| 1 | 1 | | 89R15537 BCH-F |
|---|
| 2 | 2 | | By: Holt H.B. No. 4338 |
|---|
| 3 | 3 | | |
|---|
| 4 | 4 | | |
|---|
| 5 | 5 | | |
|---|
| 6 | 6 | | |
|---|
| 7 | 7 | | A BILL TO BE ENTITLED |
|---|
| 8 | 8 | | AN ACT |
|---|
| 9 | 9 | | relating to the use of safety management software for children on |
|---|
| 10 | 10 | | large social media platforms. |
|---|
| 11 | 11 | | BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|---|
| 12 | 12 | | SECTION 1. This Act may be cited as Sammy's Law. |
|---|
| 13 | 13 | | SECTION 2. Chapter 509, Business & Commerce Code, as added |
|---|
| 14 | 14 | | by Chapter 795 (H.B. 18), Acts of the 88th Legislature, Regular |
|---|
| 15 | 15 | | Session, 2023, is amended by adding Subchapter C-1 to read as |
|---|
| 16 | 16 | | follows: |
|---|
| 17 | 17 | | SUBCHAPTER C-1. SAFETY MANAGEMENT SOFTWARE FOR SOCIAL MEDIA |
|---|
| 18 | 18 | | Sec. 509.121. DEFINITIONS. In this subchapter: |
|---|
| 19 | 19 | | (1) "Child" means an individual who is under 17 years |
|---|
| 20 | 20 | | of age. |
|---|
| 21 | 21 | | (2) "Department" means the Department of Information |
|---|
| 22 | 22 | | Resources. |
|---|
| 23 | 23 | | (3) "Large social media platform" means a social media |
|---|
| 24 | 24 | | platform to which Chapter 120 applies. |
|---|
| 25 | 25 | | (4) "Third-party safety software provider" means an |
|---|
| 26 | 26 | | entity that provides software designed to manage online |
|---|
| 27 | 27 | | interactions, content, and account settings for the safety of |
|---|
| 28 | 28 | | children. |
|---|
| 29 | 29 | | (5) "User data" means any information needed to have a |
|---|
| 30 | 30 | | profile on a large social media platform or content on a large |
|---|
| 31 | 31 | | social media platform, including images, video, audio, or text, |
|---|
| 32 | 32 | | that is created by or sent to a child on or through the child's |
|---|
| 33 | 33 | | account with the platform. |
|---|
| 34 | 34 | | Sec. 509.122. REQUIREMENTS FOR LARGE SOCIAL MEDIA |
|---|
| 35 | 35 | | PLATFORMS. (a) A large social media platform shall create, |
|---|
| 36 | 36 | | maintain, and make available to third-party safety software |
|---|
| 37 | 37 | | providers a set of real-time application programming interfaces |
|---|
| 38 | 38 | | that allow a child or a parent or legal guardian of a child to |
|---|
| 39 | 39 | | delegate permission to a third-party safety software provider to |
|---|
| 40 | 40 | | manage the online interactions, content, and account settings of |
|---|
| 41 | 41 | | the child on the large social media platform on the same terms as |
|---|
| 42 | 42 | | the child. |
|---|
| 43 | 43 | | (b) The application programming interfaces must be designed |
|---|
| 44 | 44 | | to allow third-party safety software providers to effectively |
|---|
| 45 | 45 | | manage and monitor a child's online activities and provide |
|---|
| 46 | 46 | | protections against cyberbullying, human trafficking, illegal drug |
|---|
| 47 | 47 | | distribution, sexual harassment, and violence. |
|---|
| 48 | 48 | | (c) A large social media platform shall establish and |
|---|
| 49 | 49 | | implement reasonable policies, practices, and procedures regarding |
|---|
| 50 | 50 | | the secure transfer of user data to third-party safety software |
|---|
| 51 | 51 | | providers. |
|---|
| 52 | 52 | | (d) In the case of a delegation made by a child or a parent |
|---|
| 53 | 53 | | or legal guardian of a child under this section, the large social |
|---|
| 54 | 54 | | media platform shall disclose to the child and the parent or legal |
|---|
| 55 | 55 | | guardian of the child that the delegation has been made and provide |
|---|
| 56 | 56 | | a summary of the user data that has been transferred to the |
|---|
| 57 | 57 | | third-party safety software provider. |
|---|
| 58 | 58 | | Sec. 509.123. IMPLEMENTATION BY DEPARTMENT. The department |
|---|
| 59 | 59 | | shall: |
|---|
| 60 | 60 | | (1) oversee the implementation of this subchapter; |
|---|
| 61 | 61 | | (2) establish guidelines and standards for the |
|---|
| 62 | 62 | | application programming interfaces and ensure compliance by large |
|---|
| 63 | 63 | | social media platforms; |
|---|
| 64 | 64 | | (3) conduct regular audits and assessments to ensure |
|---|
| 65 | 65 | | that large social media platforms are in compliance with the |
|---|
| 66 | 66 | | requirements of this subchapter; and |
|---|
| 67 | 67 | | (4) provide resources and support to parents and legal |
|---|
| 68 | 68 | | guardians using third-party safety software services to effectuate |
|---|
| 69 | 69 | | the protection of children from dangers including cyberbullying, |
|---|
| 70 | 70 | | human trafficking, illegal drug distribution, sexual harassment, |
|---|
| 71 | 71 | | and violence on large social media platforms. |
|---|
| 72 | 72 | | Sec. 509.124. REPORTING REQUIREMENTS. (a) A large social |
|---|
| 73 | 73 | | media platform shall submit an annual report not later than January |
|---|
| 74 | 74 | | 1 to the department detailing the platform's compliance with the |
|---|
| 75 | 75 | | requirements of this subchapter. |
|---|
| 76 | 76 | | (b) The department shall submit an annual summary of all |
|---|
| 77 | 77 | | reports submitted by large social media platforms under this |
|---|
| 78 | 78 | | section not later than February 1 to the governor, the lieutenant |
|---|
| 79 | 79 | | governor, the speaker of the house of representatives, and each |
|---|
| 80 | 80 | | standing committee of the legislature with primary jurisdiction |
|---|
| 81 | 81 | | over large social media platforms highlighting the effectiveness of |
|---|
| 82 | 82 | | this subchapter and any areas needing improvement. |
|---|
| 83 | 83 | | Sec. 509.125. AUTHENTICATION. The department shall: |
|---|
| 84 | 84 | | (1) issue guidance to facilitate the ability of a |
|---|
| 85 | 85 | | third-party safety software provider to obtain user data or access |
|---|
| 86 | 86 | | in a manner that ensures that a request for user data or access on |
|---|
| 87 | 87 | | behalf of a child is a verifiable request; and |
|---|
| 88 | 88 | | (2) issue guidance for large social media platforms |
|---|
| 89 | 89 | | and third-party safety software providers regarding the |
|---|
| 90 | 90 | | maintenance of reasonable safety standards to protect user data. |
|---|
| 91 | 91 | | Sec. 509.126. LIMITATION OF LIABILITY. In any civil action |
|---|
| 92 | 92 | | other than an action brought by the attorney general under |
|---|
| 93 | 93 | | Subchapter D, a large social media platform provider may not be held |
|---|
| 94 | 94 | | liable for damages arising out of the transfer of user data to a |
|---|
| 95 | 95 | | third-party safety software provider if the large social media |
|---|
| 96 | 96 | | platform has in good faith complied with the requirements of this |
|---|
| 97 | 97 | | subchapter and the guidance issued by the department under this |
|---|
| 98 | 98 | | subchapter. |
|---|
| 99 | 99 | | Sec. 509.127. USER DATA DISCLOSURE. A third-party safety |
|---|
| 100 | 100 | | software provider may not disclose any user data obtained under |
|---|
| 101 | 101 | | this subchapter to another person except: |
|---|
| 102 | 102 | | (1) under a lawful request from a governmental body, |
|---|
| 103 | 103 | | including for law enforcement purposes or for judicial or |
|---|
| 104 | 104 | | administrative proceedings; |
|---|
| 105 | 105 | | (2) to the extent that the disclosure is required by |
|---|
| 106 | 106 | | law and the disclosure complies with and is limited to the relevant |
|---|
| 107 | 107 | | requirements of such law; |
|---|
| 108 | 108 | | (3) to the child or a parent or legal guardian of the |
|---|
| 109 | 109 | | child who made a delegation under this subchapter and whose data is |
|---|
| 110 | 110 | | at issue, with the third-party safety software provider making a |
|---|
| 111 | 111 | | good faith effort to ensure that the disclosure includes only the |
|---|
| 112 | 112 | | user data necessary for a reasonable parent or guardian to |
|---|
| 113 | 113 | | understand that the child is experiencing or is at foreseeable risk |
|---|
| 114 | 114 | | to experience harm; |
|---|
| 115 | 115 | | (4) in the case of a reasonably foreseeable serious |
|---|
| 116 | 116 | | and imminent threat to the health or safety of any individual, if |
|---|
| 117 | 117 | | the disclosure is made to a person or persons reasonably able to |
|---|
| 118 | 118 | | prevent or lessen the threat; and |
|---|
| 119 | 119 | | (5) to a public health authority or other appropriate |
|---|
| 120 | 120 | | government authority authorized by law to receive reports of child |
|---|
| 121 | 121 | | abuse or neglect. |
|---|
| 122 | 122 | | Sec. 509.128. DISCLOSURE REPORTING. A third-party safety |
|---|
| 123 | 123 | | software provider that makes a disclosure permitted by this |
|---|
| 124 | 124 | | subchapter shall promptly inform the child with respect to whose |
|---|
| 125 | 125 | | account the delegation was made and the parent or legal guardian |
|---|
| 126 | 126 | | that a disclosure has been or will be made, unless: |
|---|
| 127 | 127 | | (1) the third-party safety software provider, in the |
|---|
| 128 | 128 | | exercise of professional judgment, believes informing the child or |
|---|
| 129 | 129 | | parent or legal guardian would place the child at risk of serious |
|---|
| 130 | 130 | | harm; or |
|---|
| 131 | 131 | | (2) the third-party safety software provider is |
|---|
| 132 | 132 | | prohibited by law from informing the child or parent or legal |
|---|
| 133 | 133 | | guardian. |
|---|
| 134 | 134 | | Sec. 509.129. CONFLICT WITH OTHER LAW. To the extent of any |
|---|
| 135 | 135 | | conflict between this subchapter and another provision of this |
|---|
| 136 | 136 | | chapter, this subchapter controls. |
|---|
| 137 | 137 | | SECTION 3. This Act takes effect September 1, 2025. |
|---|