only visible to the sender and the recipient, and (iii) not 147
189	195		posted publicly. 148
190	196		(3) The provisions of subparagraph (C) of subdivision (1) of this 149
191	197		subsection shall not apply to any service or application that is used by 150
192	198		and under the direction of an educational entity, including, but not 151
193	199		limited to, a learning management system or a student engagement 152
194	200		program. 153
195	201		Sec. 4. Subsection (e) of section 42-529b of the general statutes is 154
196	202		repealed and the following is substituted in lieu thereof (Effective October 155
197	203		1, 2025): 156
198	204		(e) If any controller conducts a data protection assessment pursuant 157
199	205		to subsection (a) of this section and determines that the online service, 158
200	206		product or feature that is the subject of such assessment poses a 159
201	207		heightened risk of harm to minors, such controller shall establish and 160
202	208		implement a plan to mitigate or eliminate such risk. The Attorney 161
203	209		General may require a controller to disclose to the Attorney General a 162
204	210		plan established and implemented pursuant to this subsection if the 163
205		-	plan is relevant to an investigation conducted by the Attorney General. 164 Committee Bill No. 5474
	211	+	plan is relevant to an investigation conducted by the Attorney General. 164
	212	+	Committee Bill No. 5474
206	213
207	214
208		-	LCO 5327 7 of 7
	215	+	LCO No. 5327 7 of 7
209	216
210	217		This act shall take effect as follows and shall amend the following
211	218		sections:
212	219
213	220		Section 1 October 1, 2025 New section
214	221		Sec. 2 October 1, 2025 42-529
215	222		Sec. 3 October 1, 2025 42-529a(b) and (c)
216	223		Sec. 4 October 1, 2025 42-529b(e)
217	224
218		-	KID Joint Favorable
	225	+	Statement of Purpose:
	226	+	To (1) require the owner of a social media platform to incorporate an
	227	+	online safety center into, and establish a cyberbullying policy for, the
	228	+	owner's social media platform, (2) redefine "heightened risk of harm to
	229	+	minors" to include processing minors' personal data in a manner that
	230	+	presents any reasonably foreseeable risk of harm to minors' physical or
	231	+	mental health, and (3) require the controller of an online service, product
	232	+	or feature that is offered to minors to (A) include a default setting in
	233	+	such service, product or feature to prevent adults from sending
	234	+	unsolicited communications to minors, (B) not use any system design
	235	+	feature to significantly increase, sustain or extend minors' use of such
	236	+	service, product or feature, and (C) disclose to the Attorney General a
	237	+	plan established and implemented to mitigate or eliminate any
	238	+	heightened risk of harm to minors.
	239	+
	240	+	[Proposed deletions are enclosed in brackets. Proposed additions are indicated by underline, except
	241	+	that when the entire text of a bill or resolution or a section of a bill or resolution is new, it is not
	242	+	underlined.]
	243	+
	244	+	Co-Sponsors: REP. KENNEDY, 119th Dist.; REP. MCGEE T., 116th Dist.
	245	+	REP. MARTINEZ, 22nd Dist.
	246	+
	247	+	H.B. 5474
219	248