88R20495 MLH-F
By: Slawson, Patterson, González of El Paso, H.B. No. 18
Burrows, Darby, et al.
Substitute the following for H.B. No. 18:
By: Lozano C.S.H.B. No. 18
A BILL TO BE ENTITLED
AN ACT
relating to the protection of minors from harmful, deceptive, or
unfair trade practices in connection with the use of certain
digital services.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. This Act may be cited as the Securing Children
Online through Parental Empowerment (SCOPE) Act.
SECTION 2. Subtitle A, Title 11, Business & Commerce Code,
is amended by adding Chapter 509 to read as follows:
CHAPTER 509. USE OF DIGITAL SERVICES BY MINORS
SUBCHAPTER A. GENERAL PROVISIONS
Sec. 509.001. DEFINITIONS. In this chapter:
(1) "Digital service" means a website, an application,
a program, or software that performs collection or processing
functions with Internet connectivity.
(2) "Digital service provider" means a person who owns
or operates a digital service.
(3) "Known minor" means a minor under circumstances
where a digital service provider has actual knowledge of, or
wilfully disregards, a minor's age.
(4) "Minor" means a child who is younger than 18 years
of age.
(5) "Verified parent" means a person who has
registered with a digital service provider as the parent or
guardian of a known minor under Section 509.052.
Sec. 509.002. APPLICABILITY. This chapter does not apply
to:
(1) a state agency or a political subdivision of this
state;
(2) a financial institution or data subject to Title
V, Gramm-Leach-Bliley Act (15 U.S.C. Section 6801 et seq.);
(3) a covered entity or business associate governed by
the privacy, security, and breach notification rules issued by the
United States Department of Health and Human Services, 45 C.F.R.
Parts 160 and 164, established under the Health Insurance
Portability and Accountability Act of 1996 (42 U.S.C. Section 1320d
et seq.), and the Health Information Technology for Economic and
Clinical Health Act (Division A, Title XIII, and Division B, Title
IV, Pub. L. No. 111-5);
(4) a small business as defined by the United States
Small Business Administration on September 1, 2024; or
(5) an institution of higher education.
SUBCHAPTER B. DIGITAL SERVICE PROVIDER DUTIES AND PROHIBITIONS
Sec. 509.051. PROHIBITION ON AGREEMENTS WITH KNOWN MINORS;
EXEMPTIONS. (a) Except as provided by this section, a digital
service provider may not enter into an agreement with a known minor.
(b) For purposes of this section, an agreement includes:
(1) a terms of service agreement;
(2) a user agreement; and
(3) the creation of an account for a digital service.
(c) A digital service provider may enter into an agreement
with a known minor if the known minor's parent or guardian consents
in a verifiable manner that:
(1) is specific, informed, and unambiguous; and
(2) occurs in the absence of any financial or other
incentive.
(d) For purposes of this section, the following are
acceptable methods a digital service provider may use to obtain
consent:
(1) providing a form for the known minor's parent or
guardian to sign and return to the digital service provider by
common carrier, facsimile, or electronic scan;
(2) providing a toll-free telephone number for the
known minor's parent or guardian to call to consent;
(3) coordinating a call with a known minor's parent or
guardian over videoconferencing technology;
(4) collecting information related to the known
minor's parent's or guardian's government-issued identification and
deleting that information after confirming the identity of the
parent or guardian;
(5) allowing the known minor's parent or guardian to
provide consent by responding to an e-mail and taking additional
steps to verify the parent's or guardian's identity; and
(6) obtaining consent from a person registered with
the digital service provider as the known minor's verified parent
under Section 509.052.
(e) An agreement under this section must include a method by
which a known minor's parent or guardian can register with the
digital service provider as the minor's verified parent under
Section 509.052.
(f) Before obtaining consent from a known minor's parent or
guardian, a digital service provider must give the parent or
guardian the ability to permanently enable settings to:
(1) enable the highest privacy setting offered by the
digital service provider;
(2) prevent the digital service provider from
collecting any data associated with the minor that is not necessary
to provide the digital service;
(3) prevent the digital service provider from
processing any data associated with the minor in a manner that is
not related to the purpose for which the data was collected;
(4) prevent the digital service provider from sharing,
disclosing, or transferring data associated with the minor in
exchange for monetary or other valuable consideration;
(5) prevent collection of geolocation data by the
digital service provider;
(6) disable targeted advertising for the minor; or
(7) prevent the minor from making purchases or
financial transactions.
(g) If a minor's parent or guardian, including a verified
parent, gives consent or performs another function of a parent or
guardian under this chapter, the digital service provider:
(1) is considered to have actual knowledge that the
minor is less than 18 years of age; and
(2) must treat the minor as a known minor.
Sec. 509.052. REGISTRATION AS VERIFIED PARENT. (a) A
digital service provider shall provide a process for a known
minor's parent or guardian to register with the digital service
provider as the known minor's verified parent.
(b) The registration process under this section must
require a known minor's parent or guardian to confirm the parent's
or guardian's identity using a method acceptable for obtaining
consent under Sections 509.051(d)(1)-(5).
(c) A person registered with a digital service provider as a
known minor's verified parent may give consent or perform other
functions of a known minor's parent or guardian under this chapter
relating to a digital service provider with whom the verified
parent is registered without confirming the verified parent's
identity under Sections 509.051(d)(1)-(5).
Sec. 509.053. DIGITAL SERVICE PROVIDER DUTY TO PREVENT
HARM. (a) A digital service provider shall exercise reasonable
care to prevent physical, emotional, and developmental harm to a
known minor in relation to the minor's use of the digital service,
including:
(1) self harm, suicide, eating disorders, and other
similar behaviors;
(2) substance abuse and patterns of use that indicate
addiction;
(3) bullying and harassment;
(4) sexual exploitation, including enticement,
grooming, trafficking, abuse, and child pornography;
(5) advertisements for products or services that are
unlawful for a minor, including illegal drugs, tobacco, gambling,
pornography, and alcohol; and
(6) predatory, unfair, or deceptive marketing
practices.
(b) A digital service provider shall exercise reasonable
care to ensure that a known minor is not exposed to a type of harm
described by Subsection (a) in relation to the minor's use of the
digital service.
Sec. 509.054. ACCESS TO DATA ASSOCIATED WITH KNOWN MINOR.
(a) A known minor's parent or guardian may submit a request to a
digital service provider to access any data on the digital service
associated with the minor.
(b) A digital service provider shall establish and make
available a simple and easily accessible method by which a known
minor's parent or guardian may make a request for access under this
section.
(c) The method established under Subsection (b) must:
(1) allow a known minor's parent or guardian to access:
(A) all data in the digital service provider's
possession associated with the known minor, organized by:
(i) type of data; and
(ii) purpose for which the digital service
provider processed each type of data;
(B) the name of each third party to which the
digital service provider disclosed the data, if applicable;
(C) each source other than the minor from which
the digital service provider obtained data associated with the
known minor;
(D) the length of time for which the digital
service provider will retain the data associated with the known
minor;
(E) any index or score assigned to the minor as a
result of the data, including whether the digital service provider
created the index or score and, if not, who created the index or
score;
(F) the manner in which the digital service
provider uses an index or score under Paragraph (E);
(G) a method by which the known minor's parent or
guardian may:
(i) dispute the accuracy of any data
collected or processed by the digital service provider; and
(ii) request that the digital service
provider correct any data collected or processed by the digital
service provider; and
(H) a method by which the known minor's parent or
guardian may request that the digital service provider delete any
data associated with the known minor collected or processed by the
digital service provider; and
(2) require a known minor's parent or guardian to
confirm the parent's or guardian's identity using a method
acceptable under Sections 509.051(d)(1)-(5).
(d) A verified parent is not required to confirm the
verified parent's identity under Subsection (c)(2) when making a
request under this section to the digital service provider with
whom the verified parent is registered.
(e) If a digital service provider receives a request under
Subsection (c)(1)(G), the digital service provider shall, not later
than the 45th day after the request is made:
(1) determine whether the relevant data is inaccurate
or incomplete; and
(2) make any corrections necessary.
(f) If a digital service provider receives a request under
Subsection (c)(1)(H), the digital service provider shall delete the
data specified by the request not later than the 45th day after the
request is made.
Sec. 509.055. ADVERTISING AND MARKETING DUTIES. A digital
service provider that allows advertisers to advertise to known
minors on the digital service shall disclose in a clear and
accessible manner at the time the advertisement is displayed:
(1) the name of each product, service, or brand
advertising on the digital service;
(2) the subject matter of each advertisement or
marketing material on the digital service;
(3) if the digital service provider or advertiser
targets advertisements to known minors on the digital service, the
reason why each advertisement has been targeted to a minor;
(4) the way in which data associated with a known
minor's use of the digital service leads to each advertisement
targeted to the minor; and
(5) whether certain media on the digital service are
advertisements.
Sec. 509.056. USE OF ALGORITHMS. A digital service
provider that uses algorithms to automate the suggestion,
promotion, or ranking of information to known minors on the digital
service shall:
(1) ensure that the algorithm does not interfere with
the digital service provider's duties under Section 509.053; and
(2) disclose in the digital service provider's terms
of service, in a clear and accessible manner:
(A) an overview of the manner in which the
digital service uses algorithms to provide information to known
minors; and
(B) an overview of the manner in which those
algorithms use data associated with a known minor.
Sec. 509.057. PROHIBITION ON LIMITING OR DISCONTINUING
DIGITAL SERVICE. A digital service provider may not limit or
discontinue a digital service provided to a known minor due to the
nature of responses made by the known minor's parent or guardian
under Section 509.051(f).
SUBCHAPTER C. ENFORCEMENT
Sec. 509.101. DECEPTIVE TRADE PRACTICE. A violation of
this chapter is a false, misleading, or deceptive act or practice as
defined by Section 17.46(b). In addition to any remedy under this
chapter, a remedy under Subchapter E, Chapter 17, is also available
for a violation of this chapter.
SECTION 3. If any provision of this Act or its application
to any person or circumstance is held invalid, the invalidity does
not affect other provisions or applications of this Act that can be
given effect without the invalid provision or application, and to
this end the provisions of this Act are declared to be severable.
SECTION 4. This Act takes effect September 1, 2024.