89R15537 BCH-F
By: Holt H.B. No. 4338
A BILL TO BE ENTITLED
AN ACT
relating to the use of safety management software for children on
large social media platforms.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. This Act may be cited as Sammy's Law.
SECTION 2. Chapter 509, Business & Commerce Code, as added
by Chapter 795 (H.B. 18), Acts of the 88th Legislature, Regular
Session, 2023, is amended by adding Subchapter C-1 to read as
follows:
SUBCHAPTER C-1. SAFETY MANAGEMENT SOFTWARE FOR SOCIAL MEDIA
Sec. 509.121. DEFINITIONS. In this subchapter:
(1) "Child" means an individual who is under 17 years
of age.
(2) "Department" means the Department of Information
Resources.
(3) "Large social media platform" means a social media
platform to which Chapter 120 applies.
(4) "Third-party safety software provider" means an
entity that provides software designed to manage online
interactions, content, and account settings for the safety of
children.
(5) "User data" means any information needed to have a
profile on a large social media platform or content on a large
social media platform, including images, video, audio, or text,
that is created by or sent to a child on or through the child's
account with the platform.
Sec. 509.122. REQUIREMENTS FOR LARGE SOCIAL MEDIA
PLATFORMS. (a) A large social media platform shall create,
maintain, and make available to third-party safety software
providers a set of real-time application programming interfaces
that allow a child or a parent or legal guardian of a child to
delegate permission to a third-party safety software provider to
manage the online interactions, content, and account settings of
the child on the large social media platform on the same terms as
the child.
(b) The application programming interfaces must be designed
to allow third-party safety software providers to effectively
manage and monitor a child's online activities and provide
protections against cyberbullying, human trafficking, illegal drug
distribution, sexual harassment, and violence.
(c) A large social media platform shall establish and
implement reasonable policies, practices, and procedures regarding
the secure transfer of user data to third-party safety software
providers.
(d) In the case of a delegation made by a child or a parent
or legal guardian of a child under this section, the large social
media platform shall disclose to the child and the parent or legal
guardian of the child that the delegation has been made and provide
a summary of the user data that has been transferred to the
third-party safety software provider.
Sec. 509.123. IMPLEMENTATION BY DEPARTMENT. The department
shall:
(1) oversee the implementation of this subchapter;
(2) establish guidelines and standards for the
application programming interfaces and ensure compliance by large
social media platforms;
(3) conduct regular audits and assessments to ensure
that large social media platforms are in compliance with the
requirements of this subchapter; and
(4) provide resources and support to parents and legal
guardians using third-party safety software services to effectuate
the protection of children from dangers including cyberbullying,
human trafficking, illegal drug distribution, sexual harassment,
and violence on large social media platforms.
Sec. 509.124. REPORTING REQUIREMENTS. (a) A large social
media platform shall submit an annual report not later than January
1 to the department detailing the platform's compliance with the
requirements of this subchapter.
(b) The department shall submit an annual summary of all
reports submitted by large social media platforms under this
section not later than February 1 to the governor, the lieutenant
governor, the speaker of the house of representatives, and each
standing committee of the legislature with primary jurisdiction
over large social media platforms highlighting the effectiveness of
this subchapter and any areas needing improvement.
Sec. 509.125. AUTHENTICATION. The department shall:
(1) issue guidance to facilitate the ability of a
third-party safety software provider to obtain user data or access
in a manner that ensures that a request for user data or access on
behalf of a child is a verifiable request; and
(2) issue guidance for large social media platforms
and third-party safety software providers regarding the
maintenance of reasonable safety standards to protect user data.
Sec. 509.126. LIMITATION OF LIABILITY. In any civil action
other than an action brought by the attorney general under
Subchapter D, a large social media platform provider may not be held
liable for damages arising out of the transfer of user data to a
third-party safety software provider if the large social media
platform has in good faith complied with the requirements of this
subchapter and the guidance issued by the department under this
subchapter.
Sec. 509.127. USER DATA DISCLOSURE. A third-party safety
software provider may not disclose any user data obtained under
this subchapter to another person except:
(1) under a lawful request from a governmental body,
including for law enforcement purposes or for judicial or
administrative proceedings;
(2) to the extent that the disclosure is required by
law and the disclosure complies with and is limited to the relevant
requirements of such law;
(3) to the child or a parent or legal guardian of the
child who made a delegation under this subchapter and whose data is
at issue, with the third-party safety software provider making a
good faith effort to ensure that the disclosure includes only the
user data necessary for a reasonable parent or guardian to
understand that the child is experiencing or is at foreseeable risk
to experience harm;
(4) in the case of a reasonably foreseeable serious
and imminent threat to the health or safety of any individual, if
the disclosure is made to a person or persons reasonably able to
prevent or lessen the threat; and
(5) to a public health authority or other appropriate
government authority authorized by law to receive reports of child
abuse or neglect.
Sec. 509.128. DISCLOSURE REPORTING. A third-party safety
software provider that makes a disclosure permitted by this
subchapter shall promptly inform the child with respect to whose
account the delegation was made and the parent or legal guardian
that a disclosure has been or will be made, unless:
(1) the third-party safety software provider, in the
exercise of professional judgment, believes informing the child or
parent or legal guardian would place the child at risk of serious
harm; or
(2) the third-party safety software provider is
prohibited by law from informing the child or parent or legal
guardian.
Sec. 509.129. CONFLICT WITH OTHER LAW. To the extent of any
conflict between this subchapter and another provision of this
chapter, this subchapter controls.
SECTION 3. This Act takes effect September 1, 2025.